755 Nessus Jobs - Page 7

Job Title: Network Engineer Location: Hybrid-Hyderabad/Mumbai/Pune/Bengaluru/Chennai About the Job: The Network Engineer role focuses on managing hybrid cloud and on-premises network infrastructures. It requires advanced expertise in AWS VPC, routing protocols, firewalls (Checkpoint and Cisco ASA), Meraki Wi-Fi, Big-IP F5 LTM/APM appliances, and Single Sign-On (SSO) technologies. This role involves coordinating with department teams to build, manage, and optimize both cloud and on-premises network solutions to ensure scalability, security, and high performance. What you will do: AWS Cloud Network Architecture: Design, implement, and manage AWS VPC, including transitive VPC, Transit Gateway, Direct Connect, Virtual Private Gateway (VGW), VPN, IPSec, Security Groups, Network ACLs, and ASM for robust and secure cloud-based networking. Routing Protocols and Network Design: Configure and manage routing protocols such as OSPF, EIGRP, BGP, RIP, PBR (Policy-Based Routing), Route-Filtering, Redistribution, Summarization, and Multicast Routing to ensure optimized data flow within cloud and on-premises networks. Firewall Management: Manage and configure Checkpoint Firewalls for both cloud and on-premises environments, including policy management, traffic filtering, and security auditing. Implement AWS security best practices, including configuring security groups, NACLs, and AWS firewalls to enforce network security. AAA Architecture: Implement and manage AAA (Authentication, Authorization, and Accounting) services using RADIUS and TACACS for secure access control across network devices. Big-IP F5 LTM & APM Management: Configure and manage Big-IP F5 Local Traffic Manager (LTM) and Access Policy Management (APM) cloud edition appliances for load balancing, traffic management, and high availability of cloud-based applications. Network Protocols: Strong expertise in network protocols such as IP, TCP, UDP, ICMP, NAT, DNS, DHCP, SNMP, IPSec, SSL, HTTP, SSH, SIP, RTP, QoS, and AAA for robust network operations. Meraki Wi-Fi Deployment: Deploy and manage Meraki Wi-Fi solutions, configure 802.1x, EAP-PEAP for secure wireless authentication, and manage Meraki MS, MX, and MR devices for network access, security, and monitoring. Single Sign-On (SSO): Strong understanding and hands-on experience with Single Sign-On (SSO) architecture and protocols (e.g., SAML 2.0, OAuth 2.0, OpenID Connect). Implement and manage Okta for SSO integration across enterprise applications, ensuring seamless user authentication and access management. VPN & Secure Connectivity: Manage and optimize site-to-site VPNs and IPSec tunnels to securely connect cloud resources with on-premises infrastructures. Manage Cisco VPN solutions, ensuring reliable, secure connectivity between distributed networks. Network Monitoring & Troubleshooting: Monitor and troubleshoot network performance using AWS CloudWatch, Meraki Dashboard, SolarWinds OpManager and Wireshark to identify and resolve connectivity, performance, and security issues across the hybrid network environment. Network Vulnerability Mitigation: Identify, assess, and mitigate vulnerabilities in both cloud and on-premises networks to ensure security and compliance. Collaborate with security teams for penetration testing, risk assessments, and incident response. Audit/SIEM Solutions: Implement and manage IPS/IDS, Nessus, Anti-virus, and vulnerability management tools to monitor and respond to security incidents. Use SIEM tools for threat analysis, network monitoring, and compliance with security standards. Automation & Infrastructure as Code: Utilize Terraform, AWS CloudFormation, and other Infrastructure as Code (IaC) tools to automate the deployment of cloud and on-premises network resources, ensuring consistency and repeatability. Collaboration and Documentation: Collaborate with cross-functional teams to ensure network scalability, high availability, and disaster recovery. Maintain clear, comprehensive documentation for network configurations, security policies, troubleshooting guides, and architectural designs. Who you are: Education & Experience: Bachelor’s degree in computer science, Network Engineering, or a related field, or equivalent work experience. 5+ years of experience in AWS cloud networking, with a focus on VPC, Transit Gateway, Direct Connect, VGW, VPN configurations, and on-premises network switching and routing (Cisco, Meraki, etc.). Technical Skills: Strong experience with Checkpoint firewalls and Cisco ASA firewalls. Extensive knowledge and hands-on experience with routing protocols such as OSPF, EIGRP, BGP, RIP, and MPLS. In-depth experience with Meraki devices (MX, MS, MR), including Wi-Fi deployments, 802.1x, and EAP-PEAP. Experience with Big-IP F5 LTM/APM cloud edition for load balancing and application traffic management. Expertise in WAN technologies such as Ethernet, MPLS VPN, Frame Relay, T1/T3, and OC standards. Strong proficiency in networking protocols such as TCP/IP, DNS, DHCP, NAT, SNMP, SSL, HTTP, RTP, SIP, and QoS. Hands-on experience with AAA (RADIUS/TACACS) architecture and security protocols. Familiarity with WAN optimization technologies and best practices for optimizing network performance. Proficiency in VPN technologies (site-to-site and remote access) and secure network connectivity. Proficient in network vulnerability mitigation, including vulnerability assessment, patch management, and risk management. Strong experience with penetration testing, risk assessments, and incident response processes to identify and address security weaknesses in both cloud and on-premises environments. Experience with Audit/SIEM solutions (e.g., IPS/IDS, Nessus scanning, Anti-virus, vulnerability management) for real-time network monitoring and threat detection Cisco certifications such as CCNA, CCNP, or equivalent networking certifications are required AWS Certification (e.g., AWS Certified Advanced Networking – Specialty, AWS Certified Solutions Architect – Associate) is highly preferred. Soft Skills: Able to assist non-technical users with technical issues and simplify complex concepts for both technical and non-technical stakeholders. Comfortable handling diverse tasks and adjusting priorities in a dynamic environment. English Languageproficiency is required to effectively communicate in a professional environment. Excellent communication skills are a must. Strong problem-solving skills and a creative mindset to bring fresh ideas to the table. Shoulddemonstrateconfidence and self-assurance in their skills and expertise enabling them to contribute to team success and engage with colleagues and clients in a positive, assured manner. Should be accountable and responsible for deliverables and outcomes. Should demonstrateownership of tasks, meet deadlines, and ensure high-quality results. Demonstrates strong collaboration skills by working effectively with cross-functional teams, sharing insights, and contributing to shared goals and solutions. Continuously explore emerging trends, technologies, and industry best practices to drive innovation and maintain a competitive edge.

