755 Nessus Jobs - Page 4

Join our Team About this opportunity: We are now looking for a Senior Security Engineer professional for our Managed Security team. This job role has accountability for researching, designing, engineering, implementing, and supporting security solutions in partnership with the respective stakeholders within Ericsson and / or customer organization and / or 3rd Party Providers. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured. What you will do: Design, implement, manage, monitor, and troubleshoot cybersecurity defenses, including configuration management, network security, systems security, and monitoring systems / tools. Participate in planning and audit scope development as well as project execution as a critical team member on complex technology related assessments. Play an active role in the design and execution of infrastructure initiatives to ensure an evolving adherence to industry best practices for information security. Lead the execution of the assessment of specific technical areas of a project, supervising other team members and providing coaching where needed. Perform Security Incident Management, including but not limited to: supporting SIEM tools, integrating logs into the tool, creating and modifying rules, investigating and resolving alerts, automating tasks. Research new and emerging threats to gain insight into the evolving threat landscape, and share knowledge with the team. Promote new ideas and new ways of executing projects and internal infrastructure enhancements. Innovate and automate repetitive activities and corrective actions, including broader automation initiatives. Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for compliance Responds to information security incidents, including investigation of countermeasures to and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement The skills you bring: Strong knowledge of information security Strong knowledge of SIEM tools (such as McAfee ESM, QRadar, ArcSight, Splunk, etc.), scanning tools (Nessus, Qualys, IBM AppScan, etc.) and PAM tools (BeyondTrust, CyberArk, etc.) Strong knowledge of both Linux-based and MS Windows-based system platforms with a strong technical understanding and aptitude for analytical problem-solving Strong understanding of enterprise, network, system and application level security issues Strong understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks along with available security controls (technical & process controls) for respective layers Good understanding of the system hardening processes, tools, guidelines and benchmarks Fundamental understanding of encryption technologies Participate in the out-of-hours on call rotation, providing technical support to the business for incidents Strong knowledge sharing and collaboration skills Deliver results and meet customer expectations Excellent communication skills; English is a must Key Qualifications: Education: BE/ B.Tech (Telecommunication/ Computer Science) Minimum years of relevant experience: 8 to 15 years experience with at least 8 years in IT and 7 years in Security ITIL certification, CCSP, OSCP, Security +, CISSP or similar will be an advantage Basic knowledge of telecommunications networks will be an added advantage Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Bangalore Req ID: 769624

Description Why Join DAZN? Joining DAZN in Hyderabad means being part of a cutting-edge sports streaming company in a vibrant tech hub. You’ll work alongside passionate, talented professionals on innovative projects that reach millions of fans worldwide. Hyderabad offers a dynamic work environment with a great balance of career growth and lifestyle. If you’re excited about shaping the future of live and on-demand sports entertainment, DAZN Hyderabad is the perfect place to make your mark and grow your career. The Role: Join DAZN's Security Operations team as a Security Operations Analyst and help protect the world's leading global sports streaming platform. You'll be part of a dynamic team responsible for detecting, investigating, and responding to security threats across our diverse technology stack, from cloud infrastructure to broadcasting systems that deliver live sports to millions of fans worldwide. Key Responsibilities Threat Detection & Response Configure, maintain, and monitor security alerts and escalations from various tools including Microsoft Sentinel SIEM, Defender for Endpoint, WIZ, AWS WAFv2, Tenable, and other security platforms Lead and drive incident response activities from initial detection through remediation to prevention Conduct thorough incident root cause analysis and recommend actionable steps to prevent future occurrences Triage and investigate security alerts, determining true positives from false positives Threat Intelligence & Analysis Monitor and analyze global threat intelligence trends with potential impact on DAZN's business operations Get hands-on with threat feeds and real-time attack data, with particular focus on threats targeting broadcasting and streaming environments Configure new detection rules and alerts based on emerging threats, hunt results, or lessons learned from incident analysis. Security Operations Enhancement Identify, develop, and implement new processes and procedures to strengthen our security operations program Contribute to the development of custom automation tools to enhance monitoring and response capabilities Collaborate with the team to continuously improve security monitoring across our cloud and on-prem environments. Stakeholder Support Respond to internal security-related questions and requests from teams across DAZN Provide security and privacy expertise to support multiple business units and technical teams Participate in security awareness initiatives and help educate colleagues on security best practices. Skills, Knowledge & Expertise Essential Requirements Strong passion for cybersecurity, particularly threat detection and response Experience handling complex security incidents and conducting investigations Knowledge across multiple cybersecurity domains (network security, identity security, endpoint protection, cloud security, etc.) Familiarity with SIEM platforms (Microsoft Sentinel experience preferred) Understanding of security tools such as EDR, CASB, CSPM solutions Ability to work independently with minimal guidance while managing multiple tasks within set timeframes Strong analytical and problem-solving skills with attention to detail. Experience with Microsoft 365 E5 security stack and Azure security services Knowledge of AWS security services and cloud security best practices Familiarity with vulnerability management tools (Tenable, Nessus, Qualys) Experience with security automation and scripting Understanding of streaming/broadcasting technology security considerations Relevant security certifications (Security+, CySA+, GCIH, etc.) About DAZN At DAZN, we bring ambition to life. We are innovators, game-changers and pioneers. So, if you want to push boundaries and make an impact, DAZN is the place to be. As part of our team, you'll have the opportunity to make your mark and the power to make change happen. We're doing things no-one has done before, giving fans and customers access to sport anytime, anywhere. We're using world-class technology to transform sports and revolutionise the industry and we're not going to stop. DAZN VALUES – THE ‘HOW’ IN WHAT WE DO: Agility and creativity fuel growth and innovation, to Make It Happen. Prioritising what matters drives progress and positive outcomes, Focusing On Impact. Collective ambition builds optimism and success, in order to Win As One. At DAZN, we are committed to fostering an inclusive environment that values equality and diversity, where everyone can contribute and have their voices heard. This means hiring and developing talent across all races, ethnicities, religions, age groups, sexual orientations, gender identities and abilities. Everyone has the opportunity to make change and impact our DEI journey by joining our ERGs: Proud@DAZN, Women@DAZN, Disability@DAZN and ParentZone. If you’d like to include a cover letter with your application, please feel free to. Please do not feel you need to apply with a photo or disclose any other information that is not related to your professional experience. Our aim is to make our hiring processes as accessible for everyone as possible, including providing adjustments for interviews where we can. We look forward to hearing from you.

