239 Nmap Jobs - Page 3

Tesco India • Bengaluru, Karnataka, India • Full-Time • Permanent • Apply by 13-Jun-2025 About the role Systems Engineer III - Performance Engineer What is in it for you At Tesco, we are committed to providing the best for you. As a result, our colleagues enjoy a unique, differentiated, market- competitive reward package, based on the current industry practices, for all the work they put into serving our customers, communities and planet a little better every day. Our Tesco Rewards framework consists of pillars - Fixed Pay, Incentives, and Benefits. Total Rewards offered at Tesco is determined by four principles -simple, fair, competitive, and sustainable. Salary - Your fixed pay is the guaranteed pay as per your contract of employment. Leave & Time-off - Colleagues are entitled to 30 days of leave (18 days of Earned Leave, 12 days of Casual/Sick Leave) and 10 national and festival holidays, as per the company’s policy. Making Retirement Tension-FreeSalary - In addition to Statutory retirement beneets, Tesco enables colleagues to participate in voluntary programmes like NPS and VPF. Health is Wealth - Tesco promotes programmes that support a culture of health and wellness including insurance for colleagues and their family. Our medical insurance provides coverage for dependents including parents or in-laws. Mental Wellbeing - We offer mental health support through self-help tools, community groups, ally networks, face-to-face counselling, and more for both colleagues and dependents. Financial Wellbeing - Through our financial literacy partner, we offer one-to-one financial coaching at discounted rates, as well as salary advances on earned wages upon request. Save As You Earn (SAYE) - Our SAYE programme allows colleagues to transition from being employees to Tesco shareholders through a structured 3-year savings plan. Physical Wellbeing - Our green campus promotes physical wellbeing with facilities that include a cricket pitch, football field, badminton and volleyball courts, along with indoor games, encouraging a healthier lifestyle. You will be responsible for Collaborate with product managers and developers to understand product requirements and contribute to performance-focused design discussions. Create and maintain comprehensive non-functional test cases and use cases tailored to performance testing needs. Translate NFRs into detailed performance and security test plans, including SLAs, SLOs, and capacity benchmarks. Develop detailed performance test plans, including test cases and test data, and ensure alignment with business expectations. Execute various types of performance testing such as load, stress, scalability, and endurance tests to assess system behaviour under different conditions. Analyse performance test results to identify bottlenecks and inefficiencies and provide actionable insights for resolution. Monitor system performance using diagnostic tools and provide real-time feedback during testing cycles. Automate performance tests using modern, open-source tools and scripting languages to streamline testing processes. Collaborate with DevSecOps to integrate security testing into CI/CD workflows and enforce shift-left security practices. Document and report security vulnerabilities with risk ratings, reproduction steps, and remediation guidance. Work closely with QE, DevOps, and Development teams to ensure performance and security best practices are embedded throughout the SDLC. Provide detailed test reports, dashboards, and technical documentation for stakeholders. You will need Bachelor’s degree in computer science or a related engineering discipline. 12+ years of experience in Quality Engineering preferably in retail orgs or product organisations Application Testing: Hands-on experience in performance testing of APIs, microservices, web applications, and native mobile apps. Performance Testing Tools: Proficient in industry-standard tools such as JMeter, K6, Locust, Gatling, etc for load and stress testing. Scripting & Automation: Strong programming skills in Java, Python, and Shell scripting for developing and automating performance test scripts. Monitoring & Diagnostics: Expertise in using APM and logging tools - AppDynamics, Dynatrace, Splunk, New Relic, RunScope, Grafana to monitor & analyze system performance. Cloud & Containerization: Solid understanding of cloud platforms (Azure), container orchestration (Kubernetes), and containerization (Docker) for scalable performance testing. Database Performance: Ability to analyze and optimize SQL queries and database performance; familiarity with SQL, NoSQL databases, and pub-sub messaging systems. Infrastructure Knowledge: Understanding of load balancers, infrastructure design, and application architecture in both Azure cloud and on-premises environments. Security Tools: Experience with security and vulnerability assessment tools such as Burp Suite, OWASP ZAP, Metasploit, Nessus, and Nmap. Security Best Practices: Strong grasp of OWASP Top 10, CWE/SANS Top 25, and secure coding principles. Operating Systems: Comfortable working in Linux/Unix environments. Analytical Skills: Excellent problem-solving, debugging, and troubleshooting abilities. Communication: Strong verbal and written communication skills, with the ability to convey complex technical concepts clearly. About us Tesco in Bengaluru is a multi-disciplinary team serving our customers, communities, and planet a little better every day across markets. Our goal is to create a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility through technological solutions, and empowering our colleagues to do even more for our customers. With cross-functional expertise, a wide network of teams, and strong governance, we reduce complexity, thereby offering high-quality services for our customers. Tesco in Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 3,30,000 colleagues Tesco Technology Today, our Technology team consists of over 5,000 experts spread across the UK, Poland, Hungary, the Czech Republic, and India. In India, our Technology division includes teams dedicated to Engineering, Product, Programme, Service Desk and Operations, Systems Engineering, Security & Capability, Data Science, and other roles. At Tesco, our retail platform comprises a wide array of capabilities, value propositions, and products, essential for crafting exceptional retail experiences for our customers and colleagues across all channels and markets. This platform encompasses all aspects of our operations – from identifying and authenticating customers, managing products, pricing, promoting, enabling customers to discover products, facilitating payment, and ensuring delivery. By developing a comprehensive Retail Platform, we ensure that as customer touchpoints and devices evolve, we can consistently deliver seamless experiences. This adaptability allows us to respond flexibly without the need to overhaul our technology, thanks to the creation of capabilities we have built.