Job description Cyber Security Engineer will develop and execute vulnerability and penetration test suites. Automate test suites where possible. Perform vulnerability and threat assessments with help from cybersecurity architects and PSRs. Assess vulnerability patches and identify the impact on the products. Develop common cyber solutions, tools & help integrate with modalities. Representative Tasks: Runs Web application vulnerability software to detect security issues in web applications Analyses output of web application test scans to determine valid security issues. Meets with internal/external customers to analyze outputs from web application scans. Recommends remediation and mitigation strategies of security issues in web applications to customers. Bug bounty program participations Required Knowledge/Understanding: Web Vulnerability/Risk assessment processes OWASP top 10 vulnerabilities Report Writing Manual Testing Tools: Nessus Burp Suite SQL Map Nikto Metasploit Certification: Certified Ethical Hacker (CEH) Note: Candidate's who doesn't have CEH should complete CEH certification within one month if selected. Job Types: Permanent, Full-time Salary: From ₹15,000.00 per month Schedule: Morning shift Job Types: Full-time, Permanent, Fresher Salary: ₹15,000.00 - ₹25,000.00 per month Benefits: Health insurance Provident Fund Job Type: Full-time Pay: ₹15,000.00 - ₹20,000.00 per month Benefits: Health insurance Provident Fund Application Question(s): What is your expected salary? Have you submitted valid bug/ vulnerabilities (including duplicates)in bug bounty programs ? Have you completed CEH, EJPT or any security certifications. Have you ever been attended for security training course. Do you have hands-on experience using tools such as Burp, Nessus, nmap, Zap, or similar? Will you be able to reliably commute to Tambaram, Chennai, Tamil Nadu for this job? Work Location: In person

Job Description Agilent’s Information Security organization is looking for a Vulnerability/Patch Management and Automation lead with a solid technical security background in a global enterprise. This role will be responsible for overseeing and improving Agilent’s existing vulnerability/patch management security program and drive automation initiatives within Agilent's Information Security team.The successful candidate will need good communication skills to ensure patch and vulnerability management requirements are understood and adhered to by stakeholders across a large global enterprise. In addition, the person in this role will need to be able to collect requirements for actions that can be automated, convert them into use cases and create automated processes to improve efficiency. This role is a great development opportunity that will later grow further into advanced application security/penetration testing. Major Duties: Vulnerability and Patch Management - Own and drive Agilent’s vulnerability and patch management programs by reviewing and classifying patches released from OS and applications used across the organization, follow up with system owners and ensure remediation is completed. Automation – Work with current automation tools to mature automation use cases and develop new processes to reduce manual overhead within the Information Security organization Security Consultant – Work with the Agilent business and IT organization to provide general guidelines and policies on various projects Qualifications Qualifications Required: Bachelor in Computer Science, Information Systems, or equivalent experience At least 3 years of directly related experience in Information Security Working experience with vulnerability management systems Excellent communication skills towards a technical and non-technical audience alike Ability to provide a holistic perspective of security and productivity to assist with automation Skills Desired: Familiarity with Qualys and Nessus, 2-3 years preferred Python experience with automation within XSOAR or other automation platforms Ability to work with others in a global environment having a wide variety of styles, performance, culture, etc Additional Details This job has a full time weekly schedule. Our pay ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. During the hiring process, a recruiter can share more about the specific pay range for a preferred location. Pay and benefit information by country are available at: https://careers.agilent.com/locations Agilent Technologies Inc. is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other protected categories under all applicable laws. Travel Required: No Shift: Day Duration: No End Date Job Function: IT

Looking for challenging role? If you really want to make a difference - make it with us Can we energize society and fight climate change at the same time? At Siemens Energy, we can. Our technology is key, but our people make the difference. Brilliant minds innovate. They connect, create, and keep us on track towards changing the world’s energy systems. Their spirit fuels our mission. Our culture is defined by caring, agile, respectful, and accountable individuals. We value excellence of any kind. Sounds like you? Your new role – challenging and future- oriented: Installation and Configuration: Installing and configuring Windows operating systems, software, and services on both physical and virtual servers. System Maintenance: Performing routine maintenance tasks like applying patches, updates, and ensuring data backups. Monitoring and Troubleshooting: Monitoring system performance, identifying and resolving issues promptly. Security: Implementing security measures to safeguard data and prevent unauthorized access. User Management: Managing user accounts, permissions, and access rights. Documentation: Maintaining system configurations, processes, and procedures. Support: Providing technical assistance to end-users for hardware and software-related problems. Compliance: Ensuring compliance with company policies and industry regulations. Network Management: Managing network infrastructure, including LAN, WAN, and data communications. Strategic Planning: Contributing to system architecture, upgrades, and future system needs. We don’t need superheroes, just super minds: At least 3 years’ experience in Windows Server administration. Expert level knowledge of Windows Operation System (client and server) Knowledge of Windows network services (TCP\IP), administrative and operational experience. Strong knowledge of Active Directory Domain Structure. Experience in Virtualization techniques like Hyper-V, VMWare. Backup Concepts knowledge (Windows Backups /Acronis/Veeam backup) Knowledge of Windows-based services (DNS, DHCP, RADIUS, CA, Group Policy Management, etc.) Vulnerability Assessment tools (NESSUS etc.) Understanding of CIS benchmarks for Microsoft Operating systems. Good English communication Skills (written and oral) to interact with Global team and customers. We’ve got quite a lot to offer. How about you? This role is based at Site (Gurgaon). You’ll also get to visit other locations in India and beyond, so you’ll need to go where this journey takes you. In return, you’ll get the chance to work with teams impacting entire cities, countries – and the shape of things to come. We’re Siemens. A collection of over 379,000 minds building the future, one day at a time in over 200 countries. We're dedicated to equality, and we welcome applications that reflect the diversity of the communities we work in. All employment decisions at Siemens are based on qualifications, merit and business need. Bring your curiosity and imagination and help us shape tomorrow.

Job Responsibilities: 5-10 years of experience in vulnerability assessment, penetration testing, or a related field. Strong understanding of vulnerability management concepts, principles, and best practices. Proficiency in using vulnerability assessment tools (e.g., Nessus, Tenable, Qualys). Experience in conducting penetration testing using various methodologies (e.g., black box, gray box, white box). Knowledge of common security threats, vulnerabilities, and attack vectors. Experience with network and system security tools (e.g., firewalls, intrusion detection systems, antivirus). Experience with scripting languages (e.g., Python, PowerShell). Experience with cloud security (e.g., AWS, Azure, GCP). Flexible to work in shifts. Contact Person: Ackshaya Email ID: ackshaya@gojobs.biz