Job Summary: We are seeking a highly experienced “Senior VAPT & Penetration Testing Specialist” to lead and ensure the quality and effectiveness of our vulnerability assessment and penetration testing operations. This role involves findings, validating findings, reviewing technical reports, ensuring compliance with standards (OWASP, PTES, NIST, etc.), and improving methodologies and tools. Key Responsibilities: Conduct in-depth vulnerability assessments and penetration tests on web, mobile, network, API, and cloud infrastructure using manual and automation. Utilize industry-standard tools like SQLMap, Burp Suite, Nessus, Nmap, and custom scripts for advanced exploitation techniques. Simulate various cyber-attacks including DDoS, Brute Force, XSS, SQL Injection, DNS attacks, and Social Engineering to identify system vulnerabilities. Perform peer reviews of technical deliverables and verify accuracy of findings and recommendations. Ensure that all assessments are aligned with industry standards such as OWASP, PTES, MITRE ATT&CK, and NIST. Act as a technical lead and mentor for junior VAPT team and QA team members. Identify gaps in the current testing methodologies and implement process improvements. Prepare detailed documentation and the VA report and ensure clear, actionable, and risk-rated reporting. Collaborate with clients and internal teams to understand scope and provide post-assessment clarifications. Present the client meeting for the future VAPT assignments. Stay updated with emerging threats, tools, techniques, and frameworks. Required Skills & Qualifications: Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field. 3 to 5 years of hands-on experience in VAPT and penetration testing. In-depth knowledge of web, network, mobile, cloud, and API security. Strong understanding of secure coding practices and vulnerability management. Expertise in tools like Burp Suite, Nmap, Nessus, Metasploit, Qualys, Kali Linux, Wireshark, etc. Familiarity with SIEM, IDS/IPS, EDR tools is a plus. Excellent report writing and documentation skills. Strong communication and overseas client-interaction skills. Preferred Certifications: OSCP (Offensive Security Certified Professional) – Highly preferred CEH (Certified Ethical Hacker) CREST / GPEN / GWAPT / CISSP – Optional but desirable ISO 27001 Lead Auditor or Lead Implementer – Added advantage

We are seeking an experienced Cyber Security Tester to support our client’s security testing initiatives. You will be responsible for identifying vulnerabilities, assessing risks, and performing thorough security assessments on web/mobile applications, APIs, and infrastructure. This is a contract/project-based role , open to freelancers or vendor companies with proven expertise in security testing. Responsibilities: Conduct Web and Mobile Application Penetration Testing Perform Infrastructure Security Assessments Test and analyze APIs for vulnerabilities and misconfigurations Ensure compliance with OWASP Top 10 security standards Utilize tools such as Burp Suite, OWASP ZAP, Nessus, Nmap , etc. Deliver detailed technical reports with proof of concept (PoC) and mitigation recommendations Collaborate with client’s technical team to explain findings and remediation steps Ensure data privacy and confidentiality throughout the engagement Required Skills & Experience: 3+ years of hands-on experience in Cyber Security Testing / Penetration Testing Strong understanding of application, network, and API vulnerabilities Familiar with security testing tools: Burp Suite, OWASP ZAP, Nessus, Wireshark, Metasploit , etc. Experience creating clear and actionable vulnerability reports Good communication skills to present findings to non-technical stakeholders Relevant certifications are a plus (e.g., CEH, OSCP, CompTIA Security+ ) Preferred: Prior experience in handling client-facing security testing projects Familiarity with security compliance standards (e.g., ISO 27001, GDPR)

Role Responsibilities : Lead vulnerability assessments and scanning across network devices, systems, applications, and cloud infrastructures. Assess and prioritize vulnerabilities, collaborate on risk mitigation strategies, and recommend remediation actions. Provide expertise and guidance on remediation during security incidents and ensure timely patching. Develop and implement continuous vulnerability monitoring and reporting strategies. Job Requirements : Any graduate with strong knowledge in risk management and network security. Experience with vulnerability scanning tools like Nessus, Qualys, or OpenVAS. Ability to manage and optimize vulnerability management tools and processes. Familiarity with industry standards and regulatory requirements like NIST, CIS, ISO 27001.

Job Information Work Experience 0-0.6 (Associate Cyber Security Analyst) Industry IT Services Job Type Full time Date Opened 07/24/2025 City Ahmedabad State/Province Gujarat Country India Zip/Postal Code 380015 About Us E2logy is a leading software solutions company dedicated to empowering businesses with innovative technology and exceptional service. We combine our expertise in various domains with cutting-edge development practices to deliver high-quality, custom software solutions that cater to your unique needs and goals. Visit our website: https://e2logy.com/ to learn more about our services and expertise. Job Description We are seeking a Fresher Associate Cyber Security Analyst – VAPT who will play a supportive role in helping protect the organization’s cloud infrastructure, web and mobile applications, and internal systems. This entry-level role is ideal for recent graduates passionate about cybersecurity and eager to begin their career in a hands-on, learning-focused environment. You will work under the guidance of senior team members to identify vulnerabilities, support penetration testing activities, and enhance our overall security posture in alignment with global security standards such as ISO/IEC 27001 . Responsibilities: Assist in conducting vulnerability assessments and penetration testing on Web applications,Mobile applications,Cloud-based environments,Internal systems and network infrastructure Support the use of tools like Burp Suite, Nmap, Wireshark, Nessus, OWASP ZAP, etc., under supervision. Document basic findings, potential risks, and help prepare technical reports for internal teams. Work closely with senior analysts, DevOps, and development teams to understand and remediate security weaknesses. Contribute to maintaining and improving the organization’s compliance with ISO/IEC 27001 security guidelines , including proper documentation, risk identification, and implementation of relevant controls. Stay updated with emerging threats, vulnerabilities, and VAPT methodologies aligned with industry standards like OWASP Top 10 , ISO 27001 etc . Help in maintaining compliance with key standards such as OWASP Top 10, ISO 27001, PCI-DSS, etc. Requirements Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. Basic understanding of web application security, network protocols, and common attack vectors. Exposure to or academic use of tools such as Burp Suite, Nmap, Wireshark, or Kali Linux. Familiarity with OWASP Top 10, CVEs, and basic cybersecurity concepts. Strong curiosity, analytical mindset, and attention to detail. Good communication skills and a willingness to learn in a team-oriented environment. Preferred Skills : Basic awareness of secure coding practices or code review. Introductory knowledge of cloud security, SIEM, or IDS/IPS tools. knowledge of ISO/IEC 27001 controls , risk assessment, or compliance practices. Certifications Like CompTIA Security+,Certified Ethical Hacker (CEH),eLearnSecurity Junior Penetration Tester (eJPT),ISO/IEC 27001 Foundation or Practitioner(Not Mandatory) Benefits Competitive compensation and performance-linked incentives. Health insurance and employee wellness benefits. Career development support and learning resources. Opportunity to work with modern cybersecurity tools and frameworks. Work Environment: Collaborative and supportive office setting with Alternative Saturday Working Flexibility to extend working hours during high-priority assessments or audits. Application Process: Please submit your resume, cover letter, and optionally a portfolio of academic or personal projects to careers@e2logy.com