Description and Requirements "At BMC trust is not just a word - it's a way of life!" Description And Requirements CareerArc Code CA-DN Hybrid "At BMC trust is not just a word - it's a way of life!" We are an award-winning, equal opportunity, culturally diverse, fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, because we know you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud! We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation! BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing. A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. Roles And Responsibilities Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. Provide expert guidance on application security best practices. Research and develop new penetration testing methodologies, tools, and techniques. Qualifications & Skills 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. Penetration testing experience is essential; prior participation in bug bounty programs is a plus. Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. Ability to think creatively and analytically to identify and exploit vulnerabilities. Strong problem-solving skills when encountering unexpected challenges during testing. Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. Meticulous attention to detail in documenting findings and creating reports. Effective time management skills to meet project deadlines and testing schedules. High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. Optional: Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks. BMC Software maintains a strict policy of not requesting any form of payment in exchange for employment opportunities, upholding a fair and ethical hiring process. At BMC we believe in pay transparency and have set the midpoint of the salary band for this role at 1,638,100 INR. Actual salaries depend on a wide range of factors that are considered in making compensation decisions, including but not limited to skill sets; experience and training, licensure, and certifications; and other business and organizational needs. The salary listed is just one component of BMC's employee compensation package. Other rewards may include a variable plan and country specific benefits. We are committed to ensuring that our employees are paid fairly and equitably, and that we are transparent about our compensation practices. ( Returnship@BMC ) Had a break in your career? No worries. This role is eligible for candidates who have taken a break in their career and want to re-enter the workforce. If your expertise matches the above job, visit to https://bmcrecruit.avature.net/returnship know more and how to apply. Show more Show less

Job Description We are seeking a skilled and experienced Cybersecurity Specialist to join our dynamic team. The ideal candidate will have 3-7 years of experience in cybersecurity roles and a strong technical background in information security. If you're passionate about protecting data, identifying vulnerabilities, and implementing robust security measures. Key Responsibilities Develop, implement, and maintain cybersecurity policies, firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security solutions, and data encryption. Conduct regular security assessments, risk analyses, and vulnerability assessments to identify potential weaknesses and mitigate risks. Experience in Web/Mobile/Network Penetration Testing and/or Vulnerability Assessment. Experience with web application vulnerability scanner (BurpSuite, AppScan, Acunetix, Web Inspect, etc). Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25. Deep knowledge of HTTP protocol and the ability to construct/manipulate HTTP requests. Ability to suggest/recommend remediation to fix vulnerability. Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. Knowledge on Tools: Nmap, Kali Linux, Metasploit, Maltego, Burp Suite, Nessus, nexpose, Wireshark, sqlmap etc. Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security : 3-7 years of experience in cyber security or a related field. Bachelor's degree in Computer Science, Information Security, Cyber Operations, or a related field (or equivalent experience). Strong understanding of networking concepts, security principles, and cyber threats. Proven experience with vulnerability scanning and penetration testing tools. Knowledge of regulatory requirements and compliance frameworks (e.g., PCI DSS, NIST, CIS Controls). Experience in Information security controls, and doing IT audits, ISO certifications is preferred. (ref:hirist.tech) Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills And Attributes For Success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