Summary Position Summary Red Team — Senior Consultant 2 – Senior Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes Interacts with clients, managers and partners to build and nurture strong relationships Tailors firm tools and methodologies as per client requirements Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships with their direct client contacts at a minimum at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Advanced communication skills (written and verbal) with experience delivering high-level technical presentations, detailed engagement reports, and executive briefings to stakeholders and leadership teams. Proven ability to design and execute complex red team operations, providing tactical and strategic guidance for enhancing organizational security posture through actionable insights. Comprehensive project management skills, with experience in leading large-scale offensive security engagements from inception to execution, including coordinating cross-functional teams. Expert-level understanding of threat analysis, enterprise-level defense mechanisms, and advanced mitigation strategies, with a focus on bridging offensive techniques with defensive improvements. Hands-on experience in bypassing complex security defenses such as firewalls, EDR, IDS/IPS, SIEM solutions (e.g., Splunk, QRadar, ArcSight), using cutting-edge evasion techniques. Extensive knowledge of cyber kill chains, advanced multi-stage attack scenarios, and the ability to execute sophisticated adversarial campaigns using real-world TTPs. Deep expertise in reverse engineering, malware analysis, and exploiting vulnerabilities to uncover security flaws within complex infrastructures. Strong knowledge of cloud security (AWS, Azure, GCP) and demonstrated ability to conduct adversarial simulations targeting cloud-based environments. Advanced knowledge of operating systems (Windows/Linux) and networking technologies critical to red team operations, with the ability to exploit system misconfigurations and weaknesses. Mastery of adversarial simulation tools like Cobalt Strike, Sliver, Metasploit, Empire, Nessus, nmap, Qualys, and Tenable, with the capability to customize attack vectors. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Proven experience leading red teaming, purple teaming, and Breach Attack Simulations (BAS) at the enterprise level, simulating advanced persistent threats (APTs) to assess security defenses. Expertise in spear-phishing campaigns, HTML smuggling, payload delivery mechanisms, and opsec strategies to evade detection throughout engagements. Deep understanding of advanced attack frameworks like MITRE ATT&CK and SANS Top 25, using them to design tailored attack scenarios specific to client environments. In-depth knowledge of EDR/AV evasion techniques, privilege escalation, lateral movement, and persistence in both on-premise and hybrid cloud infrastructures. Ability to architect, deploy, and optimize custom Red Team/Offensive Security solutions, including managing command and control infrastructure, payload obfuscation, and real-time response actions. Ability to manage cross-functional teams across red, blue, and purple engagements, fostering collaboration and improving overall security resilience through continuous improvement cycles. High-level proficiency in strategic planning, engaging with leadership to define security objectives, risk prioritization, and translating technical findings into business-centric solutions. Strong knowledge of attack surface management and vulnerability management, with experience discovering and analyzing hidden or misconfigured assets, especially shadow IT. Advanced OpSec and tradecraft knowledge, ensuring red team engagements are conducted without exposing tools or tactics to detection, while continuously adapting methods to outpace blue team defenses. As a Senior Solutions Delivery Lead, you will lead the charge in adversarial simulation operations, pushing the boundaries of offensive security capabilities. You will: Architect and lead advanced red team engagements, simulating the tactics, tools, and techniques used by sophisticated threat actors to test client defenses. Conduct multi-phase, coordinated attack campaigns, including phishing simulations, exploitation of vulnerabilities, and covert lateral movement across complex environments. Develop and optimize adversarial simulation tactics, ensuring constant evolution of red team methodologies in response to emerging threats. Provide in-depth reports and post-engagement briefings with a focus on strategic remediation advice that aligns with organizational security goals. Oversee the red team infrastructure, ensuring all tools, C2 systems, and exploit frameworks are continually updated and configured for optimal effectiveness. Lead purple team exercises, working closely with blue teams to collaboratively improve detection, response, and mitigation strategies in real time. Remain at the forefront of offensive security innovations, guiding the team through new techniques, tools, and adversarial simulations to enhance effectiveness. Ensure OpSec best practices are strictly followed to avoid detection during engagements and protect the integrity of the red team toolkit. Collaborate with clients and stakeholders to review attack scenarios, findings, and deliver customized security enhancements tailored to their specific business risks. Preferred: B. E / B.Tech / M.S in any engineering discipline; 7-9 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 306123

Prudent Technologies and Consulting is seeking a Senior Application Security Consultant to join their rapidly expanding Cybersecurity team, dedicated to serving a diverse clientele that includes some of the world's largest organizations. In this role, you will be responsible for leading technical teams in conducting thorough security assessments and engaging in field-related research. We are looking for an experienced offensive consultant with a deep understanding of application security testing methodologies, tools, and reporting procedures across various technologies such as web, mobile, API, AI/LM, cloud, desktop, single sign-on, and OAuth. As a Senior Consultant, your responsibilities will include consulting with both technical and non-technical client stakeholders, collaborating with Sales teams to define project scopes, mentoring junior consultants, and leading projects to ensure adherence to industry best practices. You will be expected to conduct advanced penetration tests on a variety of environments, document vulnerabilities, provide proof-of-concepts, and offer tailored remediation steps. Additionally, you will actively contribute to research and development initiatives aimed at enhancing our Cybersecurity practice. The ideal candidate should possess a minimum of 8 years of hands-on experience in conducting manual penetration testing assessments on desktop applications, mobile applications, web applications, cloud environments, APIs, and AI/LM. Proficiency in utilizing penetration testing tools like Burp Suite, DAST scanners, Metasploit, and Nessus is essential for identifying and exploiting vulnerabilities effectively. Strong written and verbal communication skills are crucial for preparing comprehensive reports, executive summaries, and client presentations. Familiarity with security frameworks such as OWASP and MITRE ATT&CK, along with robust project management and leadership abilities, will be highly valued. Preferred qualifications include a Bachelor's degree in computer science, information security, or a related field, relevant certifications like OSCP and OSWE, proficiency in scripting languages such as Python and Bash, and a background in application development or systems engineering. Candidates with published CVE/CWE contributions, participation in CTF events, and independent research projects will be given preference. If you have a solid foundation in application security testing assessments and are eager to contribute to a dynamic Cybersecurity team, we encourage you to apply. Your direct work experience in this field will enable you to hit the ground running and make meaningful contributions while adhering to Prudent's specific approach and methodology.,

Job Description: As a part of SKYNET SECURE, you will play a crucial role in promoting cyber crime and internet security awareness across all sections of society. Your primary responsibility will involve providing training in Ethical Hacking, IT Security, and Cyber Forensics. Additionally, you will be involved in working on IT Security projects including Vulnerability Assessment and Penetration Testing (VAPT) projects. Your role will require the following skills: - Proficiency in tools such as Metasploit, OWASP top ten attacks, Burpsuite, Kali Linux, Acunetix, Nessus, and Nmap. - Ability to conduct Vulnerability Assessment and Network Penetration Testing. - Hands-on experience in Internal & External, Web App scanning, and Penetration testing (both Manual and Automated). - Strong understanding of Threat Intelligence and familiarity with domain tools. - Effective communication skills in English. - Experience in Application testing, especially with OWASP top 10. This position is based in Mumbai and requires candidates to hold a minimum qualification of Any Graduate. Possessing a CEH or any Equivalent Certification will be considered a bonus. Join us at SKYNET SECURE and contribute to creating a safer cyber environment while enhancing your skills in the field of IT security.,