The ideal candidate for the Security Analyst position should have a keen interest in working within a security assessment and application support environment, particularly within the BFSI/Financial Sector. Your primary responsibility will be to ensure compliance with security frameworks such as SWIFT CSCF (Customer Security Controls Framework). In this role, you will be tasked with overseeing the day-to-day SWIFT operations to guarantee uninterrupted message processing. Your expertise in using VAPT tools like Nessus and Metasploit will be essential in providing technical assistance and troubleshooting SWIFT-related issues promptly. You will also be required to monitor SWIFT systems for any abnormalities or performance issues and perform routine maintenance, health checks, and system updates for SWIFT applications. As a Security Analyst, you will play a critical role in managing and resolving SWIFT-related incidents, escalating critical issues as necessary, and conducting root cause analysis to implement preventive measures for recurring problems. Collaborating with cross-functional teams, including infrastructure and security, will be crucial to maintaining SWIFT systems effectively. Additionally, you will assist with system upgrades and integration projects involving SWIFT applications, ensuring incidents, resolutions, and technical procedures are well-documented. Moreover, you will be responsible for preparing and presenting reports on system performance, risks, and service levels, ensuring that SWIFT systems comply with internal and external security protocols, including SWIFT CSP. Coordinating with the security team to safeguard SWIFT infrastructure from threats and providing SWIFT-related support to clients for timely and accurate service delivery will be part of your daily tasks. You will also address escalated client issues and maintain high service levels while monitoring security logs and analyzing security incidents for intrusion detection, anomaly detection, and forensic investigations. Furthermore, your role will involve evaluating SWIFT CSCF compliance and working on the implementation, monitoring, and reporting of SWIFT security controls. Conducting security awareness training for internal teams and assisting in security policy creation and enforcement will be essential aspects of this position. Knowledge of Unix and Windows Server OS platforms, as well as the ability to assess security monitoring of clients, servers, applications, and network infrastructure activities, will be advantageous. In summary, the Security Analyst role requires a candidate with 4-8 years of experience, a Bachelor's degree or equivalent combination of education and work experience, and a degree in a technology field is preferred. If you are looking for a challenging yet rewarding opportunity to contribute to the security and compliance of SWIFT systems within the BFSI/Financial Sector, this position may be the perfect fit for you.,

You are being hired for a Cybersecurity Penetration Testing Senior position by a leading US Accounting and Tax Advisory firm based in Bangalore. Your primary responsibilities will include conducting network penetration testing using tools like Nessus, Nmap, and Metasploit, as well as performing web application testing with advanced utilization of Burp Suite Pro. You should possess a strong understanding of TCP/IP networking and the capability to troubleshoot connectivity issues. Additionally, you will be responsible for assessing the security vulnerabilities of client's web and/or mobile applications and APIs, ensuring test quality, and resolving any issues that may hinder the testing process, especially for large or complex projects. To qualify for this role, you should hold a Bachelor's degree in business administration, cybersecurity, information technology, computer science, or a related field, or have equivalent experience. It is essential to have a minimum of 3 years of experience in TCP/IP networking, attacking endpoints at a network level, and penetration testing. Moreover, you should have at least 3 years of experience in an internal or external cybersecurity position, or similar roles such as threat/penetration testing, ethical hacking, OWASP top 10, or AppScan. Your ability to collaborate effectively and communicate efficiently within a team environment is crucial for this role. Preferred certifications for this position include Offensive Security Certified Professional (OSCP), GPEN: GIAC Certified Penetration Tester, OffSec Web Assessor (OSWA), OffSec Web Expert (OSWE), API Security Certified Professional (ASCP), and Certified API Security Analyst (CASA). A working knowledge of tools like Burp Suite, Nessus, and the Kali Linux environment is highly desirable for this role.,

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Director Job Description & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively. *Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary: We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As a Director, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Responsibilities: Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure. Guide L1 and L2 analysts in analyzing events and response activities. Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments. Ensure compliance with SLAs and contractual requirements, maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures. Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall, web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases. Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC. Mandatory skill sets: Bachelor’s degree (minimum requirement). 12+years of experience in SOC operations. Experience analyzing malicious traffic and building detections. Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NY-DFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases. Preferred skill sets: Strong communication skills, both written and oral. Experience with SMB and large enterprise clients. Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). Strong expertise in multiple SIEM tools and other SOC environment devices. Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Understanding of raw log formats of various security devices. Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Relevant certifications (CEH, CISA, CISM, etc.). Strong work ethic and time management skills. Coachability and dedication to consistent improvement. Ability to mentor and encourage junior teammates. Knowledge of regex and parser creation. Ability to deploy SIEM solutions in customer environments. Years of experience required: 12 + years Education qualification: B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills Accenture Managed Detection and Response (MDR) Ops Security Engineering Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Analytical Thinking, Azure Data Factory, Coaching and Feedback, Communication, Creativity, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Influence, Innovation, Intellectual Curiosity, Learning Agility, Managed Services, Optimism {+ 20 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date

We are hiring a hands-on Penetration Tester to lead and execute end-to-end security assessments across Web, Infrastructure, and Cloud environments. As the technical backbone of our lean and growing VAPT practice, you ll work closely with the Security Lead and directly engage with clients to deliver meaningful, high-impact security outcomes. Key Responsibilities: Perform manual and automated penetration testing across: Web Applications (based on OWASP Top 10) Infrastructure (external/internal IPs, firewall review, patch audits) Cloud Environments (basic Azure/AWS IAM, Storage, Networking) Identify, exploit, and report on vulnerabilities such as SSRF, RCE, IDOR, LFI, and S3 bucket exposures Use tools such as Burp Suite , Nmap , SQLMap , Nikto , Nessus/OpenVAS Write high-quality, detailed technical reports with: Screenshots for PoCs Remediation guidance Risk severity scoring (preferably CVSSv3 ) Collaborate with clients to explain findings and provide actionable recommendations Contribute to toolchain improvements and lightweight automation (Python/Bash preferred)

We are seeking a highly skilled and motivated Senior VAPT Consultant to join our growing cybersecurity team. This foundational role is ideal for someone who is passionate about offensive security and eager to contribute to a lean and agile environment. You’ll play a critical part in leading and executing penetration tests, shaping internal methodologies, and mentoring junior talent. Key Responsibilities Conduct penetration testing on Web Applications, Networks, Infrastructure, and Cloud environments. Perform Vulnerability Assessments (VA) using tools like Nessus, OpenVAS , etc. Utilize industry-standard tools such as Burp Suite, Nmap, Metasploit , etc. Review and write detailed technical reports , outlining findings, risks (CVSS-based or similar), and actionable remediation guidance. Collaborate with clients to explain findings, articulate risks, and suggest mitigation strategies. Lead small-scale security projects or client engagements, ensuring quality and timely delivery. Mentor junior team members and enforce quality standards. Contribute to the development of tools, methodologies, and frameworks within the security practice. Requirements 5–8+ years of professional experience in Information Security, with a strong focus on Vulnerability Assessment and Penetration Testing (VAPT) . In-depth, hands-on experience with: Web App, Network, and Infra Pen Testing Cloud Security Testing (Azure/AWS) Familiarity with risk rating methodologies such as CVSS . Strong communication skills with the ability to interface with clients and present findings clearly. Proven ability to work independently in a fast-paced, startup-like environment. Preferred Certifications (Any of the following): OSCP / OSCE / CRTP / eCPPT CEH (with demonstrable hands-on experience) AZ-500 or AWS Security Specialty (for cloud VAPT experience) Growth Opportunities Foundational leadership role in a growing cybersecurity practice Clear path to grow into Practice Head or Principal Consultant Opportunity to shape tools, frameworks, and methodologies from the ground up Nice to Have Experience contributing to open-source or internal security tooling Familiarity with scripting or automation in Python, Bash, or PowerShell