We are looking to hire a Cyber Security Engineer with strong analytical skills and a comprehensive understanding of cybersecurity principles. The ideal candidate will have hands-on experience in web application, network security and hardware security with the ability to identify vulnerabilities, execute penetration tests, and recommend effective mitigations. The role requires an individual who is detail-oriented, able to work under pressure, and capable of delivering results within tight deadlines. Responsibilities: Conduct web application penetration testing using established methodologies (e.g., OWASP). Perform network penetration testing and identify system-level vulnerabilities. Conduct hardware-level security assessments and penetration tests on embedded systems, PCBs, SoCs, firmware, and IoT devices. Perform side-channel analysis, fault injection, and reverse engineering of hardware and firmware. Analyze firmware images for vulnerabilities using both static and dynamic methods. Analyse existing security measures and recommend improvements. Document findings, provide detailed risk assessments, and deliver remediation strategies. Advise on and implement security best practices across applications and infrastructure. Collaborate with development and infrastructure teams to ensure secure design and implementation. Stay current with evolving threats, vulnerabilities, and mitigation techniques. If experienced, conduct mobile application penetration testing (preferred, not mandatory). Requirements: A degree in computer science, IT, systems engineering, or related qualification. Core experience and profound knowledge in application and infrastructure security testing. Strong understanding and hands on experience on application and infrastructure vulnerabilities, automated/manual testing, auditing and remediation techniques. Strong understanding of OWASP Threats classification Experience with standard security tools such as Metasploit, SQLMap, Nmap, OWASP ZAP, Burp Suite etc. Experience with network/infrastructure vulnerability assessment tools such as Nessus, Qualys etc. Experience with establishing penetration testing procedures and processes. Proficiency in any one of the scripting languages like Python, C++, Java, Ruby, Node, Go, and/or Power Shell Ability to work under pressure in a fast-paced environment. Strong attention to detail with an analytical mind and outstanding problem-solving skills. Great awareness of cybersecurity trends and hacking techniques. Good to have: Understanding of server and client-side application development. Experience with performing code review, wireless and firewall assessments. Experience in evasion techniques to bypass firewalls and intrusion detection systems. Experience with Mobile Application Penetration testing, APIs etc. Knowledge in Application Architecture Review, Threat Modelling concepts Security Certifications: OSCP, OSEE, OSCE etc.

Experience: 1 - 3 years Location: New Delhi Job Description : The Security Analyst will be responsible for conducting comprehensive security assessments, including audits, penetration testing, and compliance evaluations. This role requires a meticulous, analytical professional with OSCP and CEH certifications, capable of identifying vulnerabilities and recommending technical and strategic security improvements. Number of Requirements : 01 Key Responsibilities : Perform technical security audits across internal and client infrastructures (networks, systems, and applications). Conduct vulnerability assessments and manual penetration testing, including both black-box and white-box scenarios. Analyze security policies, standards, and configurations against best practices and compliance frameworks. Develop detailed audit and assessment reports with risk ratings and mitigation strategies. Collaborate with internal teams and client stakeholders to understand business requirements and security needs. Participate in incident response planning and security awareness training initiatives. Stay informed about the latest threats, attack techniques, and regulatory developments. Required Qualifications : Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience. Active OSCP (Offensive Security Certified Professional) certification. Active CEH (Certified Ethical Hacker) certification. 3+ years of experience in information security auditing, penetration testing, or ethical hacking. Strong understanding of operating systems (Linux, Windows), networking, and web application security. Hands-on experience with tools such as Burp Suite, Nmap, Metasploit, Wireshark, Nessus, etc. Excellent documentation and communication skills. Preferred Qualifications : Experience conducting audits for compliance standards (ISO 27001, PCI-DSS, HIPAA, etc.). Exposure to cloud environments (AWS, Azure, GCP) and their security models. Scripting knowledge in Python, Bash, or PowerShell. Additional certifications such as CISA, CISSP, or GPEN are a plus.

? Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails

Your Role and Responsibilities Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design. Key responsibilities Plan the penetration test Select, design and create appropriate tools for testing Perform the penetration test on computer systems, networks, web-based and mobile applications Document your methodologies, findings Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs. Review your findings and feedback to development teams Analyse the outcomes and make recommendations for security improvements Carry out application, network, systems and infrastructure penetration tests Review physical security and perform social engineering tests where appropriate Evaluate and select from a range of penetration testing tools Keep up to date with latest testing and ethical hacking methods Deploy the testing methodology and collect data Report on findings to a range of stakeholders Make suggestions for security improvements Enhance existing methodology material Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Experience – 2 to 5 years in Cybersecurity Web Application Testing Basic understanding of HTTP Protocol HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc. Basic understanding of HTML/JavaScript Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities Automated Testing Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.) Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan. Assessment of scanner results and intelligently identifying false positives from the scan results. Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender. Manual Testing: Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing. Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities. Preferred technical and professional experience Preferred Professional and Technical Expertise Webservice Testing SOAP/REST APIs testing. Configuring cURL commands and POSTMAN tool to capture the request in automated scanner. Network Testing Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc. Basic understanding of network devices like router, switches, firewall/IDS/IPS etc.. Network scanning tools such as Nessus, Nmap, Metasploit etc. Exploitation and Post Exploitation of network vulnerabilities. Threat Model and Source code security scanning Perform/Participate in threat model creation/design or review Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools. Security Certifications Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills and attributes for success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What we look for Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What working at EY offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Application Security Perform security reviews, code audits, and threat modeling of web and mobile applications. Work with DevOps and development teams to integrate secure coding practices and tools (e.g., SAST, DAST, SCA). Conduct penetration testing and vulnerability assessments on internal and external applications. Remediate OWASP Top 10 and other emerging threats. Infrastructure & Server Security Harden Linux and Windows servers following CIS/NIST benchmarks. Implement endpoint security solutions (AV, EDR, MDM). Monitor, detect, and respond to system anomalies and unauthorized access. Manage patching and update cycles in coordination with system teams. Network Security Secure network architecture, firewall policies, VPNs, NAT, and VLAN segmentation. Analyze and mitigate threats like DDoS, MITM, spoofing, etc. Configure and manage intrusion detection/prevention systems (IDS/IPS). Perform routine audits and packet-level analysis for suspicious activity. Cloud Security Secure cloud infrastructure (Alibaba Cloud/AWS/Azure/GCP). Manage IAM, WAF, Security Groups, and cloud-native threat detection tools. Audit and improve security configurations in containers, CI/CD pipelines, and serverless deployments. Monitoring, Audit, and Compliance Work closely with compliance teams to meet standards like SAMA-CSF, ISO 27001, and PCI-DSS . Implement and tune SIEM/SOAR systems for proactive monitoring and incident response. Maintain audit trails, security reports, and logs for investigations and audits. Qualifications & Requirements Bachelor’s degree in computer science, Cybersecurity, or a related field. 4+ years of experience in cybersecurity roles with exposure to infrastructure and application security. Proficiency in tools like Burp Suite, Nessus, Wireshark, Nmap, Suricata, OSSEC/Wazuh, etc. Strong knowledge of TCP/IP, Linux security, cloud security, and secure coding principles. Experience with at least one cloud platform (Alibaba Cloud preferred). Familiarity with regulatory and compliance standards in the GCC region is a plus. Security certifications such as CEH, OSCP, CISSP, or CISM are a plus. Preferred Strong problem-solving and analytical skills. Ability to work under pressure in a fast-paced environment. Excellent communication skills to interface with technical and non-technical stakeholders. Self-motivated and able to work independently or as part of a team. Minimum 5 + yrs of exp as security specialists Job Types: Full-time, Permanent Pay: ₹2,000,000.00 per year Benefits: Health insurance Leave encashment Paid sick time Provident Fund Schedule: Day shift Monday to Friday Morning shift Education: Bachelor's (Preferred) Experience: Information security: 5 years (Preferred) audit: 4 years (Preferred) Compliance management: 4 years (Preferred) SoC: 1 year (Preferred) Work Location: In person