As a Senior Information Security Engineer, you will be responsible for leading vulnerability assessments and policy compliance scans across various environments including on-premises, cloud, container, database, and web environments using tools like Qualys. Your role will involve validating scan results, eliminating false positives, and delivering accurate, actionable reports to stakeholders. You will serve as a technical Subject Matter Expert (SME), analyzing findings, diagnosing root causes, and guiding remediation efforts. Additionally, you will be expected to develop and maintain a knowledge base to support continuous improvement and team expertise while staying current on emerging threats, tools, and vulnerability management lifecycle advancements to recommend service enhancements. Effective communication of security requirements across the organization and stepping in as an interim team lead when necessary will also be part of your responsibilities. In terms of experience and education, you should have a minimum of 8 years in the field of information security along with a Bachelor's degree in Engineering, Computer Science, Information Technology, or equivalent. Industry certifications such as CISSP, CISA, CISM, CRISC, or CCNA/CCNP/CCIE Security are preferred. You are expected to be proficient in working with vulnerability scanning platforms like Qualys, Nessus, etc., false-positive tuning, and compliance frameworks. Your technical expertise should span across cloud and on-premises systems, network devices such as routers, firewalls, proxies, and various infrastructure components. Skills in risk and threat assessment, as well as security policy enforcement, are essential. Familiarity with containers, DDI (DNS/DHCP/IPAM), WAF/CDN/DDOS solutions (e.g., Infoblox, Zscaler, Imperva) will be advantageous. Knowledge of scripting languages like Python and experience with monitoring tools like Spectrum, SevOne, ThousandEyes, CyberArk, and MS-Entra-ID will also be beneficial. Apart from technical skills, soft skills and leadership qualities are equally important. Excellent analytical, communication, and report-writing abilities are required. Strong organizational and time-management skills are essential for success in this role. Demonstrated leadership abilities, including guiding teams, managing escalations, and fostering a security culture, are expected. As an adaptable self-starter, you should be committed to continuous learning and proactive problem-solving.,

Position - 3 Job Responsibilities :5-10 years of experience in vulnerability assessment, penetration testing, or a related field.Strong understanding of vulnerability management concepts, principles, and best practices.Proficiency in using vulnerability assessment tools (e.g., Nessus, Tenable, Qualys).Experience in conducting penetration testing using various methodologies (e.g., black box, gray box, white box).Knowledge of common security threats, vulnerabilities, and attack vectors.Experience with network and system security tools (e.g., firewalls, intrusion detection systems, antivirus).Experience with scripting languages (e.g., Python, PowerShell).Experience with cloud security (e.g., AWS, Azure, GCP). Flexible to work in shifts Contact Person: Ackshaya

Key Responsibilities: Assist in web, network, and system penetration testing. Conduct vulnerability scans using tools like Nmap, Nessus, and OpenVAS . Assist in social engineering or phishing assessments (if applicable). Prepare clear documentation, reports, and remediation guidance for stakeholders. Maintain knowledge of latest threats, vulnerabilities, and attack techniques. Must-Have Skills: Basic knowledge of networking, OSI model, and common protocols (TCP/IP, HTTP, DNS). Familiarity with Linux and Windows systems. Exposure to tools like Burp Suite, Nmap, Wireshark, Metasploit, Nikto. Understanding of OWASP Top 10 vulnerabilities. Basic scripting knowledge (Python, Bash preferred). Experience with Kali Linux or Parrot OS. Good to Have: Certifications such as CEH, OSCP, eJPT, or Security+. Familiarity with cloud environments (AWS/Azure/GCP) security practices. Basic understanding of firewalls, IDS/IPS, and SIEM tools. Participation in CTFs or bug bounty platforms.

Job Title: Network Engineer Location: Hybrid-Hyderabad/Mumbai/Pune/Bengaluru/Chennai About The Job The Network Engineer role focuses on managing hybrid cloud and on-premises network infrastructures. It requires advanced expertise in AWS VPC, routing protocols, firewalls (Checkpoint and Cisco ASA), Meraki Wi-Fi, Big-IP F5 LTM/APM appliances, and Single Sign-On (SSO) technologies. This role involves coordinating with department teams to build, manage, and optimize both cloud and on-premises network solutions to ensure scalability, security, and high performance. What you will do: AWS Cloud Network Architecture: Design, implement, and manage AWS VPC, including transitive VPC, Transit Gateway, Direct Connect, Virtual Private Gateway (VGW), VPN, IPSec, Security Groups, Network ACLs, and ASM for robust and secure cloud-based networking. Routing Protocols and Network Design: Configure and manage routing protocols such as OSPF, EIGRP, BGP, RIP, PBR (Policy-Based Routing), Route-Filtering, Redistribution, Summarization, and Multicast Routing to ensure optimized data flow within cloud and on-premises networks. Firewall Management: Manage and configure Checkpoint Firewalls for both cloud and on-premises environments, including policy management, traffic filtering, and security auditing. Implement AWS security best practices, including configuring security groups, NACLs, and AWS firewalls to enforce network security. AAA Architecture: Implement and manage AAA (Authentication, Authorization, and Accounting) services using RADIUS and TACACS for secure access control across network devices. Big-IP F5 LTM & APM Management: Configure and manage Big-IP F5 Local Traffic Manager (LTM) and Access Policy Management (APM) cloud edition appliances for load balancing, traffic management, and high availability of cloud-based applications. Network Protocols: Strong expertise in network protocols such as IP, TCP, UDP, ICMP, NAT, DNS, DHCP, SNMP, IPSec, SSL, HTTP, SSH, SIP, RTP, QoS, and AAA for robust network operations. Meraki Wi-Fi Deployment: Deploy and manage Meraki Wi-Fi solutions, configure 802.1x, EAP-PEAP for secure wireless authentication, and manage Meraki MS, MX, and MR devices for network access, security, and monitoring. Single Sign-On (SSO): Strong understanding and hands-on experience with Single Sign-On (SSO) architecture and protocols (e.g., SAML 2.0, OAuth 2.0, OpenID Connect). Implement and manage Okta for SSO integration across enterprise applications, ensuring seamless user authentication and access management. VPN & Secure Connectivity: Manage and optimize site-to-site VPNs and IPSec tunnels to securely connect cloud resources with on-premises infrastructures. Manage Cisco VPN solutions, ensuring reliable, secure connectivity between distributed networks. Network Monitoring & Troubleshooting: Monitor and troubleshoot network performance using AWS CloudWatch, Meraki Dashboard, SolarWinds OpManager and Wireshark to identify and resolve connectivity, performance, and security issues across the hybrid network environment. Network Vulnerability Mitigation: Identify , assess, and mitigate vulnerabilities in both cloud and on-premises networks to ensure security and compliance. Collaborate with security teams for penetration testing, risk assessments, and incident response. Audit/SIEM Solutions: Implement and manage IPS/IDS, Nessus, Anti-virus, and vulnerability management tools to monitor and respond to security incidents. Use SIEM tools for threat analysis, network monitoring, and compliance with security standards. Automation & Infrastructure as Code: Utilize Terraform, AWS CloudFormation, and other Infrastructure as Code ( IaC ) tools to automate the deployment of cloud and on-premises network resources, ensuring consistency and repeatability. Collaboration and Documentation: Collaborate with cross-functional teams to ensure network scalability, high availability, and disaster recovery. Maintain clear, comprehensive documentation for network configurations, security policies, troubleshooting guides, and architectural designs. Who You Are Education & Experience: Bachelor’s degree in computer science, Network Engineering, or a related field, or equivalent work experience. 5+ years of experience in AWS cloud networking, with a focus on VPC, Transit Gateway, Direct Connect, VGW, VPN configurations, and on-premises network switching and routing (Cisco, Meraki, etc.) . Technical Skills Strong experience with Checkpoint firewalls and Cisco ASA firewalls. Extensive knowledge and hands-on experience with routing protocols such as OSPF, EIGRP, BGP, RIP, and MPLS. In-depth experience with Meraki devices (MX, MS, MR), including Wi-Fi deployments, 802.1x, and EAP-PEAP. Experience with Big-IP F5 LTM/APM cloud edition for load balancing and application traffic management. Expertise in WAN technologies such as Ethernet, MPLS VPN, Frame Relay, T1/T3, and OC standards. Strong proficiency in networking protocols such as TCP/IP, DNS, DHCP, NAT, SNMP, SSL, HTTP, RTP, SIP, and QoS. Hands-on experience with AAA (RADIUS/TACACS) architecture and security protocols. Familiarity with WAN optimization technologies and best practices for optimizing network performance. Proficiency in VPN technologies (site-to-site and remote access) and secure network connectivity. Proficient in network vulnerability mitigation, including vulnerability assessment, patch management, and risk management. Strong experience with penetration testing, risk assessments, and incident response processes to identify and address security weaknesses in both cloud and on-premises environments. Experience with Audit/SIEM solutions (e.g., IPS/IDS, Nessus scanning, Anti-virus, vulnerability management) for real-time network monitoring and threat detection Cisco certifications such as CCNA, CCNP, or equivalent networking certifications are required AWS Certification (e.g., AWS Certified Advanced Networking – Specialty, AWS Certified Solutions Architect – Associate) is highly preferred. Soft Skills Able to assist non-technical users with technical issues and simplify complex concepts for both technical and non-technical stakeholders. Comfortable handling diverse tasks and adjusting priorities in a dynamic environment. English Language proficiency is required to effectively communicate in a professional environment. Excellent communication skills are a must . Strong problem-solving skills and a creative mindset to bring fresh ideas to the table. Should demonstrate confidence and self-assurance in their skills and expertise enabling them to contribute to team success and engage with colleagues and clients in a positive, assured manner. Should be accountable and responsible for deliverables and outcomes. Should demonstrate ownership of tasks, meet deadlines, and ensure high-quality results. Demonstrates strong collaboration skills by working effectively with cross-functional teams, sharing insights, and contributing to shared goals and solutions. Continuously explore emerging trends, technologies, and industry best practices to drive innovation and maintain a competitive edge.

