755 Nessus Jobs - Page 3

Profile: Cybersecurity Application Security Consultant - DevSecOps Company: Digital Defense Position Type: Permanent Location: Bhopal, Madhya Pradesh, India Salary: ₹50,000 INR per month About the Role Digital Defense is seeking a highly motivated and skilled Cybersecurity Application Security Consultant with expertise in DevSecOps practices to join our growing team in Bhopal. This is a permanent position where you will play a crucial role in integrating security into every phase of the Software Development Life Cycle (SDLC), from design to deployment and operations. You will work closely with development, operations, and QA teams to ensure our applications are secure by design and by default. Key Responsibilities Security Integration: Integrate security tools and processes into CI/CD pipelines (DevSecOps) to automate security testing, vulnerability scanning, and compliance checks. Application Security Testing: Conduct various application security tests, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Software Composition Analysis (SCA). Vulnerability Management: Identify, analyze, and prioritize security vulnerabilities in applications and provide actionable recommendations for remediation. Security Architecture Review: Participate in the design and architecture reviews of new and existing applications to identify potential security risks and recommend secure design patterns. Threat Modeling: Perform threat modeling exercises to identify potential threats and vulnerabilities early in the development lifecycle. Security Best Practices: Advocate for and implement secure coding guidelines, industry standards (e.g., OWASP Top 10, SANS Top 25), and security best practices within development teams. Security Training & Awareness: Provide guidance and training to development teams on secure coding practices and application security principles. Incident Response Support: Assist in the investigation and resolution of application security incidents. Documentation: Maintain comprehensive documentation of security findings, remediation efforts, and security policies. Required Skills and Qualifications Education: Bachelor's degree or Engineer in Computer Science, Information Technology, Cybersecurity, or a related field. Experience: Proven experience (e.g., 3+ years) in application security, with a strong focus on DevSecOps principles and practices. Development Experience: Practical experience in software development, understanding the full development lifecycle. Technical Proficiency: Strong understanding of web application security vulnerabilities (OWASP Top 10) and secure coding practices. Experience with security testing tools (e.g., Burp Suite, OWASP ZAP, Nessus, SonarQube, Checkmarx, Fortify). Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI/CD, Azure DevOps, GitHub Actions, samgrep, open grep). Proficiency in at least one scripting language (e.g., Python, Bash) for automation. Understanding of cloud security principles (AWS, Azure, GCP) is a plus. Knowledge of containerisation technologies (Docker, Kubernetes) and their security implications. DevSecOps Mindset: A strong understanding of how to embed security into agile and DevOps methodologies. Communication: Excellent written and verbal communication skills, with the ability to explain complex security concepts to technical and non-technical stakeholders. Problem-Solving: Strong analytical and problem-solving skills with a keen eye for detail. Preferred Qualifications Engineering in Computer Science or Cybersecurity Relevant industry certifications, including CEH, OSCP, Offensive Security Web Application certifications. Experience with security frameworks and compliance standards (e.g., ISO 27001, NIST, GDPR). Familiarity with various programming languages (e.g., Java, .NET, Python, Node.js).

Cloud & Compliance Security Specialist (4–6 Years Experience) Job Title: Cloud & Compliance Security Specialist Experience Required: 4–6 Years Location: Noida Job Type: Full-Time Department: Cyber Security Reporting to: Head/CISO Cyber Security. Role Overview: We are seeking a highly experienced and detail-oriented Cloud & Compliance Security Specialist to join our cybersecurity team. The ideal candidate will have a strong background in Governance, Risk, and Compliance (GRC), security technologies, and reporting/documentation. This role demands a strategic thinker with hands-on expertise in securing cloud environments across Various Cloud platforms. Key Responsibilities: 1. Security Technology & Operations – 50% · Design and implement cloud-native security controls and architectures (e.g., IAM, encryption, firewalls, WAFs, SIEM, CSPM, CWPP). · Monitor and respond to cloud security incidents using industry-standard tools and platforms for threat detection and analysis. · Integrate DevSecOps practices into CI/CD pipelines to ensure secure code deployment. · Perform threat modeling, vulnerability assessments, and penetration testing of cloud infrastructure. · Collaborate with DevOps and IT teams to ensure secure configuration and hardening of cloud resources. 2. Governance, Risk & Compliance (GRC) – 35% · Develop, implement, and maintain overall organizational security policies, standards, and procedures including Cloud security aligned with industry frameworks (e.g., ISO 27001, NIST, CIS, CSA). · Conduct risk assessments and cloud security audits to identify gaps and recommend mitigation strategies. · Ensure compliance with regulatory requirements such as DPDP, GDPR, HIPAA, PCI-DSS, and local data protection laws. · Collaborate with internal audit and legal teams to manage third-party risk assessments and vendor security reviews. · Lead security awareness and training programs across the organization. 3. Reporting & Documentation – 15% · Prepare detailed security reports, dashboards, and metrics for executive leadership and stakeholders. · Maintain comprehensive documentation of cloud security architecture, incident response plans, and audit findings. · Track and report on remediation efforts and risk mitigation progress. · Support internal and external audits with accurate and timely documentation. Required Skills & Qualifications: Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. 4–6 years of experience in cybersecurity with at least 4 years in cloud security. Strong knowledge of AWS, Azure, and/or GCP security services. Hands-on experience with security tools: Next Gen Firewalls, SIEM, WAF, CSPM, EDR, etc. Hands-on experience with DevSecOps, container security (Kubernetes, Docker), and Infrastructure as Code (Terraform, CloudFormation). Hands-on experience with various VA/PT tools including open source like OpenVas/OWASP Zap/Veracode/Nessus/Qualys etc. Certifications (Preferred): Cloud Security: CCSP, AWS Security Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer (any one of them) General Security & Compliance: CISA/ISO 27001 Lead Implementer/Auditor (any one of them)

Required Skills & Experience: Hands-on experience in: Web Application Penetration Testing Network Penetration Testing Mobile Application Penetration Testing (Android & iOS) Strong knowledge of: OWASP Top 10 MITRE ATT&CK Other industry-recognized security frameworks Ability to simulate real-world attacks using both manual and automated tools. Experience in identifying, analyzing, and remediating vulnerabilities across diverse platforms. Tools Expertise: Burp Suite Nessus (Professional/Expert) Tenable Web App Scanning Metasploit Nmap Wireshark Additional tools for network and mobile testing as required