Category: Administration Main location: India, Karnataka, Bangalore Position ID: J0625-0283 Employment Type: Full Time Position Description: Company Profile: Founded in 1976, CGI is among the largest independent IT and business consulting services firms in the world. With 94,000 consultants and professionals across the globe, CGI delivers an end-to-end portfolio of capabilities, from strategic IT and business consulting to systems integration, managed IT and business process services and intellectual property solutions. CGI works with clients through a local relationship model complemented by a global delivery network that helps clients digitally transform their organizations and accelerate results. CGI Fiscal 2024 reported revenue is CA$14.68 billion and CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Learn more at cgi.com. Job Title: Cyber Security Engineer Position: Senior Systems Engineer/Lead Analyst Experience: 7+ yrs Category: IT Infrastructure Main location: Bangalore Position ID: J0625-0283 Employment Type: Full Time Qualification: Bachelor's degree in Computer Science or related field or higher with minimum 3 years of relevant experience. Job Description: At least 7+ years’ Experience in Vulnerability Assessment and Penetration testing of web applications, mobile applications, API and thick client applications. Good knowledge on web application security, OWASP, Application Security testing, Network Penetration testing, Code Review, Vulnerability Assessment and Appscan Experience in cyber security penetration testing (Manual, PT, VAPT, DAST, SAST, API) Hands on experience in setting up the network environment for VAPT Manual penetration testing skills and techniques are required besides automated tools and frameworks. Hands on experience in identifying false positives Hands on knowledge on tools: Burp Suite Professional, Qualys, Nmap, Kali Linux, Metasploit, Nessus, Wireshark, Sqlmap, Checkmarx etc Strong knowledge of tools for mobile application security, including but not limited to Appuse, MOBSF, Geny Motion, Kali Linux, BURP, PostMan, Appie, Mobisec, NowSecure, HP Fortify On Demand Good Understanding of OWASP Top 10 for web application security and Mobile application security. Perform mobile vulnerability assessment and Penetration testing. Good understanding of Microservice based architecture Experience working in a DevSecOps environment with knowledge of continuous integration, containers, DAST/SAST tools Good understanding of Database security requirements. Good knowledge of cloud environments and should be able to perform VAPT on AWS, Azure etc. Scripting and coding experience(good to have) Certifications: OSCP, CEH Must have Skills : Good knowledge on web application security, OWASP, Application Security testing, Network Penetration testing, Code Review, Vulnerability Assessment and Appscan Experience in cyber security penetration testing (Manual, PT, VAPT, DAST, SAST, API) Hands on experience in identifying false positives Hands on knowledge on tools: Burp Suite Professional, Qualys, Nmap, Kali Linux, Metasploit, Nessus, Wireshark, Sqlmap, Checkmarx etc Good to have Skills : Excellent customer interfacing skills. Excellent written and verbal communication skills. Participating in Daily Standups and weekly reviews Strong attention to detail and outstanding analytical and Problem-solving skills. Understanding of Business, emerging technologies in relevant industry (Banking/CIAM ) , strong understanding of trends (market and technology) in areas of specialization. CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs. Life at CGI: It is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons Come join our team, one of the largest IT and business consulting services firms in the world Skills: Vulnerability Assessment(IAVA) What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Development, implementation, monitoring, maintenance, and management of threats, security controls, processes, procedures and systems. Provides trusted advisor overview and management for information security projects and technical requirements. Provides threat management support for firewalls, intrusion detection systems, enterprise anti-virus, web application firewalls, and log monitoring tools. Manages internal/external vulnerability management program and oversight for code reviews or application security scan reviews as part of the Application Security management program. Manages the company’s Incident Response process in coordination with managed SOC vendor to monitor and respond to security alerts from all assets storing, processing, transmitting company confidential/sensitive data including PCI and PII data assets. Provides technical expertise in support of information technology assessments, penetration tests, and/or audits (PCI/SOX/HIPAA/other) of organizational automated systems and processes and will play a critical role in designing, maintaining and enhancing our organization's cybersecurity posture. Works closely with cross-functional teams to identify and implement robust security measures, detect, and respond to security incidents, and ensure the overall integrity and confidentiality of our systems and data. Essential Duties and Responsibilities Other duties may be assigned. In the event of absence, duties for this position will be overseen by the position to which it reports. Conducts analysis, develops technical and programmatic assessments, evaluates security engineering and integration initiatives and provides technical support to facilitate compliance with security policies, procedures, standards and guidelines. Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Analyze and review recent industry breaches for preventive cyber breach strategies. Provide threat intelligence research related to malware/virus identification. Responsible for reviewing and approving corporate, PCI In-scope firewall requests and WAF changes; perform WAF tuning as necessary. Monitor, report, and aid in the resolution of all security-related problems and discrepancies by monitoring assigned systems, maintaining documentation and provide management and any other appropriate areas with reporting as requested. Manage WAF, intrusion detection systems and in coordination with vendor SOC, ensure sufficient coverage to monitor PCI, PII, and all other assets storing, processing, transmitting company confidential/sensitive data. Ensure alerts from current and future systems are properly designed and monitored. Manage internal/external vulnerability management program and as appropriate expand scope of vulnerability scans, application/network penetration tests to cover enterprise and all systems/environments storing, processing, transmitting company confidential/sensitive data. Monitor intelligence sources for newly identified vulnerabilities, evaluate the risk such vulnerabilities pose to the organization's information and systems, and advise management of appropriate measures to eliminate or reduce the organization's risk or exposure to such vulnerabilities. Performs both internal/external vulnerability scanning and penetration testing. Analyzes information from those scans, as well as penetration tests, to mitigate and help IT stakeholders address system vulnerabilities. Provide technical support/oversight for code reviews or App scan reviews as part of Application Security management program. Provide technical support/oversight for security exception request process. Provide technical support for incident management and forensics. Monitor appropriate industry sources to maintain awareness of new security tools and techniques and research those tools and techniques that have the potential to improve the organization's ability to protect its information and infrastructure. Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines using generally-recognized security concepts tailored to meet the requirements of the organization. Provide expertise to support timely resolution of findings from information technology assessments, penetration tests, and/or audits of organizational automated systems and processes; as appropriate, develop and communicate recommendations for improvement to management. Provide reporting metrics/create and maintain dashboards for department functions. Proficient in the use of Word, Excel. Assist manager/director in planning, time budgeting and scheduling work for completion. Participate in opportunities that enhance personal and professional growth and the accomplishment of career objectives through continuing education, seminars and participation in field-related professional organizations. Accountable for execution of assigned tasks from start to finish, while fully leveraging the disciplines expected of a cybersecurity engineer according to department standards, procedures and processes. Stay current with emerging issues affecting the Cybersecurity profession. Qualifications (Include Education and Specific Experience) Strong understanding of data network configuration and infrastructure concepts, including TCP/IP, DNS, routers, firewalls, web servers and security hierarchy including the application of encryption key infrastructures and authentication processes. Knowledge of cloud security concepts (Azure/AWS). Strong experience with IT security standards and best practice frameworks. (like ISO 27001/27002, NIST/NIST CSF, ITIL, PCI, SOX) In depth experience working with internet and web application security frameworks like SANS, OWASP. Detailed technical knowledge of hardening concepts and audit for Unix, Linux, Windows servers and desktop systems, AWS EC2 instances. Excellent understanding of common application, network, and operating system vulnerabilities, current threat vectors and mitigations. Strong working knowledge of networking, routing, protocols, ports and services. Working knowledge of System Information Event Monitoring (SIEM), Intrusion Detection and Prevention System (IDS/IPS), web application firewalls, vulnerability scanning tools, encryption capabilities, Network Access Controls (NAC), Data Loss Prevention (DLP), NMAP, Vulnerability scanners, Wireshark, and other security related tools Experience working with leading security WAF like Akamai, Cloudflare. Experience working with logging and file integrity monitoring tools like LogRhythm, NXLog, Splunk. Demonstrated experience in conducting security assessments. Demonstrated experience in investigating security issues related to Internet, server, desktop, laptop, tablet, and other mobile device security issues; OS patching, hardening and anti-virus. Ability to work with subject matter experts and 3rd party MSSP to coordinate activities to complete security related projects or tasks in a timely manner. Proficient with programming logic concepts, scripting experience (like Python, JavaScript, PowerShell) Strong communication and teamwork skills to collaborate with cross-functional teams and convey complex security concepts to non-technical stakeholders. Security certifications like CEH or CISSP are desired. • Bachelor’s degree in Computer Science, Information Security Management, Engineering or equivalent is required. • 3-5 years of experience in network and application security in a multiple operating system environment. Job Type: Full-time Pay: ₹7,000.00 - ₹20,000.00 per month Schedule: Monday to Friday Night shift US shift Work Location: In person