Job Description Job Title – Vulnerability Analysis (VAPT) Location- Chennai /Navi Mumbai Position - 3 Job Responsibilities 5-10 years of experience in vulnerability assessment, penetration testing, or a related field. Strong understanding of vulnerability management concepts, principles, and best practices. Proficiency in using vulnerability assessment tools (e.g., Nessus, Tenable, Qualys). Experience in conducting penetration testing using various methodologies (e.g., black box, gray box, white box). Knowledge of common security threats, vulnerabilities, and attack vectors. Experience with network and system security tools (e.g., firewalls, intrusion detection systems, antivirus). Experience with scripting languages (e.g., Python, PowerShell). Experience with cloud security (e.g., AWS, Azure, GCP). Flexible to work in shifts Skills Required RoleVulnerability Analysis (VAPT) – Analyst/Senior Analyst – Chennai / Navi Mumbai Industry TypeITES/BPO/KPO Functional Area Required Education Employment TypeFull Time, Permanent Key Skills NESSUS PENETRATION TESTING VULNERABILITY ASSESSMENT Other Information Job CodeGO/JC/634/2025 Recruiter NameAckshaya

Job Title: SOC – Information Security Location: Noida Experience: 4-6 Years Job Type: Full-Time Job Overview We are seeking a detail-oriented and technically proficient IT Security & Compliance Analyst with strong experience in Vulnerability Assessment & Penetration Testing (VAPT) , security audits , and IT controls . The ideal candidate will be responsible for evaluating IT systems, identifying gaps in compliance, performing security assessments, and ensuring alignment with regulatory and organizational security frameworks such as ISO 27001 and SEBI guidelines . Key Responsibilities Evaluate the adequacy and effectiveness of IT controls related to: Compliance & regulatory requirements Change management processes Information security policies System backup and recovery Business continuity and disaster recovery (BCP/DR) Monitor and assess control deficiencies, and provide recommendations to improve existing policies, documentation, and review processes. Work closely with external auditors to ensure alignment on in-scope systems and controls, and coordinate testing activities as required. Execute and manage multiple tasks efficiently, adhering to project timelines and allocated budgets. Conduct regular security audits and compliance assessments using frameworks such as: ISO 27001:2013, SEBI cybersecurity guidelines, OWASP Top 10, WASC TCv2, SANS Top 25, CWE 25 Perform manual security assessments using tools like: Burp Suite, Qualys, Netsparker, Nessus, NTO Spider or other industry-standard VAPT tools Provide insights on security system optimization and tuning based on alerts and real-time observations. Strong involvement in security incident response, malware handling, and vulnerability management. Work with SIEM tools for log correlation and threat detection. Required Skills & Experience Hands-on experience in VAPT (focus on manual testing) Deep understanding of information security principles Knowledge of data loss prevention (DLP), encryption, patch management, PGP, and anti-virus systems Proficiency in SIEM platforms and correlating security logs Strong documentation and communication skills Familiarity with security audit lifecycle and reporting Preferred Certifications (Optional) CEH, CISA, ISO 27001 Lead Auditor, or related certifications

Windows, Linux OS. We are looking for a skilled and proactive Security Analyst to join our Server and Vulnerability Management team. The ideal candidate will possess expertise in identifying, assessing, and mitigating vulnerabilities across operating and non-operating systems. The role requires proficiency in BigFix and Qualys, along with experience in providing solutions for vulnerabilities. A strong background in scripting and the ability to conduct impact analysis for critical non-OS vulnerabilities is essential.

Static/dynamic testing of mobile applications, Vulnerability Assessment, Penetration Testing, Cyber Security Assessment & Consulting. Secure Code Review, Web Application Security Testing, Firewall Rule Audit, Secure Configuration Review, Wireless Penetration Testing.