Who we want: Dedicated achievers. People who thrive in a fast-paced environment and will stop at nothing to ensure a project is complete and meets regulations and expectations. Curious learners. People who seek out cutting-edge research and information to expand and enhance their ability to be ready for what’s next. Self-directed initiators. People who take ownership of their work and need no prompting to drive productivity, change, and outcome and will stop at nothing to ensure a project is complete and meets regulations and expectations Inspires others. A genuine, relationship-focused leader who connects, collaborates and fosters an inclusive environment of enthusiasm, trust and pride. He/she makes others want to follow, building momentum for action and positively influencing outcomes. Champions talent development. A manager who focuses on maximizing the ability, potential and contributions of themselves and others. Fosters an environment where people can excel through developing, coaching and rewarding performance. What you will do: Manage all facets of Vulnerability Assessment and Penetration testing involving embedded devices, Web and Mobile based Applications. Perform attacks and identify vulnerabilities on interfaces like USB, WiFi. Ethernet etc. Perform manual and automated security code review for complex Desktop, Web and Mobile applications to identify security flaws. Leverage DevSecOps to embed security testing into all phases of SDLC. Provide support/inputs in issue remediation. Prepare Test Plans and Test Reports to support test activities. Minimum Qualifications (Required): Bachelor’s in Software/Electronics Engineering or equivalent degree. 2-5 years of hands-on experience in Vulnernability and Penetration Testing using tools like Kali, Nessus, Burpsuite, Qualys etc. Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby or Python. Understanding of Cloud based environments like Azure and AWS. At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams. Excellent communication and interpersonal skills. Stryker is a global leader in medical technologies and, together with its customers, is driven to make healthcare better. The company offers innovative products and services in MedSurg, Neurotechnology, Orthopaedics and Spine that help improve patient and healthcare outcomes. Alongside its customers around the world, Stryker impacts more than 150 million patients annually.

At Honeywell, we are dedicated to creating a better future and are searching for individuals to join our global team of future shapers. When you become part of Honeywell, you enter a performance-driven culture filled with diverse leaders, innovators, and doers who are reshaping the future. Our team is committed to supporting each other and realizing our vision through various job functions. Innovation is at the core of our businesses as we strive to define the future. The opportunities for growth and recognition on a global scale are endless for those who demonstrate a passion for performance. We are currently looking for a cybersecurity engineer who possesses creativity and forward-thinking skills to develop and enhance cybersecurity solutions that address unique security challenges within critical infrastructure and industrial sectors. This role involves providing on-site cybersecurity services for Honeywell customers in industries such as Oil and Gas, Power Generation, Life Sciences, and more. Responsibilities include consulting, troubleshooting, network design, implementation, assessments, and other relevant tasks. **Key Responsibilities:** - Take the lead in assigned projects, ensuring timely delivery, staying within budget, and achieving customer satisfaction. - Stay updated on cybersecurity solutions and expand knowledge in designated network disciplines. - Maintain relevant cybersecurity certifications such as CCNA, CISSP, GICSP, or similar. - Keep abreast of industry security standards like IEC-62443, ISO 27000. - Establish strong relationships with internal and external customers by providing accurate technical support. - Diagnose issues and offer timely technical solutions in response to customer inquiries. - Handle network configuration, troubleshooting, firewall setup, and other related tasks. - Uphold industrial safety awareness by completing pertinent safety certifications. **Basic Qualifications:** - Bachelor's degree in computer-related fields or equivalent experience. - Cisco Certified Network/Design/Security Professional (at least one certification). - GICSP/CISSP Certified Information Systems Security Professional or similar certification. - 5+ years of experience in Networking, endpoint security, and IT security audits/assessments. - 3+ years of experience in Security Projects. - 2+ years of experience in Cybersecurity Vulnerability or Risk assessment. - Proficiency in Microsoft Active Directory, DNS, WSUS, and Terminal Server. - Experience in vulnerability scanning and assessments using tools like Nessus and NMAP. - Proven experience in designing or deploying projects leveraging virtualization, preferably VMware. - Network Security Experience: Firewalls, ACL, IDS, IPS, SIEM, particularly with Cisco Routers, Switches, or Firewalls. - Experience with antivirus systems, backup & restore solutions, and providing network services on customer sites. - Strong written and oral communication skills. - Willingness to travel 30-65%. **Preferred Qualifications and Experience:** - 3 years experience in Operational Technology (OT). - IEC-62443 Risk Assessment/Design/Maintenance Certification (at least one). - Knowledge of various networking protocols. - Awareness of OT cybersecurity best practices. - Proficiency in preparing design specifications. - Ability to work independently. - Excellent troubleshooting skills for resolving complex network issues. Honeywell is a trusted partner in solving complex challenges in automation, aviation, and energy transition. We offer actionable solutions and innovation through our Aerospace Technologies, Building Automation, Energy and Sustainability Solutions, and Industrial Automation business segments, all powered by our Honeywell Forge software, to create a smarter, safer, and more sustainable world.,

Job Title: Deputy Manager IS Audit Department: Information Systems Audit Location: Mumbai/Hyderabad Interview Date Reference: Candidate qualifications & certifications must be valid as of 30.06.2025 Basic Qualifications (As on 30.06.2025): Educational Qualification: B.E. / B.Tech. in Computer Science / Software Engineering / IT / Electronics or equivalent discipline Minimum 50% aggregate marks Degree must be from a Govt. of India recognized university / institution / board or one approved by a government regulatory body. Professional Certifications: Mandatory: CISA (Certified Information Systems Auditor) from ISACA, USA (Must be valid on the date of interview) Desirable: CEH (Certified Ethical Hacker) from EC-Council, USA Experience (Post-Education) (As on 30.06.2025): Essential: Minimum 4 years of work experience in BFSI / IT / Information Security Consultancy Out of which, 2 years must be in IS Audit / Cyber Security Audit / Information Security Consultancy Note: Training / Teaching experience will not be considered All claimed experience should be supported by employer-issued certificates Desired Technical Skills: Proficiency in Vulnerability Assessment & Penetration Testing (VAPT) tools such as: Nessus, Retina, SAINT, Kali Linux Key Responsibilities: Conduct Information Systems (IS), Cyber Security, and IS Concurrent Audits. Perform IT Outsourced Activities Audit in line with organizational and regulatory standards. Evaluate compliance with internal IS / IT / Cyber Security Policies, RBI & regulatory guidelines, and international best practices. Identify system vulnerabilities and support mitigation actions to enhance the Bank’s security posture. Execute Compliance, Migration, and Special audits as directed. Draft and maintain detailed audit synopsis reports and value statements as per policy and audit guidelines. Liaise with various auditee departments for evidence-based compliance and timely closure of audit observations. Regularly upgrade knowledge and share insights with the IS Audit team to build team capability. Key Result Areas (KRA): Timely and efficient conduct of all assigned Information System Audits. Ensuring prompt follow-ups for compliance reporting. Achieving timely audit report closure in line with internal timelines. Submitting accurate and regular audit status reports to senior management. Contributing to knowledge-sharing, mentoring, and skill development within the IS Audit team. Periodically reviewing and updating audit frameworks and checklists to reflect current regulatory and cyber trends