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Vulnerability Assessment Specialist is a seasoned subject matter expert, responsible for conducting advanced vulnerability assessments, identifying vulnerabilities, and provides expert recommendations to mitigate security risks to ensure the security and integrity of the organization's systems and infrastructure. This role requires collaboration with cross-functional teams, and they lead/perform vulnerability assessments, analyze findings, and provide recommendations to mitigate security risks and contributes to the improvement of vulnerability management practices. Key responsibilities: Conducts vulnerability assessments using automated scanning tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and prioritizes vulnerabilities based on severity, impact, and exploitability. Assesses the potential risks associated with identified vulnerabilities. Analyzes the business impact, likelihood of exploitation, and potential attack vectors to prioritize remediation efforts based on risk severity. Provides detailed remediation recommendations to system owners, administrators, and IT teams. Collaborates to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Utilizes vulnerability scanning tools such as Nessus, OpenVAS, Qualys, or similar tools to conduct scans, configure scan policies, and fine-tune scan parameters for accurate and comprehensive assessments. Prepares vulnerability assessment reports, documenting assessment findings, risk analysis, and recommended actions. Communicates assessment results to stakeholders, including technical and non-technical audiences, in a clear and concise manner. Collaborates with cross-functional teams, including IT operations, development teams, and security stakeholders, to ensure effective communication, coordination, and alignment on vulnerability management efforts. Communicates technical concepts and recommendations to non-technical stakeholders. Participates in security awareness programs and provides training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene. Promotes a culture of security awareness within the organization. Collaborates with incident response teams to identify and address vulnerabilities associated with security incidents. Provides support during incident response efforts and contribute to post-incident analysis and remediation. Stays updated with the latest security trends, emerging vulnerabilities, and industry best practices. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Shares knowledge and provides guidance to improve vulnerability management practices. Performs any other related task as required. To thrive in this role, you need to have: Seasoned understanding of vulnerability assessment methodologies, tools, and industry best practices. Seasoned understanding of networking concepts, operating systems, and common software vulnerabilities. Solid proficiency in using vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Seasoned knowledge of risk analysis principles and the ability to assess the business impact of vulnerabilities. Solid knowledge of vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Strong analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend effective remediation actions. Excellent written and verbal communication skills to prepare vulnerability assessment reports and effectively communicate technical information to diverse stakeholders. Excellent collaboration and teamwork skills to work effectively with cross-functional teams and stakeholders. Seasoned familiarity with security frameworks, standards, and regulatory compliance requirements. Academic qualifications and certifications: Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or GIAC Certified Vulnerability Assessor (GCVA) are beneficial. Required experience: Seasoned demonstrated experience in information security or related roles, with a focus on conducting vulnerability assessments and providing remediation recommendations. Seasoned demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, penetration testing, or code review. Workplace type : Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

We are hiring a hands-on Penetration Tester to lead and execute end-to-end security assessments across Web, Infrastructure, and Cloud environments. As the technical backbone of our lean and growing VAPT practice, you’ll work closely with the Security Lead and directly engage with clients to deliver meaningful, high-impact security outcomes. Key Responsibilities: Perform manual and automated penetration testing across: Web Applications (based on OWASP Top 10) Infrastructure (external/internal IPs, firewall review, patch audits) Cloud Environments (basic Azure/AWS – IAM, Storage, Networking) Identify, exploit, and report on vulnerabilities such as SSRF, RCE, IDOR, LFI, and S3 bucket exposures Use tools such as Burp Suite , Nmap , SQLMap , Nikto , Nessus/OpenVAS Write high-quality, detailed technical reports with: Screenshots for PoCs Remediation guidance Risk severity scoring (preferably CVSSv3 ) Collaborate with clients to explain findings and provide actionable recommendations Contribute to toolchain improvements and lightweight automation (Python/Bash preferred) Requirements 3–6+ years of hands-on experience in at least 2 of the following areas : Web Application Penetration Testing (OWASP Top 10) Infrastructure VAPT (internal/external, firewall, patch validation) Basic Cloud VAPT (AWS or Azure: IAM, Storage, Networking) Proficiency in: Manual testing techniques , fuzzing, and exploitation Burp Suite (Community or Pro) Tools like Nmap, SQLMap, Nikto, Nessus/OpenVAS Strong understanding of common vulnerabilities and exploitation techniques Preferred Certifications CEH , eJPT , OSCP (or strong portfolio/proof of hands-on skill) AZ-500 or AWS Security Specialty (for cloud security exposure) Good to Have Familiarity with scripting for automation (Python, Bash) Exposure to CVSSv3 for vulnerability scoring Experience with Dradis , Excel-based reporting , or similar tools

Key Responsibilities Monitor, identify, and respond to security incidents across systems and networks. Implement and maintain security measures such as firewalls, intrusion detection systems (IDS), and endpoint protection. Conduct regular vulnerability assessments and penetration tests on systems and applications. Collaborate with DevOps and Engineering teams to integrate security best practices into CI/CD pipelines. Manage and review access controls, identity management, and secure configurations. Investigate and remediate security breaches, threats, and anomalies. Stay current with the latest security trends, vulnerabilities, and threat intelligence. Document security processes, policies, incident response plans, and risk assessments. Assist in compliance efforts (e.g., ISO 27001, SOC 2, GDPR) as applicable. Required Skills and Qualifications Bachelor’s degree in Computer Science, Information Security, or related field. Proven experience in system/network/application security. Strong knowledge of cybersecurity frameworks and standards (OWASP, NIST, CIS). Familiarity with tools such as Wireshark, Nessus, Burp Suite, Metasploit, or similar. Hands-on experience with cloud platforms (AWS, Azure, or GCP) and securing cloud infrastructure. Understanding of secure coding practices and code review for security flaws. Scripting knowledge (e.g., Python, Bash, PowerShell) is a plus. Nice to Have Security certifications like CEH, CISSP, OSCP, or CompTIA Security+. Experience in automating security tasks or using SIEM tools. Knowledge of container security (e.g., Docker, Kubernetes). Job Types: Full-time, Permanent Pay: ₹500,000.00 - ₹800,000.00 per year Benefits: Flexible schedule Paid sick time Paid time off Provident Fund Ability to commute/relocate: Gandhinagar, Gujarat: Reliably commute or planning to relocate before starting work (Required) Experience: Security Engineer: 2 years (Required) Work Location: In person