Security Engineer – Security Operations Center - SOC ( India) Let’s be unstoppable together! Circana is the leading advisor on the complexity of consumer behavior. Through unparalleled technology, advanced analytics, cross-industry data, and deep expertise, we provide clarity that helps almost 7,000 of the world’s leading brands and retailers take action and unlock business growth. We understand more about the complete consumer, the complete store, and the complete wallet so our clients can go beyond the data to apply insights, ignite innovation, meet consumer demand, and outpace the competition. At Circana, we are fueled by our passion for continuous learning and growth, we seek and share feedback freely, and we celebrate victories both big and small in an environment that is flexible and accommodating to our work and personal lives. We have a global commitment to diversity, equity, and inclusion as we believe in the undeniable strength that diversity brings to our business, employees, clients, and communities (with us you can always bring your full self to work). Join our inclusive, committed team to be a challenger, own outcomes, and stay curious together. Learn more at www.circana.com. What will you be doing? This role will be part of a highly energetic, experienced SOC team for various IT Security platforms and practices. You will work directly with the entire Security, IT and business teams to enforce and safeguard cybersecurity at Circana. You will play a critical role in maintaining a strong defensive posture, including Incident Response. As part of the SOC First Responders Team, you will monitor, assess, handle and resolve active security alerts and escalate as needed while still being involved. The idea candidate will have the ability to communicate both clearly and effectively with all levels of global colleagues across Circana. You will be a valued contributor to suggest, enhance and utilize IT Security solutions to ensure assets are properly safeguarded. Job Responsibilities First responders in monitoring, investigating and handling events / alerts. Perform threat detection, investigation, and response to security incidents. Maintain and manage endpoint protection platforms including Antivirus and EDR Perform security audits of internal systems for compliance Perform , report and track active vulnerability scanning processes and remediation Work with the Security Compliance, Risk, Audit and Governance Teams to ensure security, regulatory and compliance best practices are followed. Proactively utilize all IT Security tools to guard against , identify and remediate threats. Contribute to the on-going review and expansion of IT Security tools, policies, and processes Utilize Security solutions to ensure assets are properly safeguarded Proactively assess safeguards to identify potential risks and perform trend analysis Compile and validate statistical data to be used to determine the viability of implementing specific Ability to handle sensitive matters with discretion and maintain confidentiality. Strong verbal and written English language skills Ability to multi-task with attention to detail Requirements Bachelor’s or Master’s degree in Information Technology, Computer Science, or equivalent experience 3 to 5 years experience in IT Systems or Network Engineering / Administration. Min 3+ years relevant experience in an IT Security Analyst or IT Security Administration role Cloud security experience is additional and preferable. Knowledgeable of the following information security disciplines: Data loss prevention (DLP), intrusion detection system (IDS) monitoring, security information and event management (SIEM), incident response, IT Security best practices, system hardening, vulnerability assessment, management and remediation, EDR, antivirus, firewalls, and techniques for analyzing TCP/IP network traffic and event logs Strong hands-on experience with: TrendMicro Deep Security(Antivirus), CrowdStrike(EDR) , Tenable Nessus (Vulnerability Scan) and Knowledge of SIEM tools (ExaBeam) Relevant certifications preferred (e.g., CEH, Security+,) Excellent Interpersonal Skills - Team player and Self Starter. Independent Thinker and Collaborator. Circana Behaviors As well as the technical skills, experience and attributes that are required for the role, our shared behaviors sit at the core of our organization. Therefore, we always look for people who can continuously champion these behaviors throughout the business within their day-to-day role: Stay Curious: Being hungry to learn and grow, always asking the big questions Seek Clarity: Embracing complexity to create clarity and inspire action Own the Outcome: Being accountable for decisions and taking ownership of our choices Center on the Client: Relentlessly adding value for our customers Be a Challenger: Never complacent, always striving for continuous improvement Champion Inclusivity: Fostering trust in relationships engaging with empathy, respect and integrity Commit to each other: Contributing to making Circana a great place to work for everyone Location This position is 100% remote and based in Bangalore.

Job Description Qualifications Required . Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Equivalent professional experience is acceptable. Minimum 5+ years of experience in Azure cloud operations, with a demonstrated focus on security and vulnerability management. Proven track record of managing and securing large-scale Azure environments in production. Hands-on experience with vulnerability scanning, remediation, and compliance in enterprise cloud environments. Extensive experience in responding to and managing security incidents and threat mitigation in Azure. Technical Skills Azure Expertise : In-depth knowledge of Azure services, including but not limited to: Azure Security Center Azure Defender Azure Key Vault Azure Policy Azure Sentinel (SIEM) Azure Active Directory (Azure AD) Security and Vulnerability Tools : Proficiency with vulnerability scanning and management tools like Qualys, Tenable Nessus, or Rapid7. Experience with Azure-native security tools for threat detection and remediation. Infrastructure Hardening : Strong knowledge of security best practices for securing virtual machines, storage accounts, AKS, and network components. Familiarity with zero-trust architecture principles and implementation in Azure. Automation & Scripting : Advanced skills in scripting languages such as PowerShell , Azure CLI , Python , or other automation tools to remediate vulnerabilities and improve operational efficiency. Experience in integrating security checks into CI/CD pipelines. Certifications (Preferred or Mandatory) Azure Cloud Certifications: Microsoft Certified: Azure Administrator Associate (AZ-104) Microsoft Certified: Azure Security Engineer Associate (AZ-500) Microsoft Certified: Cybersecurity Architect Expert (SC-100) Security Certifications: Certified Information Systems Security Professional ( CISSP ) Certified Ethical Hacker ( CEH ) CompTIA Security+ GIAC certifications (e.g., GCIH, GSEC, or GCED) Other Requirements Familiarity with regulatory and compliance standards, such as ISO 27001 , SOC 2 , GDPR , or HIPAA . Experience in performing and supporting audits related to cloud security. Proven ability to stay current with evolving cloud and cybersecurity trends.

Job Description We are looking for an experienced VAPT professionals to join our cybersecurity team. The ideal candidate will have a strong background in identifying, assessing, and mitigating security vulnerabilities in network and application environments through comprehensive penetration testing and vulnerability assessments. About Us ProTechmanize Solutions is an Information Technology product and services company, established by professionals with a cumulative experience of over 20 years in the field of Cyber Security, Information Technology, IT Security & Software Development. ProTechmanize team believes in providing a right set of solutions and services to their customer by tailored programs. Key Responsibilities Conduct regular vulnerability assessments of network infrastructure, applications, and systems to identify security weaknesses. Perform detailed penetration tests to simulate cyberattacks and exploit vulnerabilities, providing a clear understanding of potential risks. Prepare detailed reports of findings, including risk levels and recommended remediation actions, and present these to stakeholders. Work with IT and development teams to address and remediate identified vulnerabilities, ensuring effective implementation of security controls. Utilize and maintain various security tools and platforms (e.g., Nessus, Metasploit, Burp Suite) to conduct assessments and tests. Provide expert advice on improving security posture and implementing best practices for vulnerability management. Stay updated with the latest security trends, threats, and technologies to continuously enhance testing methodologies and tools. Ability to lead the team and provide Expert advice on client calls. Technical Skills And Requirements Bachelor's degree in Computer Science, Information Security, or a related field. 1.5+ to 4 years of hands-on experience in vulnerability assessment and penetration testing. Proficiency in various domains such as Application security OWASP, API security testing, Network security & Mobile app security. Exposure to Secure Code Review using Checkmarx or HP Fortify is preferred. Strong understanding of common attack vectors, vulnerability exploitation techniques, and security testing methodologies (OWASP,). Soft Skills Excellent analytical and problem-solving skills with a meticulous attention to detail. Strong verbal and written communication skills, with the ability to convey complex security issues to non-technical stakeholders. Ability to work collaboratively with cross-functional teams in a fast-paced environment Note : Only candidates with the required experience should apply. This position requires hands-on experience in VAPT. (ref:hirist.tech)

Conduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabilities. Stay Updated: Keeping abreast of the latest security threats, vulnerabilities, and industry best practices. Test Various Application Types: Performing security assessments on web applications, mobile applications, APIs (REST, SOAP, XML, JSON), and potentially cloud-based services. Understand Security Standards and Frameworks: Familiarity with OWASP, NIST, ISO 27001, PCI DSS, and other relevant standards is crucial. Use Security Testing Tools: Proficiency in tools like Burp Suite, OWASP ZAP, Nmap, Nessus, AppScan, Acunetix, Veracode, CheckMarx, etc. Responsibilities: The responsibilities cover the full range of testing work, from websites, mobile apps, and infrastructure testing to social engineering. In this role, the candidate is expected to: test software and hosted platforms, to identify vulnerabilities Carry out penetration testing of web applications, mobile applications, and internal infrastructure analyze code to assess its level of security and to find specific vulnerabilities Manage the security testing process perform complex simulated attacks on networks or systems Stay updated with the latest threats/vulnerabilities produce written technical reports along with an executive summary to a professional standard Research potential vulnerabilities formally brief clients and colleagues Understanding the role of AIML in cybersecurity Qualification: Minimum 3 to 5 years hands-on experience in SAST, DAST, VAPT Certifications like CEH, CompTIA Security+, and OSCP will be considered and added advantages. Familiarity with SAST, DAST, and IAST tools Understanding of Red/Blue teaming and threat hunting

About the Role: Grade Level (for internal use): 10 The Team Security Testing Team in the Quality Engineering space plays a crucial role in safeguarding business operations by identifying vulnerabilities and ensuring robust protection against cyber threats. Through meticulous testing practices, we enhance the security posture of applications, thereby reducing the risk of data breaches and financial loss. By integrating security measures early in the development lifecycle, the team helps streamline processes, minimize disruptions, and ultimately contribute to greater business efficiency and resilience. S&P Global Ratings is the worlds leading provider of independent credit ratings. Our ratings are essential to driving growth, providing transparency, and helping educate market participants so they can make decisions with confidence. We have more than one million credit ratings outstanding on government, corporate, financial sector and structured finance entities and securities. We offer an independent view of the market built on a unique combination of broad perspective and local insight. We provide our opinions and research about relative credit risk; market participants gain independent information to help support the growth of transparent, liquid debt markets worldwide. What is in it for you Serve as a highly technical security expert to bring security transformation to both new and legacy applications in quality engineering space. Using a wide range of cutting-edge technology to innovate while testing. An ever-challenging environment to hone your existing skills in Security Testing, Automation, Python Programming, Bash scripting etc. Being a part of an organization which values Culture of Urgency and Shift Left approaches. Gain the opportunity to apply your strategic thinking alongside technical skills to safeguard our systems defending against emerging cyber threats. A plenty of skill building, knowledge sharing, and innovation opportunities. Building a fulfilling career with a global financial technology company. Responsibilities This role will involve designing and executing security tests, identify vulnerabilities, and drive remediation strategies while collaborating with cross-functional teams in an Agile environment. Understand the applications security requirements and identify & document the scope of the test. Develop and maintain security testing automation using tools like Burp Suite, ZAP, or similar tools. Integrate security testing into CI/CD pipelines. Automate processes and workflows using Python to minimize manual work. Collaborate with development, QE, and DevOps teams to investigate security incidents, perform root cause analysis, and validate security fixes. Oversee results and logs to analyze, prioritize, and initiate remediation for findings identified by security tools during SAST, DAST, SCA, artifact scanning, container scanning, etc... Prepare detailed reports summarizing test results, logs, findings, and recommendations for strengthening overall security of an application. Create and track security metrics, KPIs, and KRIs to measure operational effectiveness. Prepare comprehensive reports for senior management on security performance and strategic initiatives. Work independently, providing recommendations, and leading the accomplishments of the tasks from inception to completion. Demonstrate outstanding flexibility and leadership with proper communication of security testing result interpretation and explanation to audience. Participate in Daily Stand-up Calls, works closely with the Agile Manager to know the deliverables and commitments of each release. Actively taking part in resolving critical security issues and coming up with solutions to mitigate the same. Basic Qualifications Bachelor's or masters degree in Electronics and Communication, Computer Science, Cybersecurity, or related fields. 6 to 9 years of IT experience with relevant professional experience of Minimum 4 years in the field of Cyber Security Testing. Should have strong hands-on experience in security testing, penetration testing, and vulnerability assessment. Strong experience in web, API, and cloud security testing. Clear understanding of security vulnerabilities, exploits, and mitigation techniques Strong grasp of the OWASP Top 10 vulnerabilities and effective mitigation strategies. Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Wireshark, Nessus, OpenSSL and Crypto validation tools. Proficiency in SAST/DAST tools and security frameworks like OWASP Top 10, CIS Benchmarks, and CVSS. Hands-on experience with Selenium, Pytest, and RestAssured API Testing using Python. Strong hands-on experience with scripting and programming languages including Python, PowerShell, Bash for security tasks. Familiarity with RESTful APIs, webhooks, and integration of third-party security tools and services via automation. Knowledge of DevSecOps practices and integrating security in CI/CD pipelines. Self-motivated and driven to stay updated with the latest security trends, technologies, and best practices, maintain high level of accuracy in security assessments. Ability to analyze and communicate complex cybersecurity and technical challenges to technical and non-technical users, leaders, and stakeholders. Experience collaborating with cross functional global and remote teams with diverse backgrounds. Should be able to work under a competitive time frame and deliver. Should be a very fast learner and have the excellent problem-solving ability. Should have excellent written and verbal communication skills. Nice to have Skills: Security Certifications like CISSP, CEH, CISM, OSCP or CompTIA Security+ shall be having the preference. Hands-On experience in building AI-powered security tools, chatbots, and agent-driven automation pipelines. Knowledge on Agentic AI frameworks, LLMs, and orchestration libraries like LangChain, crewAI or RAG-based architectures. Grade10 LocationHyderabad Shift time11am to 8pm / 12pm to 9pm IST Hybrid Modeltwice a week work from office About S&P Global Ratings At S&P Global Ratings, our analyst-driven credit ratings, research, and sustainable finance opinions provide critical insights that are essential to translating complexity into clarity so market participants can uncover opportunities and make decisions with conviction. By bringing transparency to the market through high-quality independent opinions on creditworthiness, we enable growth across a wide variety of organizations, including businesses, governments, and institutions. S&P Global Ratings is a division of S&P Global (NYSESPGI). S&P Global is the worlds foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. With every one of our offerings, we help many of the worlds leading organizations navigate the economic landscape so they can plan for tomorrow, today.For more information, visit www.spglobal.com/ratings Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. S&P Global has a Securities Disclosure and Trading Policy (the Policy) that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policys requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----