Job Title: Deputy Manager IS Audit Job Type: Permanent on the payrolls of the company. Department: Information Systems Audit Location: Mumbai/Hyderabad Interview Date Reference: Candidate qualifications & certifications must be valid as of 30.06.2025 Basic Qualifications (As on 30.06.2025): Educational Qualification: B.E. / B.Tech. in Computer Science / Software Engineering / IT / Electronics or equivalent discipline Minimum 50% aggregate marks Degree must be from a Govt. of India recognized university / institution / board or one approved by a government regulatory body. Professional Certifications: Mandatory: CISA (Certified Information Systems Auditor) from ISACA, USA (Must be valid on the date of interview) Desirable: CEH (Certified Ethical Hacker) from EC-Council, USA Experience (Post-Education) (As on 30.06.2025): Essential: Minimum 4 years of work experience in BFSI / IT / Information Security Consultancy Out of which, 2 years must be in IS Audit / Cyber Security Audit / Information Security Consultancy Note: Training / Teaching experience will not be considered All claimed experience should be supported by employer-issued certificates Desired Technical Skills: Proficiency in Vulnerability Assessment & Penetration Testing (VAPT) tools such as: Nessus, Retina, SAINT, Kali Linux Key Responsibilities: Conduct Information Systems (IS), Cyber Security, and IS Concurrent Audits. Perform IT Outsourced Activities Audit in line with organizational and regulatory standards. Evaluate compliance with internal IS / IT / Cyber Security Policies, RBI & regulatory guidelines, and international best practices. Identify system vulnerabilities and support mitigation actions to enhance the Banks security posture. Execute Compliance, Migration, and Special audits as directed. Draft and maintain detailed audit synopsis reports and value statements as per policy and audit guidelines. Liaise with various auditee departments for evidence-based compliance and timely closure of audit observations. Regularly upgrade knowledge and share insights with the IS Audit team to build team capability. Key Result Areas (KRA): Timely and efficient conduct of all assigned Information System Audits. Ensuring prompt follow-ups for compliance reporting. Achieving timely audit report closure in line with internal timelines. Submitting accurate and regular audit status reports to senior management. Contributing to knowledge-sharing, mentoring, and skill development within the IS Audit team. Periodically reviewing and updating audit frameworks and checklists to reflect current regulatory and cyber trends

About the Team: The Fraud Preventions & LEA management team under Risk Operations manages the LEA queries and resolutions through immediate responses and gathering requisite response from different business units within PayU. The team consists of 8-10 members ranging Execs to Sr.Manager level employees who reports in to Head of Investigations. About the Role: The role requires a person to be well versed with the nodal functions of financial sectors and should be able to handle the LEA (Law Enforcement Agencies) queries and represenatations and enhance internal processes to manage the LEA requirements within timlines and develop cordial relationship with multiple LEA’s/Regulatory(MHA, RBI, CBI, CID, Cyber Crime, Stae Police etc.) across india. Responsibilities: Handling daya to day LEA/regulatory enquiries received by Payu through multiple channels/sources and resolve within the timelines as per regulations. Liaising internally within the PayU India organization for collection of data, documents and factual inputs for providing timely and accurate responses within timelines. Good Knowledge about Cybercrime / Financial frauds with Banks/Cards etc. Exp. in handling RBI and Regulatory enquiries/cases. Handling cases relted to Acquiring and issuing banks. Risk monitoring for merchants and suspicion reporting. Dealing with Cyber Police Officials & Banks over phone call and assisting them as per the requirement as point of contact (case to case basis). Dealing with merchants to fetch the details or reolve disputes received through LEA/Regulatory. Daily case closure and reporting tracker update/upload. Requirements: Graduate with experience in same field is preferred. Experience in handling of Cyber crime and other financial frauds of cards misuses etc. Team player, who is eager to develop/learn and work towards team objectives. What we offer? A positive, get-things-done workplace A dynamic, constantly evolving space (change is par for the course – important you are comfortable with this) An inclusive environment that ensures we listen to a diverse range of voices when making decisions. Ability to learn cutting edge concepts and innovation in an agile start-up environment with a global scale Access to 5000+ training courses accessible anytime/anywhere to support your growth and development (Corporate with top learning partners like Harvard, Coursera, Udacity) About us: At PayU, we are a global fintech investor and our vision is to build a world without financial borders where everyone can prosper. We give people in high growth markets the financial services and products they need to thrive. Our expertise in 18+ high-growth markets enables us to extend the reach of financial services. This drives everything we do, from investing in technology entrepreneurs to offering credit to underserved individuals, to helping merchants buy, sell, and operate online. Being part of Prosus, one of the largest technology investors in the world, gives us the presence and expertise to make a real impact. Find out more at www.payu.com Our Commitment to Building A Diverse and Inclusive Workforce As a global and multi-cultural organization with varied ethnicities thriving across locations, we realize that our responsibility towards fulfilling the D&I commitment is huge. Therefore, we continuously strive to create a diverse, inclusive, and safe environment, for all our people, communities, and customers. Our leaders are committed to create an inclusive work culture which enables transparency, flexibility, and unbiased attention to every PayUneer so they can succeed, irrespective of gender, color, or personal faith. An environment where every person feels they belong, that they are listened to, and where they are empowered to speak up. At PayU we have zero tolerance towards any form of prejudice whether a specific race, ethnicity, or of persons with disabilities, or the LGBTQ communities.