Our Company Techvantage.ai is a next-generation technology and product engineering company at the forefront of innovation in Generative AI, Agentic AI , and autonomous intelligent systems . We build intelligent, secure, and scalable digital platforms that power the future of AI across industries. Role Overview We are looking for a Senior Security Specialist with 8+ years of experience in cybersecurity, cloud security, and application security. You will be responsible for identifying, mitigating, and preventing threats across our technology landscape — particularly in AI-powered, data-driven environments. This role involves leading penetration testing efforts , managing vulnerability assessments , and implementing best-in-class security tools and practices to protect our platforms and clients. What we are looking from an ideal candidate? Design and implement robust security architectures for cloud-native and on-prem environments. Conduct penetration testing (internal/external, network, application, API) and deliver clear remediation strategies. Perform regular vulnerability assessments using industry-standard tools and frameworks. Lead threat modeling and risk assessments across systems, services, and data pipelines. Collaborate with development and DevOps teams to integrate security in SDLC and CI/CD pipelines (DevSecOps). Define and enforce security policies, incident response procedures, and access controls. Monitor for security breaches and investigate security events using SIEM and forensic tools. Ensure compliance with global standards such as ISO 27001, SOC 2, GDPR, and HIPAA. Provide guidance on secure implementation of AI/ML components and data protection strategies. Preferred Skills What skills do you need? Requirements 8+ years of experience in information security, application security, or cybersecurity engineering. Proficient in penetration testing methodologies and use of tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nessus, OWASP ZAP, Qualys, etc. Deep experience in vulnerability management, patching, and security hardening practices. Strong understanding of OWASP Top 10, CWE/SANS Top 25, API security, and secure coding principles. Hands-on experience with cloud security (AWS, Azure, or GCP), IAM, firewalls, WAFs, encryption, and endpoint security. Familiarity with SIEM, EDR, IDS/IPS, and DLP solutions. Knowledge of DevSecOps and tools like Terraform, Kubernetes, Docker, etc. Excellent problem-solving, analytical, and incident-handling capabilities. Preferred Qualifications Certifications such as CISSP, CISM, CEH, OSCP, or AWS Security Specialty. Experience working on security aspects of AI/ML platforms, data pipelines, or model inferencing. Familiarity with governance and compliance frameworks (e.g., PCI-DSS, HIPAA). Experience in secure agile product environments and threat modeling techniques. What We Offer A mission-critical role securing next-gen AI systems Opportunity to work with an innovative and fast-paced tech company High visibility and leadership opportunities in a growing security function Compensation is not a constraint for the right candidate Show more Show less

JOB PURPOSE: The Head of mXDR Operations is responsible for leading and managing the operational aspects of cybersecurity at the airport, including oversight of the Managed Security Services Provider (MSSP) delivering SOC operations, Threat Hunting, Detection & Prevention, and Incident Response. The role also encompasses direct accountability for Information Security Operations covering both IT and OT (Operational Technology) domains, ensuring a unified and effective defense posture against cyber threats in a critical infrastructure environment. PRINCIPAL ACCOUNTABILITIES: SOC & mXDR Oversight Lead daily operations and governance of MSSP-managed Security Operations Center (SOC) and mXDR services. Review and validate alerts, use cases, playbooks, and tuning recommendations submitted by MSSP. Define and track service level agreements (SLAs), mean time to detect/respond (MTTD/MTTR), and other performance KPIs. Ensure continuous coverage across IT, cloud, and OT assets within the SOC’s visibility and telemetry scope. Collaborate with MSSP to plan capability upgrades (e.g., EDR, NDR, cloud telemetry integration). Optimize the performance of managed XDR solutions to proactively identify and mitigate risks. Monitor and evaluate partner performance, addressing any issues related to quality, cost, or delivery. Threat Hunting & Detection Engineering Guide the proactive hunting of threats across endpoints, networks, OT environments, and cloud workloads. Review hunting hypotheses and analytics built on threat intelligence, behavior analytics, and anomaly detection. Oversee development and refinement of detection rules, correlation logic, and behavioral models. Drive periodic reviews of MITRE ATT&CK coverage and detection effectiveness. Support threat simulation and emulation exercises (e.g., purple teaming) to enhance detection posture. Incident Response & Management Ensure a well-defined incident response plan is in place and regularly tested through simulations. Continuously improve detection and response capabilities based on threat intelligence and industry trends. Conduct post-incident reviews to identify lessons learned and improve processes. Act as the lead coordinator for high-severity and regulatory-reportable cyber incidents. Ensure MSSP follows incident response procedures and escalates as per predefined thresholds. Maintain and test incident response playbooks, RACI charts, and communication protocols. Coordinate evidence collection, forensic analysis, and root cause investigations. Oversee the implementation and verification of post-incident recovery and lessons learned. OT Cybersecurity Operations Work with the ICS Security SME to oversee deployment and operations of OT-specific security controls (e.g., ICS firewalls, passive monitoring). Support ICS Security SME in working with OT vendors and facilities teams to ensure security of SCADA, BMS, and other critical systems. Track vulnerabilities in OT assets and coordinate with ICS Security SME and stakeholders for safe remediation. Monitor lateral movement risks between IT and OT environments and enforce network segmentation. Ensure OT environments are covered in threat detection, logging, and alerting workflows. Information Security Operations Manage day-to-day internal security operations including DLP, endpoint protection, and access monitoring. Review all Change Requests and provide insight & recommendations ensuring CRs/amendments are fit for purpose, negotiated and executed by working with all stakeholders. Ensure critical patches, vulnerabilities, and security misconfigurations are tracked and remediated. Maintain visibility of high-value assets