Long Description Our exciting Opportunity We are now looking for a Security Vulnerability Engineer for our security team. This job role is responsible for identifying, researching, prioritizing, remediating, and mitigating vulnerabilities as part of the vulnerability management practice. The professional will work alongside a highly Skilled, diverse team, making Sure that the information assets, that we are responsible to protect, are secured! We believe in trust – we trust each other to do the right things! We believe in taking decisions as close to the product and technical expertise as possible. We believe in Creativity – trying new things and learning from our mistakes. We believe in Sharing our insights and helping one another to build an even better user plane. We truly believe in happiness, we enjoy and feel passionate about what we do And value each other’s technical competence deeply. You will Daily operations and maintenance of vulnerability scanning tools and Supporting infrastructure Register the assets in the scanning tool and perform scanning as per the agreed schedule. Perform Vulnerability Management, including but not limited to: Supporting scan tools, executing vulnerability scans, performing analysis, recommending / tracking mitigations Periodic validation of assets through Central depository. Register assets in scanning tool and perform periodic scans. Perform, review and analyze security vulnerability data & CIS Hardening data to identify applicability and false positives, recommend corrective actions for mitigation Publish report as per the defined schedule on identified security vulnerabilities & CIS Hardening as well the Control gaps identified during security Control review. Overall responsible for governance and tracking of Vulnerability Remediation action Plan Maintain risk register for exploitable Vulnerability & discuss remediation with stakeholders Act on after hours (on-Call Support) for IT security incidents as required Analyze results of Web application assessment and provide executive reports with recommendations for mitigation. Perform, review and analyze security vulnerability data to identify applicability and false positives, recommend corrective actions for mitigation publish report as per the defined schedule on identified security vulnerabilities as well the Control gaps identified during security Control review. Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and Support teams. Assist in metrics development and reporting. Devise methods to automate testing activities and Streamline testing processes Provide oral briefings to leadership and technical Staff, as necessary. Support and run vulnerability management scans of the customer systems (using tools like Tenable nessus, qualys, etc.) Plan and handshake Vulnerability schedule with customer & stakeholders. You must have Solid understanding of security controls (e.g. Access Control, auditing, authentication, encryption, integrity, physical security, and application security). Working knowledge of scanning tools (nessus, qualys, netsparker, Fortify, etc.) Strong understanding of enterprise, network, system and application level security issues Understanding of enterprise Computing environments, distributed applications, and a Strong understanding of TCP/IP networks also with available security Control (technical & process Control) for respective layers Experience writing technical reports and executive summaries. The ability to provide Support after normal business hours The ability to work constructively under pressure Ability to work both in a team as well as individually Participate in the out-of-hours on Call rotation, providing technical Support to the business for major and critical incidents Knowledge Sharing and Collaboration skills Deliver results and meet customer expectations Excellent communication skills; English is a must Key qualifications: Bachelor's Degree (B.E./B.tech) in Computer science or related field. Experience: 8-10 years What’s in it for you? Here at Ericsson, our Culture is built on over a Century of courageous decisions. With us, you will no longer be dreaming of what the future holds – you will be redefining it. You won’t develop for the status quo, but will build what replaces it. Joining us is a way To move your Career in any direction you want; with hundreds of Career opportunities in locations all over the world, in a place where Co-Creation and Collaboration are embedded into the walls. You will find yourself in a Speak-up environment where empathy and humanness Serve as cornerstones for how we work, and where work-life Balance is a priority. Welcome to an inclusive, global Company where your opportunity to make an impact is endless. What happens once you apply? To prepare yourself for next steps, please explore here: https://www.ericsson.Com/en/careers/job-opportunities/hiring-process Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. We are committed to providing reasonable accommodations to all individuals participating in the application and interview process. If you need assistance or to request an accommodation due to a disability please reach out to Contact us We are proud to announce Ericsson India is ranked 19th among all 50 countries and is once again officially Great Place to Work Certified™ in 2024. Every year, more than 10,000 organizations from over 60 countries partner with the Great Place to Work® Institute for assessment, benchmarking and planning actions to strengthen their workplace culture and this Certification acknowledges our employees value their employee experience and our workplace culture. Primary country and city: India (IN) || Noida Req ID: 770317

Our exciting Opportunity We are now looking for a Security Vulnerability Analyst professional for our security team. This job role is responsible for identifying, researching, prioritizing, remediating, and mitigating vulnerabilities as part of the vulnerability management practice. The professional will work alongside a highly Skilled, diverse team, making Sure that the information assets, that we are responsible to protect, are secured! We believe in trust – we trust each other to do the right things! We believe in taking decisions as close to the product and technical expertise as possible. We believe in Creativity – trying new things and learning from our mistakes. We believe in Sharing our insights and helping one another to build an even better user plane. We truly believe in happiness, we enjoy and feel passionate about what we do and value each other’s technical competence deeply. You will Daily operations and maintenance of vulnerability scanning tools and Supporting infrastructure Register the assets in the scanning tool and perform scanning as per the agreed schedule. Perform Vulnerability Management, including but not limited to: Supporting scan tools, executing vulnerability scans, CIS Hardening, performing analysis, recommending / tracking mitigations Monitor ticket / email queue for Vulnerability & Pen test request. Monitor email / Web based reporting of vulnerabilities from outside reporters. Responsible for Completion status and reporting Vulnerability assessment scan. Periodic validation of assets through Central depository. Perform, review and analyze security vulnerability data to identify applicability and false positives, recommend corrective actions for mitigation Publish report as per the defined schedule on identified security vulnerabilities as well the Control gaps identified during security Control review. Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and Support teams. Overall responsible for governance and tracking of Vulnerability Remediation action Plan Plan and handshake Vulnerability schedule with customer & stakeholders. Assist in metrics development and reporting. You must have Solid understanding of security controls (e.g. Access Control, auditing, authentication, encryption, integrity, physical security, and application security). Working knowledge of scanning tools (nessus, qualys, netsparker, Fortify, etc.) Strong understanding of enterprise, network, system and application level security issues understanding of enterprise Computing environments, distributed applications, and a Strong understanding of TCP/IP networks also with available security Control (technical & process Control) for respective layers The ability to provide Support after normal business hours The ability to work constructively under pressure Ability to work both in a team as well as individually participate in the out-of-hours on Call rotation, providing technical Support to the business for major and critical incidents Knowledge Sharing and Collaboration skills Deliver results and meet customer expectations excellent communication skills; English is a must Key qualifications: Bachelor's Degree (B.E./B.tech) in Computer science or related field. Experience: 5 years What’s in it for you? Here at Ericsson, our Culture is built on over a Century of courageous decisions. With us, you will no longer be dreaming of what the future holds – you will be redefining it. You won’t develop for the status quo, but will build what replaces it. Joining us is a Way to move your Career in any direction you want; with hundreds of Career opportunities in locations all over the world, in a place where Co-Creation and Collaboration are embedded into the walls. You will find yourself in a Speak-up environment where empathy and humanness Serve as cornerstones for how we work, and where work-life balance is a priority. Welcome to an inclusive, global Company where your opportunity to make an impact is endless. What happens once you apply? To prepare yourself for next steps, please explore here: https://www.ericsson.Com/en/careers/job-opportunities/hiring-process Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. We are committed to providing reasonable accommodations to all individuals participating in the application and interview process. If you need assistance or to request an accommodation due to a disability please reach out to Contact us We are proud to announce Ericsson India is ranked 19th among all 50 countries and is once again officially Great Place to Work Certified™ in 2024. Every year, more than 10,000 organizations from over 60 countries partner with the Great Place to Work® Institute for assessment, benchmarking and planning actions to strengthen their workplace culture and this Certification acknowledges our employees value their employee experience and our workplace culture. Primary country and city: India (IN) || Noida Req ID: 770318