Some careers shine brighter than others If you re looking for a career that will help you stand out, join HSBC, and fulfil your potential Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further HSBC is one of the largest banking and financial services organizations in the world, with operations in 64 countries and territories We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realize their ambitions We are currently seeking an experienced professional to join our team in the role of Senior software Engineer In this role, you will: Develop software solutions by studying information needs, conferring with users and various teams, analyzing systems flow, data usage, and work processes; investigating problem areas; and following the software development lifecycle. Document and demonstrate solutions by developing comprehensive documentation, including flowcharts, layouts, diagrams, charts, code comments, and clear code. Prepare and install solutions by determining and designing system specifications, standards, and programming requirements. Requirements Candidate with strong hands-on experience in Jenkins, Git, Groovy, Python scripting, Java, and Kubernetes. Hands-on knowledge to build and maintain CI/CD pipelines in Jenkins, with the capability to write integration scripts for various enterprise systems like Cyber, Nessus, Nexus, GIT, Confluence, G3, and RTC. Good analytical and problem-solving skills. Skills in troubleshooting applications deployed in various environments, with a focus on microservices architecture. Experience working in DevOps and Agile models. Should have experience in the end-to-end development process, including CI/CD pipeline implementation, automation testing, and deployment to AWS and on-premises infrastructures. Strong knowledge of cloud services and infrastructure, especially AWS. Knowledge of containerization and orchestration, particularly with Docker and Kubernetes. Familiarity with best practices in version control using Git and managing pull requests, CI/CD triggers, and Jenkins jobs. Ability to resolve pipeline issues by analyzing logs from Jenkins or other associated integrated systems like Cyberflow, Sonatype IQ, ICE API, and ServiceNow APIs. A pragmatic approach to delivering modular and extensible code with a strong emphasis on automation and efficiency. Good exposure to tools and practices related to monitoring and logging (e. g. , Elastic, Splunk, AppDynamics). Exposure to the banking domain is a plus. Knowledge of Cloud/AWS/GCP Sound verbal and written communication skills to interact effectively with global teams. Good interpersonal skills to foster collaboration. Strong stakeholder management abilities. You ll achieve more when you join HSBC wwwhsbccom/careers HSBC is committed to building a culture where all employees are valued, respected and opinions count We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website

Job Information Work Experience 0-0.6 (Associate Cyber Security Analyst) Industry IT Services Job Type Full time Date Opened 07/24/2025 City Ahmedabad State/Province Gujarat Country India Zip/Postal Code 380015 About Us E2logy is a leading software solutions company dedicated to empowering businesses with innovative technology and exceptional service. We combine our expertise in various domains with cutting-edge development practices to deliver high-quality, custom software solutions that cater to your unique needs and goals. Visit our website: https://e2logy.com/ to learn more about our services and expertise. Job Description We are seeking a Fresher Associate Cyber Security Analyst – VAPT who will play a supportive role in helping protect the organization’s cloud infrastructure, web and mobile applications, and internal systems. This entry-level role is ideal for recent graduates passionate about cybersecurity and eager to begin their career in a hands-on, learning-focused environment. You will work under the guidance of senior team members to identify vulnerabilities, support penetration testing activities, and enhance our overall security posture in alignment with global security standards such as ISO/IEC 27001 . Responsibilities: Assist in conducting vulnerability assessments and penetration testing on Web applications,Mobile applications,Cloud-based environments,Internal systems and network infrastructure Support the use of tools like Burp Suite, Nmap, Wireshark, Nessus, OWASP ZAP, etc., under supervision. Document basic findings, potential risks, and help prepare technical reports for internal teams. Work closely with senior analysts, DevOps, and development teams to understand and remediate security weaknesses. Contribute to maintaining and improving the organization’s compliance with ISO/IEC 27001 security guidelines , including proper documentation, risk identification, and implementation of relevant controls. Stay updated with emerging threats, vulnerabilities, and VAPT methodologies aligned with industry standards like OWASP Top 10 , ISO 27001 etc . Help in maintaining compliance with key standards such as OWASP Top 10, ISO 27001, PCI-DSS, etc. Requirements Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. Basic understanding of web application security, network protocols, and common attack vectors. Exposure to or academic use of tools such as Burp Suite, Nmap, Wireshark, or Kali Linux. Familiarity with OWASP Top 10, CVEs, and basic cybersecurity concepts. Strong curiosity, analytical mindset, and attention to detail. Good communication skills and a willingness to learn in a team-oriented environment. Preferred Skills : Basic awareness of secure coding practices or code review. Introductory knowledge of cloud security, SIEM, or IDS/IPS tools. knowledge of ISO/IEC 27001 controls , risk assessment, or compliance practices. Certifications Like CompTIA Security+,Certified Ethical Hacker (CEH),eLearnSecurity Junior Penetration Tester (eJPT),ISO/IEC 27001 Foundation or Practitioner(Not Mandatory) Benefits Competitive compensation and performance-linked incentives. Health insurance and employee wellness benefits. Career development support and learning resources. Opportunity to work with modern cybersecurity tools and frameworks. Work Environment: Collaborative and supportive office setting with Alternative Saturday Working Flexibility to extend working hours during high-priority assessments or audits. Application Process: Please submit your resume, cover letter, and optionally a portfolio of academic or personal projects to careers@e2logy.com

Join our Team About this opportunity: We are now looking for a Senior Security Engineer professional for our Managed Security team. This job role has accountability for researching, designing, engineering, implementing, and supporting security solutions in partnership with the respective stakeholders within Ericsson and / or customer organization and / or 3rd Party Providers. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured. What you will do: Design, implement, manage, monitor, and troubleshoot cybersecurity defenses, including configuration management, network security, systems security, and monitoring systems / tools. Participate in planning and audit scope development as well as project execution as a critical team member on complex technology related assessments. Play an active role in the design and execution of infrastructure initiatives to ensure an evolving adherence to industry best practices for information security. Lead the execution of the assessment of specific technical areas of a project, supervising other team members and providing coaching where needed. Perform Security Incident Management, including but not limited to: supporting SIEM tools, integrating logs into the tool, creating and modifying rules, investigating and resolving alerts, automating tasks. Research new and emerging threats to gain insight into the evolving threat landscape, and share knowledge with the team. Promote new ideas and new ways of executing projects and internal infrastructure enhancements. Innovate and automate repetitive activities and corrective actions, including broader automation initiatives. Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance Responds to information security incidents, including investigation of countermeasures to and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement The skills you bring: Strong knowledge of information security Strong knowledge of SIEM tools (such as McAfee ESM, QRadar, ArcSight, Splunk, etc.), scanning tools (Nessus, Qualys, IBM AppScan, etc.) and PAM tools (BeyondTrust, CyberArk, etc.) Strong knowledge of both Linux-based and MS Windows-based system platforms with a strong technical understanding and aptitude for analytical problem-solving Strong understanding of enterprise, network, system and application level security issues Strong understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks along with available security controls (technical & process controls) for respective layers Good understanding of the system hardening processes, tools, guidelines and benchmarks Fundamental understanding of encryption technologies Participate in the out-of-hours on call rotation, providing technical support to the business for incidents Strong knowledge sharing and collaboration skills Deliver results and meet customer expectations Excellent communication skills; English is a must Key Qualifications: Education: BE/ B.Tech (Telecommunication/ Computer Science) Minimum years of relevant experience: 8 to 15 years experience with at least 8 years in IT and 7 years in Security ITIL certification, CCSP, OSCP, Security +, CISSP or similar will be an advantage Basic knowledge of telecommunications networks will be an added advantage Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Bangalore Req ID: 769624