Information Protection Lead Analyst - HIH - Evernorth Job Description: Position Summary: The Information Protection Lead Analyst - Penetration Testing is responsible for conducting vulnerability assessments, threat modeling, penetration tests, and red team campaigns of Cigna’s IT infrastructure and applications. This role will work closely with the Information Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cigna’s systems using both manual and automated methods. As a member of the Cyber Security Incident Response Team, this role will provide second and third level incident response services to the global Cigna enterprise to address Cyber Security threats to the enterprise. Daily activities will include analysis of logs, memory and disc artifacts and the use of a variety of commercial and open source security tools to respond to and triage threats in global enterprise. This role will focus on Threat Hunting and Incident Response capabilities within Cloud Service Provider environments. About Cigna: Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don’t just care about your well –being, we care about your career health too. That’s why when you work with us, you can count on a different kind of career – you’ll make a difference, learn a ton and share in changing the way people think about healthcare. Responsibilities : Lead and execute internal and external penetration tests against corporate web applications, APIs, networks, Windows and Unix variants to discover vulnerabilities Lead and execute mobile application penetration tests for both Android and iOS based devices Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation Develop scripts, tools or methodologies to enhance Cigna’s penetration testing processes Experience in application vulnerability assessment tools (Burp OR ZAP.) Experience with network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.) Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET) Strong experience in manual and automated techniques for penetration testing and executing vulnerability assessments Knowledge of Windows and *nix-based operating systems Knowledge of networking fundamentals and common attacks Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell) Understanding of Android/iOS based platforms (e.g. Java, Swift, Objective C) Exploit development and validation skills Ability to analyze vulnerabilities, appropriately characterize threats, and provide remediation recommendations Understanding of core Internet protocols (e.g. DNS, HTTP, TCP, UDP, TLS, IPsec) Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.) Demonstrated ability to coordinate people and lead teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities Qualifications: High School diploma; Bachelor's degree preferred 5-8 years or more of penetration testing experience One or more professional certifications such as PNPT, CBBH, CPTS, OSCP GPEN, GWAPT, GMOB Passionate about security and finding new ways to break into systems as well as defend them Strong analytical and problem solving skills with the ability to “think outside the box” Ability to work in a flexible environment where requirements and procedures continuously evolve Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Information Protection Senior Analyst - HIH - Evernorth Job Description Summary The Information Protection Senior Analyst - Penetration Testing , is responsible for conducting vulnerability assessments, threat modeling, penetration tests of Cigna’s IT infrastructure and applications. This role will work closely with the Information Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cigna’s systems, using both manual and automated methods. About Cigna Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don’t just care about your well–being, we care about your career health too. That’s why, when you work with us, you can count on a different kind of career – you’ll make a difference, learn a ton, and share in changing the way people think about healthcare. Responsibilities Execute internal and external penetration tests against corporate web applications, APIs, networks, infrastructure and operating systems in order to discover vulnerabilities. Execute mobile application penetration tests for both Android and iOS based devices. Execute penetration tests in cloud-hosted environments. Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation, and communicate risk findings with development and infrastructure teams. Develop scripts, tools, or methodologies to enhance Cigna’s penetration testing processes. Work as part of a team to identify risks, communicate to key stakeholders, and provide value to the organization. Skills required Demonstrated ability to work as both an individual contributor and a team player in a fast paced environment. Coordinate with people and teams to forecast activity completion and the ability to work in a team environment, sharing workloads and responsibilities. Knowledge of Windows and *nix-based operating systems. Understanding of core Internet protocols (e.g. TCP, UDP, DNS, HTTP, TLS, IPsec) and the OSI model. Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.). Understanding of Cloud environments such as SaaS, PaaS and IaaS. Basic exploit development and validation skills. Proficiency in application vulnerability assessment tools (Burp or ZAP Proxy). Proficiency in network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.) Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET). Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments. Knowledge of networking fundamentals and common attacks. Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell.) Understanding of Android/iOS based platforms (e.g. Java, Swift, Objective C). Ability to analyze vulnerabilities and misconfigurations, appropriately characterize threats, and provide remediation recommendations. Qualifications High School diploma; Bachelor's degree preferred. 3-5 years or more of penetration testing experience. Pentest+, CEH, PJPT - Certified in or similar experience ( any of these) Passionate about security and finding new ways to break into systems, as well as defend them. Strong analytical and problem solving skills, with the ability to “think outside the box”. Ability to work in a flexible environment where requirements and procedures continuously evolve. Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences. About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Information Protection Analyst - HIH - Evernorth Job Description Summary The Information Protection Analyst - Penetration Testing , is responsible for conducting vulnerability assessments, threat modeling, penetration tests of Cigna’s IT infrastructure and applications. This role will work closely with the Information Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cigna’s systems, using both manual and automated methods. About Cigna Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don’t just care about your well–being, we care about your career health too. That’s why, when you work with us, you can count on a different kind of career – you’ll make a difference, learn a ton, and share in changing the way people think about healthcare. Responsibilities Execute internal and external penetration tests against corporate web applications, APIs, networks, infrastructure and operating systems in order to discover vulnerabilities. Execute mobile application penetration tests for both Android and iOS based devices. Execute penetration tests in cloud-hosted environments. Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation, and communicate risk findings with development and infrastructure teams. Develop scripts, tools, or methodologies to enhance Cigna’s penetration testing processes. Work as part of a team to identify risks, communicate to key stakeholders, and provide value to the organization. Skills required Demonstrated ability to work as both an individual contributor and a team player in a fast paced environment. Coordinate with people and teams to forecast activity completion and the ability to work in a team environment, sharing workloads and responsibilities. Knowledge of Windows and *nix-based operating systems. Understanding of core Internet protocols (e.g. TCP, UDP, DNS, HTTP, TLS, IPsec) and the OSI model. Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.). Understanding of Cloud environments such as SaaS, PaaS and IaaS. Basic exploit development and validation skills. Proficiency in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.). Proficiency in network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.) Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET). Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments. Knowledge of networking fundamentals and common attacks. Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell.) Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C). Ability to analyze vulnerabilities and misconfigurations, appropriately characterize threats, and provide remediation recommendations. Qualifications High School diploma; Bachelor's degree preferred. 1-3 years of penetration testing experience. Passionate about security and finding new ways to break into systems, as well as defend them. Strong analytical and problem solving skills, with the ability to “think outside the box”. Ability to work in a flexible environment where requirements and procedures continuously evolve. Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences. About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

vulnerability assessments using Nessus , Tenable , Qualys ,Develop and maintain vulnerability management processes and procedures ,Coordinate vulnerability remediation activities, penetration testing, scripting languages KALI ,Linux Parrot