Information Protection Senior Analyst - HIH - Evernorth Job Description Summary The Information Protection Senior Analyst - Penetration Testing, is responsible for conducting vulnerability assessments, threat modeling, penetration tests of Cigna’s IT infrastructure and applications. This role will work closely with the Information Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cigna’s systems, using both manual and automated methods. About Cigna Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don’t just care about your well–being, we care about your career health too. That’s why, when you work with us, you can count on a different kind of career – you’ll make a difference, learn a ton, and share in changing the way people think about healthcare. Responsibilities Execute internal and external penetration tests against corporate web applications, APIs, networks, infrastructure and operating systems in order to discover vulnerabilities. Execute mobile application penetration tests for both Android and iOS based devices. Execute penetration tests in cloud-hosted environments. Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation, and communicate risk findings with development and infrastructure teams. Develop scripts, tools, or methodologies to enhance Cigna’s penetration testing processes. Work as part of a team to identify risks, communicate to key stakeholders, and provide value to the organization. Skills required Demonstrated ability to work as both an individual contributor and a team player in a fast paced environment. Coordinate with people and teams to forecast activity completion and the ability to work in a team environment, sharing workloads and responsibilities. Knowledge of Windows and *nix-based operating systems. Understanding of core Internet protocols (e.g. TCP, UDP, DNS, HTTP, TLS, IPsec) and the OSI model. Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.). Understanding of Cloud environments such as SaaS, PaaS and IaaS. Basic exploit development and validation skills. Proficiency in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.). Proficiency in network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.) Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET). Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments. Knowledge of networking fundamentals and common attacks. Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell.) Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C). Ability to analyze vulnerabilities and misconfigurations, appropriately characterize threats, and provide remediation recommendations. Qualifications High School diploma; Bachelor's degree preferred. 3-5 years or more of penetration testing experience. Passionate about security and finding new ways to break into systems, as well as defend them. Strong analytical and problem solving skills, with the ability to “think outside the box”. Ability to work in a flexible environment where requirements and procedures continuously evolve. Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences. About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Information Protection Lead Analyst - HIH - Evernorth Job Description Summary: Provides counsel and advice to top management on significant Information Protection matters, often requiring coordination between organizations. Viewed as an expert in a specific aspect of information security. Undertakes complex projects requiring additional specialized technical knowledge. Makes well-thought-out decisions on complex or ambiguous information security issues. Provides architectural oversight and direction for enterprise-wide security technology. Ensures high-level integration of application development with information security policies and strategies. Stays up-to-date on the direction of emerging industry standards. Identifies, evaluates, conducts, schedules and leads technical analyses functions to ensure all applicable IS security requirements are met. Provides technical analysis of requirements necessary for the protection of all information processed, stored, or transmitted by systems. Coordinates with users to determine requirements. Conducts security reviews of external service providers and outsourcing vendors and systems reviews to ensure appropriate security implementation. Focuses on providing thought leadership and technical expertise across multiple disciplines. Recognized internally as “the go-to person” for the most complex Information Protection assignments. Job Description: Position Summary: The Information Protection Lead Analyst - Penetration Testing is responsible for conducting vulnerability assessments, threat modeling, penetration tests, and red team campaigns of Cigna’s IT infrastructure and applications. This role will work closely with the Information Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cigna’s systems using both manual and automated methods. As a member of the Cyber Security Incident Response Team, this role will provide second and third level incident response services to the global Cigna enterprise to address Cyber Security threats to the enterprise. Daily activities will include analysis of logs, memory and disc artifacts and the use of a variety of commercial and open source security tools to respond to and triage threats in global enterprise. This role will focus on Threat Hunting and Incident Response capabilities within Cloud Service Provider environments. About Cigna: Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don’t just care about your well –being, we care about your career health too. That’s why when you work with us, you can count on a different kind of career – you’ll make a difference, learn a ton and share in changing the way people think about healthcare. Responsibilities : Lead and execute internal and external penetration tests against corporate web applications, APIs, networks, Windows and Unix variants to discover vulnerabilities Lead and execute mobile application penetration tests for both Android and iOS based devices Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation Develop scripts, tools or methodologies to enhance Cigna’s penetration testing processes Experience in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.) Experience with network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.) Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET) Strong experience in manual and automated techniques for penetration testing and executing vulnerability assessments Knowledge of Windows and *nix-based operating systems Knowledge of networking fundamentals and common attacks Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell) Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C) Exploit development and validation skills Ability to analyze vulnerabilities, appropriately characterize threats, and provide remediation recommendations Understanding of core Internet protocols (e.g. DNS, HTTP, TCP, UDP, TLS, IPsec) Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.) Demonstrated ability to coordinate people and lead teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities Qualifications: High School diploma; Bachelor's degree preferred 5-8 years or more of penetration testing experience One or more professional certifications such as OSCP, OSCE, GWAPT, GSEC, GPEN, GXPN Passionate about security and finding new ways to break into systems as well as defend them Strong analytical and problem solving skills with the ability to “think outside the box” Ability to work in a flexible environment where requirements and procedures continuously evolve Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Information Protection Analyst, Penetration Testing Job Description Summary The Information Protection Senior Analyst - Penetration Testing, is responsible for conducting vulnerability assessments, threat modeling, penetration tests of Cigna’s IT infrastructure and applications. This role will work closely with the Information Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cigna’s systems, using both manual and automated methods. About Cigna Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don’t just care about your well–being, we care about your career health too. That’s why, when you work with us, you can count on a different kind of career – you’ll make a difference, learn a ton, and share in changing the way people think about healthcare. Responsibilities Execute internal and external penetration tests against corporate web applications, APIs, networks, infrastructure and operating systems in order to discover vulnerabilities. Execute mobile application penetration tests for both Android and iOS based devices. Execute penetration tests in cloud-hosted environments. Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation, and communicate risk findings with development and infrastructure teams. Develop scripts, tools, or methodologies to enhance Cigna’s penetration testing processes. Work as part of a team to identify risks, communicate to key stakeholders, and provide value to the organization. Skills required Demonstrated ability to work as both an individual contributor and a team player in a fast paced environment. Coordinate with people and teams to forecast activity completion and the ability to work in a team environment, sharing workloads and responsibilities. Knowledge of Windows and *nix-based operating systems. Understanding of core Internet protocols (e.g. TCP, UDP, DNS, HTTP, TLS, IPsec) and the OSI model. Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.). Understanding of Cloud environments such as SaaS, PaaS and IaaS. Basic exploit development and validation skills. Proficiency in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.). Proficiency in network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.) Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET). Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments. Knowledge of networking fundamentals and common attacks. Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell.) Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C). Ability to analyze vulnerabilities and misconfigurations, appropriately characterize threats, and provide remediation recommendations. Qualifications High School diploma; Bachelor's degree preferred. 1-3 years of penetration testing experience. Passionate about security and finding new ways to break into systems, as well as defend them. Strong analytical and problem solving skills, with the ability to “think outside the box”. Ability to work in a flexible environment where requirements and procedures continuously evolve. Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences. About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