Atos Group, with an annual revenue of circa € 5 billion is a global leader in data-driven, trusted and sustainable digital transformation. As a next generation digital business with worldwide leading positions in digital, cloud, data, advanced computing and security, it brings deep expertise for all industries in more than 47 countries. By uniting unique high-end technologies across the full digital continuum with 47,000 world-class talents, Eviden expands the possibilities of data and technology, now and for generations to come. Role - Vulnerability Management Services team. Location Mumbai (Onsite) Experience 5 to 8 years Highest Qualification Any Full Time Graduate Job Responsibilities Execute vulnerability scanning and manage VM programs for clientsComplete the projects within budgeted efforts and agreed timelines with high quality deliverables Perform vulnerability scanning using different scanning solutions including SAINT, Nessus, Tenable.io, Tenable.sc, Qualys, etc. Gain good understanding of client network architecture and infrastructure to be scanned Be involved in threat identification, vulnerability identification and control analysis Develop customized reports and dashboards as per client expectations Be proactive in project planning and execution Perform likelihood determination, impact analysis and risk determination Showcase prioritization of risks including solution recommendation and documentation Identify and infer the business risk posed by the weaknesses identified during the assessments Engage with both business and technical teams within and outside the organization from a project scope definition, project execution, project closure perspectives Skills Required 5+ year of experience in Vulnerability Scanning - Expertise in Vulnerability Scanning tools such as Qualys, Tenable, Rapid7, etc. - Experience with understanding and explaining vulnerabilities to stakeholders - Good knowledge of various platforms such as Windows, Linux, Unix, Mac OS, Cisco, Juniper, etc. - Insights on standards such as PCIDSS, CIS Benchmarks, etc. - Flexible in working on challenging activities and creative in problem solving - Good communication and writing skills with ability to talk fluently Let’s grow together.

The healthcare industry is the next great frontier of opportunity for software development, and Health Catalyst is one of the most dynamic and influential companies in this space. We are working on solving national-level healthcare problems, and this is your chance to improve the lives of millions of people, including your family and friends. Health Catalyst is a fast-growing company that values smart, hardworking, and humble individuals. Each product team is a small, mission-critical team focused on developing innovative tools to support Catalyst’s mission to improve healthcare performance, cost, and quality. Job Summary/Responsibilities Participate in the entire development lifecycle, from planning through implementation, security, testing, and deployment, all the way to production. Own the ideal pipeline blueprint that developers will base new applications on Own upgrades, manage systems integrations and guide tool selection. Build tools that help engineers rapidly develop new applications and have confidence that their changes will work flawlessly in production. Learn our stack inside and out, and triage cross-cutting issues in our environment. Experienced in Linux platform and shell scripting. Should be able to troubleshoot and perform installation of opensource toolsets in Linux OS. Familiar with CI/CD tools sets like Bitbucket, Jenkins and release process. Familiar with docker containers and deployment with Kubernetes. Qualification/Education Requirements Bachelor’s degree in Computer Science or equivalent. 3+ years of experience in DevOps Engineering. Public Cloud experience on AWS is a must. Experience with continuous integration platforms such as Jenkins, CodeBuild, Gitlab, etc. AWS certification is plus. Requirements Close involvement with developer communities and open-source web technologies. Strong sense of ownership and passion for engineering great products with stellar user experiences. Good background building fully automated CI/CD pipelines. Good DevOps experience, with significant time spent with web services. Experience working on various AWS services such as EKS, CloudFront, Lambda Functions etc. Experience working with Kubernetes Familiarity with agile methodology. Experience with Security and performance tools would be a plus. Key Competencies/Skills Ability to visualize automation in CI/CD. Hands-on experience on containerization platforms such as Docker, Kubernetes, EKS, ECS etc. Good programming skills with scripting languages such as Python, NodeJS, Shell Ability to learn and adapt to new technology. Good knowledge of Continuous Integration environment (i.e., Test and build systems such as CodeBuild, Jenkins, Maven, Ant) Code Quality performance tools integration with build pipelines. (SonarQube, Nessus, Qualys etc) Experience in Linux system administration Ability to follow documented specifications and plans with minimal supervision. Good verbal and written communication skills Good understanding on software development life cycle (analysis, design, coding, testing etc.,) Good experience writing Infrastructure as a Code (IaaC) – Terraform scripts **Equal Employment Opportunity has been, and will continue to be, a fundamental principle at Health Catalyst, where employment is based upon personal capabilities and qualification without discrimination or harassment on the basis of race, color, national origin, religion, sex, sexual orientation, gender identity, age, disability, citizenship status, marital status, creed, genetic predisposition or carrier status, sexual orientation or any other characteristic protected by law.. Health Catalyst is committed to a work environment where all individuals are treated with respect and dignity.**