We are seeking a versatile and experienced Cybersecurity Professional to join our team as a Threat Hunter and VAPT Analyst . In this dual-capacity role, you will proactively identify and mitigate emerging cyber threats, perform in-depth vulnerability assessments, and help protect critical infrastructure and data assets. This role requires a blend of advanced technical expertise , analytical mindset , and strong collaboration with SOC and incident response teams. Key Responsibilities Threat Hunting Proactively hunt for undetected threats across networks, systems, and endpoints using behavioral analysis and threat intelligence . Identify Tactics, Techniques, and Procedures (TTPs) and anomalies to detect potential threats or APT activities. Leverage threat intelligence feeds and the MITRE ATT&CK framework to build and validate detection use cases. Collaborate with SOC teams to enhance detection rules and reduce false positives. Conduct forensic investigations and perform root cause analysis on incidents and suspicious behaviors. Develop custom scripts and queries (Python, PowerShell, Bash) for automating hunting activities in EDR, SIEM, and XDR platforms. Document and share threat hunting reports , IOCs , and actionable recommendations with relevant stakeholders. Vulnerability Assessment & Penetration Testing (VAPT) Conduct vulnerability assessments and penetration tests on systems, applications, networks, and APIs. Analyze vulnerabilities, assess risks, and deliver detailed, actionable reports to technical teams. Use a combination of automated tools (e.g., Nessus , Burp Suite , Nmap , Metasploit ) and manual techniques to identify security flaws. Ensure all assessments adhere to internal policies and regulatory standards . Perform periodic and ad-hoc security assessments for web applications , databases , wireless , and cloud environments . Collaborate with IT teams to validate remediations through re-testing and follow-ups . Stay current on emerging vulnerabilities , exploit techniques , and threat actor tactics . Qualifications & Skills Bachelor’s degree in computer science, Information Security , or a related discipline. 5+ years of experience in a cybersecurity role with hands-on work in threat hunting and VAPT . Strong expertise in VAPT tools and methodologies: Nessus, Burp Suite, Nmap, Metasploit, OWASP Top 10 . Experience with SIEMs , EDR platforms , and threat intelligence tools . Working knowledge of the MITRE ATT&CK framework . Proficient in scripting languages such as Python, PowerShell, or Bash . Excellent analytical , investigative , and report-writing skills. Strong communication and stakeholder engagement abilities. Preferred Certifications OSCP – Offensive Security Certified Professional CEH – Certified Ethical Hacker GIAC – GCIH, GPEN, GWAPT

Key Responsibilities Monitor, identify, and respond to security incidents across systems and networks. Implement and maintain security measures such as firewalls, intrusion detection systems (IDS), and endpoint protection. Conduct regular vulnerability assessments and penetration tests on systems and applications. Collaborate with DevOps and Engineering teams to integrate security best practices into CI/CD pipelines. Manage and review access controls, identity management, and secure configurations. Investigate and remediate security breaches, threats, and anomalies. Stay current with the latest security trends, vulnerabilities, and threat intelligence. Document security processes, policies, incident response plans, and risk assessments. Assist in compliance efforts (e.g., ISO 27001, SOC 2, GDPR) as applicable. Required Skills and Qualifications Bachelor’s degree in Computer Science, Information Security, or related field. Proven experience in system/network/application security. Strong knowledge of cybersecurity frameworks and standards (OWASP, NIST, CIS). Familiarity with tools such as Wireshark, Nessus, Burp Suite, Metasploit, or similar. Hands-on experience with cloud platforms (AWS, Azure, or GCP) and securing cloud infrastructure. Understanding of secure coding practices and code review for security flaws. Scripting knowledge (e.g., Python, Bash, PowerShell) is a plus. Nice to Have Security certifications like CEH, CISSP, OSCP, or CompTIA Security+. Experience in automating security tasks or using SIEM tools. Knowledge of container security (e.g., Docker, Kubernetes). Job Types: Full-time, Permanent Pay: ₹500,000.00 - ₹800,000.00 per year Benefits: Flexible schedule Paid sick time Paid time off Provident Fund Ability to commute/relocate: Gandhinagar, Gujarat: Reliably commute or planning to relocate before starting work (Required) Experience: Security Engineer: 2 years (Required) Work Location: In person

Job Information Date Opened 07/23/2025 Industry Software Development Job Type Full time City Bangalore South State/Province Karnataka Country India Zip/Postal Code 560034 Job Description Job Description As a Security Engineer , you will assist the information security team in protecting organizational data, systems, and networks. You will gain hands-on experience in various cybersecurity practices, including threat analysis, vulnerability assessment, and incident response. This internship is an excellent opportunity for individuals passionate about cybersecurity and looking to gain real-world experience in a dynamic and fast-paced environment. Key Responsibilities: Assist in monitoring and analyzing security alerts and incidents, responding under supervision. Conduct basic VAPT and report findings to the security team. Familiarity with VAPT tools such as Burp Suite, Nessus, nmap, Metasploit, etc. Research and stay updated on the latest cybersecurity threats, tools, and best practices. Collaborate with cross-functional teams to support security audits and compliance initiatives. Document incident response procedures and other critical processes to ensure best practices are maintained. Assist with the deployment and maintenance of security tools and technologies. Preferred Qualifications 1+ Years of experience in Information Security. Relevant coursework or certifications (e.g., CEH, OSCP, CRTP, CompTIA Security+). Familiarity with vulnerability assessment and penetration testing (VAPT) tools. Basic experience with scripting languages (e.g., Python, Bash) for automation tasks. Knowledge of security practices for AI/ML, including model vulnerability and data privacy for LLMs. Experience or participation in bug bounty programs or Capture the Flag (CTF) competitions.