At Arctic Wolf, we are redefining the cybersecurity landscape with our global team of Pack members committed to setting new industry standards. Our achievements speak for themselves, from being recognized in prestigious lists like the Forbes Cloud 100, CNBC Disruptor 50, and winning awards like the CRN Products of the Year. We are proud to be named a Leader in the IDC MarketScape for Worldwide Managed Detection and Response Services and to have earned the Customers" Choice distinction from Gartner Peer Insights. Arctic Wolf is not just leading but also shaping the future of security operations. Our mission is straightforward: End Cyber Risk. We are currently seeking a Security Developer to join us in achieving this goal. About The Role As a Security Developer at Arctic Wolf, you will work as a software developer focusing on enhancing the platforms threat, vulnerability, and configuration risk detection capabilities. Your primary objective will be to contribute to making security better for our clients daily. This role involves collaborating with team members, Product Management, Security Services, and other specialists to enhance the coverage and effectiveness of our Manage solution continuously. Your Responsibilities - Collaborate with team members to enhance coverage, efficiency, and deliver customer-facing and internal services. - Engage in the full software development lifecycle. - Develop well-designed, testable, efficient, and secure code for vulnerability and misconfiguration detection in areas such as Classic Endpoint Vulnerability And Config Management, Cloud Config And Posture Management. - Assist operational teams in resolving unexpected results, receiving feedback, and improving detection efficacy. Skills Requirements - Proficiency in at least one backend programming language like Go, Node.js, or Python. - Strong understanding and practical application of secure development practices. - Security-focused mindset with hands-on experience in operational security or security engineering. - Full understanding and use of DevOps methods and practices. - Familiarity with test-driven development (TDD) and robust testing strategies. - Experience with AWS, Docker, Kubernetes, IaC is an asset. Bonus Considerations For - Experience with 3rd Party Vulnerability Management tools, Cloud-based configuration and Security Posture Management tools, open-source vulnerability and pen-testing platforms. - IT Deployment backgrounds leveraging deployment automation tools like Salt or Ansible. Why Arctic Wolf At Arctic Wolf, we nurture a collaborative and inclusive work environment that values diversity of thought, background, and culture. Our commitment to growth and shaping the future of security operations is complemented by our dedication to customer satisfaction, with a vast customer base and global channel partners. We celebrate unique perspectives through our Pack Unity program and believe in corporate responsibility, giving back to the community. All employees at Arctic Wolf receive competitive compensation and benefits packages, including equity, flexible leave policies, training programs, comprehensive private benefits plan, fertility support, and more. Join us in our mission to End Cyber Risk and contribute to a safer digital world.,

Job Description About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Strong understanding of IT security standards and frameworks (OWASP, NIST, CIS) Strong understanding of security risks in networks and application platforms Strong understanding of network security, infrastructure security and application security Strong understanding of OSI, TCP/IP model and network basics Demonstrate technical penetration testing skills on IT infrastructure, web applications, mobile platforms and Red teaming Strong technical skills: Information security, network security, Windows security, UNIX/Linux security, web and mobile application security, Cloud platforms Broad knowledge of security technologies for applications, databases, networks, servers, and desktops Solid technical skills in both information security architecture and penetration testing and ability to assess testing tools and deploy the right ones. Scripting and programming experience is beneficial Ability to perform manual penetration testing Experience in Application Security Testing (Web, Mobile & ERP [SAP]), or related functions Vulnerability Assessment, Penetration testing Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actors Conduct security research on the latest emerging advanced persistent threats (APTs), malware, and other security developments to assist in enterprise security efforts. Apply this security research into assessments. Perform technical writing to communicate the preparation, testing, and recommendation phases for various security tests. Work with stakeholders to remediate system vulnerabilities. Train team members and colleagues on the latest cybersecurity tactics, techniques, and procedures (TTPs) to grow the skill of the firm Understanding of various security technologies including end point security, perimeter security, advanced threat protection, malware defense and security management Expertise in the phases of penetration testing. Familiarity with Kali Linux distribution and the associated penetration testing tools suite. Experience in penetration testing simulations like Hack the Box or Capture the Flag exercises considered a plus. Good Understanding of OWASP top 10 and mitigation techniques Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, Security Misconfiguration, CSRF, authentication/ authorization issues Database testing: MySQL, Oracle, NoSQL Understanding of cyber security management, cyber analytics, security intelligence platforms and threat intelligence frameworks Writing business proposals and response to client RFP/ RFIs Identifying business opportunities and lead delivery and program management for large cyber security programs Delivery team and client relationship management Experience on both commercial, open source tools and frameworks but not limited: Burpsuite, Metasploit, Core-Impact, Kali-Linux, AppScan, WebInspect, SSLScan, Soap UI Pro, SonarQube, Qualys, Nikto, Nessus, nmap, sqlmap, OWASP ZAP Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Qualifications B.Tech, B.E.

We are seeking a technically strong IT person to oversee IT operations, infrastructure, software development, and cybersecurity practices in alignment with ISO/IEC 27001:2022.

Overview We’re looking for a skilled and experienced VAPT Engineer (Level 2/3) with 8+ years of hands-on experience in vulnerability assessment and penetration testing across enterprise environments. In this role, you’ll lead advanced security testing efforts, simulate real-world attack scenarios, and guide remediation strategies to strengthen the organization’s security posture. Total Experience 8+ years of hands-on experience Job Skills Bachelor’s or Master’s in Computer Science, Cybersecurity, or a related field Strong understanding of network protocols, OS internals (Linux/Windows), and cloud platforms (AWS, Azure, or GCP) Hands-on scripting skills in Python, Bash, or PowerShell Experience with DevSecOps practices, CI/CD integration, and container security (Docker/Kubernetes) Solid grasp of secure coding principles, reverse engineering, and exploit development Relevant certifications such as OSCP, CEH, GPEN, LPT, or CISSP are highly preferred Responsibilities Lead penetration testing across web, mobile, cloud, and infrastructure (Black-box, Grey-box, White-box) Perform manual and automated vulnerability assessments using tools like Burp Suite, Nessus, Metasploit, Nmap, and custom scripts Conduct threat modeling and risk assessments for business-critical systems Document findings with clear, actionable remediation plans and deliver comprehensive technical reports Collaborate with DevOps, IT, and Security teams to prioritize and resolve vulnerabilities Mentor junior VAPT engineers and review their assessment reports for quality and accuracy Stay current with emerging threats, zero-day vulnerabilities, and modern attack techniques Ensure testing practices align with industry standards including OWASP, NIST, ISO 27001 Participate in security audits, incident response activities, and red team engagements Apply Now