Key Responsibilities: As part of the Infosys delivery team your primary role would be to ensure effective Design Development Validation and Support activities to assure that our clients are satisfied with the high levels of service in the technology domain You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers You would be a key contributor to building efficient programs systems If you think you fit right in to help our clients navigate their next in their digital transformation journey this is the place for you Technical Requirements: Security testing with 3 10 years exp SAST DAST API Network Mobile Security DevSecops Cloud Security Threat Modelling Vulnerability Management Logging Audit GRC Security Operations IAM Skills Required Security Testing Primary skills Application Security Application Security Burpsuite Application Security Devsecops Application Security Ethical Hacking CEH Application Security Nessus Application Security SSL Secure Sockets Layer Application Security Threat Modeling Application Security Vulnerability Assessment Penetration Testing Application Security Vulnerability Management Application Security Web Security Application Security Webservices Security Security testing Vulnerability testing Technology Application Security Vulnerability Management Qualys Mobile Testing Mobile Security Testing Additional Responsibilities: Job Opening is for multiple locations Bangalore Hyderabad Trivandrum Chennai Pune Preferred Skills: Technology->Application Security->Application Risk Profiling, Threat Modeling,Technology->Application Security->Vulnerability Management,Technology->Application Security->Penetration Testing (Black/White/Grey Box Testing),Technology->Infrastructure Security->Secure Web Gateway->TrendMicro Interscan web security Virtual appliance,Technology->Mobile Testing->Mobile Security Testing,Technology->Security Testing->Security Testing - ALL,Technology->Application Security->Mobile Application Security,Technology->Application Security->Ethical Hacking

Qualifications Required . Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Equivalent professional experience is acceptable. Minimum 5+ years of experience in Azure cloud operations, with a demonstrated focus on security and vulnerability management. Proven track record of managing and securing large-scale Azure environments in production. Hands-on experience with vulnerability scanning, remediation, and compliance in enterprise cloud environments. Extensive experience in responding to and managing security incidents and threat mitigation in Azure. Technical Skills Azure Expertise : In-depth knowledge of Azure services, including but not limited to: Azure Security Center Azure Defender Azure Key Vault Azure Policy Azure Sentinel (SIEM) Azure Active Directory (Azure AD) Security and Vulnerability Tools : Proficiency with vulnerability scanning and management tools like Qualys, Tenable Nessus, or Rapid7. Experience with Azure-native security tools for threat detection and remediation. Infrastructure Hardening : Strong knowledge of security best practices for securing virtual machines, storage accounts, AKS, and network components. Familiarity with zero-trust architecture principles and implementation in Azure. Automation & Scripting : Advanced skills in scripting languages such as PowerShell , Azure CLI , Python , or other automation tools to remediate vulnerabilities and improve operational efficiency. Experience in integrating security checks into CI/CD pipelines. Certifications (Preferred or Mandatory) Azure Cloud Certifications: Microsoft Certified: Azure Administrator Associate (AZ-104) Microsoft Certified: Azure Security Engineer Associate (AZ-500) Microsoft Certified: Cybersecurity Architect Expert (SC-100) Security Certifications: Certified Information Systems Security Professional ( CISSP ) Certified Ethical Hacker ( CEH ) CompTIA Security+ GIAC certifications (e.g., GCIH, GSEC, or GCED) Other Requirements Familiarity with regulatory and compliance standards, such as ISO 27001 , SOC 2 , GDPR , or HIPAA . Experience in performing and supporting audits related to cloud security. Proven ability to stay current with evolving cloud and cybersecurity trends.

Our exciting Opportunity We are now looking for a Security Vulnerability Analyst professional for our security team. This job role is responsible for identifying, researching, prioritizing, remediating, and mitigating vulnerabilities as part of the vulnerability management practice. The professional will work alongside a highly Skilled, diverse team, making Sure that the information assets, that we are responsible to protect, are secured! We believe in trust – we trust each other to do the right things! We believe in taking decisions as close to the product and technical expertise as possible. We believe in Creativity – trying new things and learning from our mistakes. We believe in Sharing our insights and helping one another to build an even better user plane. We truly believe in happiness, we enjoy and feel passionate about what we do and value each other’s technical competence deeply. You will Daily operations and maintenance of vulnerability scanning tools and Supporting infrastructure Register the assets in the scanning tool and perform scanning as per the agreed schedule. Perform Vulnerability Management, including but not limited to: Supporting scan tools, executing vulnerability scans, CIS Hardening, performing analysis, recommending / tracking mitigations Monitor ticket / email queue for Vulnerability & Pen test request. Monitor email / Web based reporting of vulnerabilities from outside reporters. Responsible for Completion status and reporting Vulnerability assessment scan. Periodic validation of assets through Central depository. Perform, review and analyze security vulnerability data to identify applicability and false positives, recommend corrective actions for mitigation Publish report as per the defined schedule on identified security vulnerabilities as well the Control gaps identified during security Control review. Manage tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with responsible technology developers and Support teams. Overall responsible for governance and tracking of Vulnerability Remediation action Plan Plan and handshake Vulnerability schedule with customer & stakeholders. Assist in metrics development and reporting. You must have Solid understanding of security controls (e.g. Access Control, auditing, authentication, encryption, integrity, physical security, and application security). Working knowledge of scanning tools (nessus, qualys, netsparker, Fortify, etc.) Strong understanding of enterprise, network, system and application level security issues understanding of enterprise Computing environments, distributed applications, and a Strong understanding of TCP/IP networks also with available security Control (technical & process Control) for respective layers The ability to provide Support after normal business hours The ability to work constructively under pressure Ability to work both in a team as well as individually participate in the out-of-hours on Call rotation, providing technical Support to the business for major and critical incidents Knowledge Sharing and Collaboration skills Deliver results and meet customer expectations excellent communication skills; English is a must Key qualifications: Bachelor's Degree (B.E./B.tech) in Computer science or related field. Experience: 5 years What’s in it for you? Here at Ericsson, our Culture is built on over a Century of courageous decisions. With us, you will no longer be dreaming of what the future holds – you will be redefining it. You won’t develop for the status quo, but will build what replaces it. Joining us is a Way to move your Career in any direction you want; with hundreds of Career opportunities in locations all over the world, in a place where Co-Creation and Collaboration are embedded into the walls. You will find yourself in a Speak-up environment where empathy and humanness Serve as cornerstones for how we work, and where work-life balance is a priority. Welcome to an inclusive, global Company where your opportunity to make an impact is endless. What happens once you apply? To prepare yourself for next steps, please explore here: https://www.ericsson.Com/en/careers/job-opportunities/hiring-process Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. We are committed to providing reasonable accommodations to all individuals participating in the application and interview process. If you need assistance or to request an accommodation due to a disability please reach out to Contact us We are proud to announce Ericsson India is ranked 19th among all 50 countries and is once again officially Great Place to Work Certified™ in 2024. Every year, more than 10,000 organizations from over 60 countries partner with the Great Place to Work® Institute for assessment, benchmarking and planning actions to strengthen their workplace culture and this Certification acknowledges our employees value their employee experience and our workplace culture. Primary country and city: India (IN) || Noida Req ID: 770318