Job Description RESPONSIBILITIES: Establish security best processes and practices for our mobile, on-premises and cloud-based platforms. Provide expert knowledge and guidance to the product teams about security vulnerabilities and remediation controls. Support and consult with product and development teams in the area of application security, including threat modeling and Application Security reviews. Implement, continuously develop, and maintain secure Software Security Development Lifecycle processes and software maturity model. Perform threat modeling, secure design, and source code review. Conduct security assessments, security testing and validation of vulnerability scan results. Assist teams in reproducing, triaging, and addressing application security vulnerabilities. Incorporate security tools/tasks to automate product development and deployment. Develop, implement, and automate defensive controls, creating and tuning tools and rules to detect and address malicious activity. Responsible for integration of security controls into SDLC. Establish supply chain security process and ensure 3rd party software meet the standards. Facilitate injection, integration, and compliance for Static Application Security Testing (SAST), Container Security Scanning & Open-Source Security Analysis during development phase. Facilitate injection, integration, and compliance for Dynamic Application Security Testing (DAST) Contribute to triaging, addressing security issues and tracking remediation. Own and manage Secure SDLC tooling. Develop and customize security tools used by security teams and developers. Work closely with development teams to build security directly into their SDLCs. Provide remediation guidance to programmers and management. Support bug bounty program Support the preparation of security releases Mentor and train development teams on secure coding standards and techniques. Develop Secure Coding Program. Constantly innovate at the pace of the adversary using latest techniques. EDUCATIONAL REQUIREMENTS: Bachelor’s degree in computer science, Information Systems, or equivalent combination of education and experience Certifications in the field of Information Security (at least one of the following: CISSP, CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, GWEB) Experience Required A minimum of 3 to 5 years of experience. GENERAL KNOWLEDGE, SKILLS & ABILITIES: In-depth knowledge of web and mobile security vulnerabilities, attack vectors and mitigation techniques Experience with multiple programming languages (Java, JavaScript, Go, Python, Ruby, Objective-C, C#, PHP) with hands on level coding experience with at least one scripting and one objected oriented programming language. Fluent with security testing with SAST, SCA, DAST, IAST, Fuzz and penetration testing tools Understanding of application security standards such as OWASP ASVS/Top 10 and CWE 25 Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond). Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP. Knowledge of DevSecOps to maintain security in CI/CD pipeline. Solid experience with security tools like Semgrep, CheckMarx, VeraCode, BurpSuite, Snyk, Nessus Familiar with tools like Git, Jenkins, CircleCI, Maven, Ant, Gradle, Nexus, SonarQube, Artifactory, Chef, Splunk Experience writing custom rules for static analysis tools. Experience with API Security, IaC, Containerization, RASP, IAST Experience with micro services, container deployment and service orchestration Strong knowledge of cryptography, API security, and secret management Ability to clearly and effectively communicate concerns and issues to the management and engineers. Experience with Cloud (AWS, Azure, GCP) Security Experience writing tools to automate tasks and integrate systems using scripting languages like Go, Python and REST APIs. Experience in delivering and educating development groups in Secure Coding Expertise with common vulnerabilities and attack vectors. Experience integrating security tools into developer pipelines. DevOps experience managing deployment and configuration. General Skills Include Strong critical thinking and analytical skills Ability to approach problem solving in a constructive and collaborative way that does not require absolute security. The ability to communicate complicated technical issues and risks to programmers, network engineers and managers. Strong leadership, project, and team-building skills Exceptional communication skills with diverse audiences; the ability to be an application security subject matter expert who can explain relevant topics to general audiences.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills And Attributes For Success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills And Attributes For Success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills And Attributes For Success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

":" Job Description As a Security Engineer , you will assist the information security team in protecting organizational data, systems, and networks. You will gain hands-on experience in various cybersecurity practices, including threat analysis, vulnerability assessment, and incident response. This internship is an excellent opportunity for individuals passionate about cybersecurity and looking to gain real-world experience in a dynamic and fast-paced environment. Key Responsibilities: Assist in monitoring and analyzing security alerts and incidents, responding under supervision. Conduct basic VAPT and report findings to the security team. Familiarity with VAPT tools such as Burp Suite, Nessus, nmap, Metasploit, etc. Research and stay updated on the latest cybersecurity threats, tools, and best practices. Collaborate with cross-functional teams to support security audits and compliance initiatives. Document incident response procedures and other critical processes to ensure best practices are maintained. Assist with the deployment and maintenance of security tools and technologies. Preferred Qualifications 1+ Years of experience in Information Security. Relevant coursework or certifications (e.g., CEH, OSCP, CRTP, CompTIA Security+). Familiarity with vulnerability assessment and penetration testing (VAPT) tools. Basic experience with scripting languages (e.g., Python, Bash) for automation tasks. Knowledge of security practices for AI/ML, including model vulnerability and data privacy for LLMs. Experience or participation in bug bounty programs or Capture the Flag (CTF) competitions.

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems . If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Additional Responsibilities: Job Opening is for multiple locations- Bangalore, Hyderabad, Trivandrum, Chennai, Pune Technical and Professional Requirements: Security testing with 3-10 years exp - SAST/DAST/API, Network, Mobile Security/DevSecops/Cloud Security/Threat Modelling/Vulnerability Management/Logging & Audit/GRC/Security Operations/IAMSkills Required - Security Testing--Primary skills:Application Security,Application Security-Burpsuite,Application Security-Devsecops,Application Security-Ethical Hacking(CEH),Application Security-Nessus,Application Security-SSL(Secure Sockets Layer),Application Security-Threat Modeling,Application Security-Vulnerability Assessment/Penetration Testing,Application Security-Vulnerability Management,Application Security-Web Security,Application Security-Webservices Security,Security testing-Vulnerability testing,Technology-Application Security-Vulnerability Management-Qualys,Mobile Testing-Mobile Security Testing Preferred Skills: Technology-Application Security-Application Risk Profiling Threat Modeling Technology-Application Security-Ethical Hacking Technology-Application Security-Mobile Application Security Technology-Application Security-Penetration Testing (Black/White/Grey Box Testing) Technology-Application Security-Vulnerability Management Technology-Mobile Testing-Mobile Security Testing Technology-Security Testing-Security Testing - ALL Technology-Infrastructure Security-Secure Web Gateway-TrendMicro Interscan web security Virtual appliance

Our exciting Opportunity We are now looking for a Security Vulnerability Analyst professional for our security team. This job role is responsible for identifying, researching, prioritizing, remediating, and mitigating vulnerabilities as part of the vulnerability management practice. The professional will work alongside a highly Skilled, diverse team, making Sure that the information assets, that we are responsible to protect, are secured! We believe in trust we trust each other to do the right things! We believe in taking decisions as close to the product and technical expertise as possible. We believe in Creativity trying new things and learning from our mistakes. We believe in Sharing our insights and helping one another to build an even better user plane. We truly believe in happiness, we enjoy and feel passionate about what we do and value each other s technical competence deeply. You will Daily operations and maintenance of vulnerability scanning tools and Supporting infrastructure Register the assets in the scanning tool and perform scanning as per the agreed schedule. Perform Vulnerability Management, including but not limited to: Supporting scan tools, executing vulnerability scans, CIS Hardening, performing analysis, recommending / tracking mitigations Monitor ticket / email queue for Vulnerability & Pen test request. Monitor email / Web based reporting of vulnerabilities from outside reporters. Responsible for Completion status and reporting Vulnerability assessment scan. Periodic validation of assets through Central depository. Perform, review and analyze security vulnerability data to identify applicability and false positives, recommend corrective actions for mitigation Publish report as per the defined schedule on identified security vulnerabilities as well the Control gaps identified during security Control review. Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and Support teams. Overall responsible for governance and tracking of Vulnerability Remediation action Plan Plan and handshake Vulnerability schedule with customer & stakeholders. Assist in metrics development and reporting. You must have Solid understanding of security controls (e.g. Access Control, auditing, authentication, encryption, integrity, physical security, and application security). Working knowledge of scanning tools (nessus, qualys, netsparker, Fortify, etc.) Strong understanding of enterprise, network, system and application level security issues understanding of enterprise Computing environments, distributed applications, and a Strong understanding of TCP/IP networks also with available security Control (technical & process Control) for respective layers The ability to provide Support after normal business hours The ability to work constructively under pressure Ability to work both in a team as well as individually participate in the out-of-hours on Call rotation, providing technical Support to the business for major and critical incidents Knowledge Sharing and Collaboration skills Deliver results and meet customer expectations excellent communication skills; English is a must Key qualifications: Bachelors Degree (B.E./B.tech) in Computer science or related field. Experience: 5 years What s in it for you? Here at Ericsson, our Culture is built on over a Century of courageous decisions. With us, you will no longer be dreaming of what the future holds you will be redefining it. You won t develop for the status quo, but will build what replaces it. Joining us is a Way to move your Career in any direction you want; with hundreds of Career opportunities in locations all over the world, in a place where Co-Creation and Collaboration are embedded into the walls. You will find yourself in a Speak-up environment where empathy and humanness Serve as cornerstones for how we work, and where work-life balance is a priority. Welcome to an inclusive, global Company where your opportunity to make an impact is endless. What happens once you apply? To prepare yourself for next steps, please explore here: https: / / www.ericsson.Com / en / careers / job-opportunities / hiring-process Why join Ericsson? What happens once you apply? We are committed to providing reasonable accommodations to all individuals participating in the application and interview process. If you need assistance or to request an accommodation due to a disability please reach out to Contact us We are proud to announce Ericsson India is ranked 19th among all 50 countries and is once again officially Great Place to Work Certified in 2024. Every year, more than 10,000 organizations from over 60 countries partner with the Great Place to Work Institute for assessment, benchmarking and planning actions to strengthen their workplace culture and this Certification acknowledges our employees value their employee experience and our workplace culture. Primary country and city: India (IN) || Noida Req ID: 770318

Long Description Our exciting Opportunity We are now looking for a Security Vulnerability Engineer for our security team. This job role is responsible for identifying, researching, prioritizing, remediating, and mitigating vulnerabilities as part of the vulnerability management practice. The professional will work alongside a highly Skilled, diverse team, making Sure that the information assets, that we are responsible to protect, are secured! We believe in trust we trust each other to do the right things! We believe in taking decisions as close to the product and technical expertise as possible. We believe in Creativity trying new things and learning from our mistakes. We believe in Sharing our insights and helping one another to build an even better user plane. We truly believe in happiness, we enjoy and feel passionate about what we do And value each other s technical competence deeply. You will Daily operations and maintenance of vulnerability scanning tools and Supporting infrastructure Register the assets in the scanning tool and perform scanning as per the agreed schedule. Perform Vulnerability Management, including but not limited to: Supporting scan tools, executing vulnerability scans, performing analysis, recommending / tracking mitigations Periodic validation of assets through Central depository. Register assets in scanning tool and perform periodic scans. Perform, review and analyze security vulnerability data & CIS Hardening data to identify applicability and false positives, recommend corrective actions for mitigation Publish report as per the defined schedule on identified security vulnerabilities & CIS Hardening as well the Control gaps identified during security Control review. Overall responsible for governance and tracking of Vulnerability Remediation action Plan Maintain risk register for exploitable Vulnerability & discuss remediation with stakeholders Act on after hours (on-Call Support) for IT security incidents as required Analyze results of Web application assessment and provide executive reports with recommendations for mitigation. Perform, review and analyze security vulnerability data to identify applicability and false positives, recommend corrective actions for mitigation publish report as per the defined schedule on identified security vulnerabilities as well the Control gaps identified during security Control review. Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and Support teams. Assist in metrics development and reporting. Devise methods to automate testing activities and Streamline testing processes Provide oral briefings to leadership and technical Staff, as necessary. Support and run vulnerability management scans of the customer systems (using tools like Tenable nessus, qualys, etc.) Plan and handshake Vulnerability schedule with customer & stakeholders. You must have Solid understanding of security controls (e.g. Access Control, auditing, authentication, encryption, integrity, physical security, and application security). Working knowledge of scanning tools (nessus, qualys, netsparker, Fortify, etc.) Strong understanding of enterprise, network, system and application level security issues Understanding of enterprise Computing environments, distributed applications, and a Strong understanding of TCP/IP networks also with available security Control (technical & process Control) for respective layers Experience writing technical reports and executive summaries. The ability to provide Support after normal business hours The ability to work constructively under pressure Ability to work both in a team as well as individually Participate in the out-of-hours on Call rotation, providing technical Support to the business for major and critical incidents Knowledge Sharing and Collaboration skills Deliver results and meet customer expectations Excellent communication skills; English is a must Key qualifications: Bachelors Degree (B.E./B.tech) in Computer science or related field. Experience: 8-10 years What s in it for you? Here at Ericsson, our Culture is built on over a Century of courageous decisions. With us, you will no longer be dreaming of what the future holds you will be redefining it. You won t develop for the status quo, but will build what replaces it. Joining us is a way To move your Career in any direction you want; with hundreds of Career opportunities in locations all over the world, in a place where Co-Creation and Collaboration are embedded into the walls. You will find yourself in a Speak-up environment where empathy and humanness Serve as cornerstones for how we work, and where work-life Balance is a priority. Welcome to an inclusive, global Company where your opportunity to make an impact is endless. What happens once you apply? To prepare yourself for next steps, please explore here: https: / / www.ericsson.Com / en / careers / job-opportunities / hiring-process Why join Ericsson? What happens once you apply? We are committed to providing reasonable accommodations to all individuals participating in the application and interview process. If you need assistance or to request an accommodation due to a disability please reach out to Contact us We are proud to announce Ericsson India is ranked 19th among all 50 countries and is once again officially Great Place to Work Certified in 2024. Every year, more than 10,000 organizations from over 60 countries partner with the Great Place to Work Institute for assessment, benchmarking and planning actions to strengthen their workplace culture and this Certification acknowledges our employees value their employee experience and our workplace culture. Primary country and city: India (IN) || Noida Req ID: 770317