and enforce control compliance (e.g., logging, backup, access). Investigate user behavior anomalies and enforce insider threat detection measures. Coordinate identity and access management reviews for privileged and third-party access. Governance, Reporting & Compliance Generate monthly and quarterly dashboards covering alerts, incidents, SLAs, and threat trends. Report on MSSP adherence to contract deliverables, including risk exposure and gap analysis. Manage escalations as per contracted frameworks. Ensure unresolved escalations are tabled in governance forums and taken up for resolution. Drive the resolution of such escalations by working with all concerned stakeholders Coordinate with compliance teams for audits and regulatory inspections related to cybersecurity. Contribute to cyber risk assessments for critical airport systems and digital services. Ensure alignment with international frameworks (e.g., NIST CSF, ISO 27001, NIS2) and aviation-specific mandates. Strategic Leadership Provide strategic direction and leadership to the MSSP, fostering a culture of excellence and continuous improvement. Drive innovation in information security solutions and practices, ensuring the organization remains competitive and forward-looking. Act as a key advisor on Information Security matters, contributing to strategic decision-making. DIMENSIONS: Financial Optimize operational expenses while delivering high-value outcomes through effective vendor negotiations. Support financial risk mitigation by safeguarding against data breaches, penalties, and other cyber-related losses. Non-Financial Manage the MSSP (both remote and no-premises resources) with day-to-day tasks, review, and guidance on in-scope activities. Assess the skills, capabilities & expectations of the MSSP from time to time and work with MSSP management for right sourcing in BIAL account. Provide inputs on team capacity planning & hiring plans if any Lead and mentor MSSP team, fostering a high-performing team culture. Enhance the organization's ability to respond to and recover from cyber incidents effectively. Competency - Proficiency Level - Description: Cybersecurity Operations - Expert - Deep knowledge in SOC, SIEM, XDR, endpoint, network, and cloud security Threat Detection & Threat Hunting - Advanced - Experience in proactively identifying advanced threats and anomalies Incident Response & Forensics - Advanced - Skilled in leading structured incident response and root cause analysis OT Security - Intermediate - Understanding of OT systems and securing industrial environments Vendor & MSSP Management - Advanced - Strong experience in managing MSSP contracts and delivery governance Information Security Frameworks - Advanced - ISO 27001, NIST, MITRE ATT&CK, CIS Controls Communication & Reporting - Advanced - Capable of translating technical issues into business impact for leadership Risk Management & Compliance - Intermediate - Knowledge of regulatory and critical infrastructure compliance requirements Team Leadership & Collaboration - Advanced - Experience in leading internal security teams and cross-functional teams JOB SPECIFICATION: Knowledge and work skills: Comprehensive understanding of cybersecurity frameworks, technologies, and methodologies (e.g., NIST CSF, ISO 27001, MITRE ATT&CK, ITIL v3, PMP, TOGAF, ISO 20k & 27k and COBIT). Expertise in managed XDR operations, incident response, threat intelligence, and identity management. Familiarity with security architecture principles, ICS/OT security frameworks, and industrial protocols. Adequate knowledge of regulatory standards applicable to the industry. Proficient in process improvement and development practices Strong knowledge of SLA & service management, and operations management. Knowledge with InfoSec tools like: AV/EDR, Data Leakage Prevention, Metasploit, TripWire, Rapid7, Tenable, Snort, Nessus, Burp Suite, Appscan, Nmap, Wireshark, Firewalls, SIEM, SOAR, , SSE, CASB, PIM/PAM, WAF, O365 suite (Intune, Conditional access, Data classification and protection). Skills Minimum 10–12 years of experience in cybersecurity operations, with at least 5 years in a leadership or MSSP governance role. Experience in driving initiatives centered on continuous improvement, innovation, execution excellence, customer centricity and automation Analytical and problem-solving skills for assessing threats, vulnerabilities, and risks in complex environments. Exceptional communication and stakeholder management skills to influence decision-making and secure buy-in. Proven ability to lead cross-functional teams. Ability to build and maintain relationships with internal teams, partners, and external vendors. Qualifications Bachelor’s degree in computer science, Information Security, or a related field (Master’s degree preferred). Certifications such as CISSP, CISM, CISA, CEH, or equivalent are highly desirable. **Please note that this position requires 5 days work from Office. Show more Show less

Dear Candidate, TCS has been a great pioneer in feeding the fire of Young Techies like you. We are a global leader in the technology arena and there's nothing that can stop us from growing together. Role**: Application Penetration Tester Experience Range: 4+ years Joining Location: Bangalore/ Bhubaneshwar Desired Skill Set Any: Application Penetration testing Knowledge OWASP Vulnerabilities Experience with Secure Source Code Review using tools like Snyk, Checkmarx Experience with DAST tools like BrightSec Preferably having Development background and understanding of Multiple Coding language for Vulns eg .Net , Java, Python etc Good communication skills We are seeking skilled penetration tester to assess our systems, application and network through structured and unstructured testing. The candidate should have strong experience using tools such as Burp Suite, kali Linux, Metasploit and other offensive security frameworks to identify vulnerabilities and propose actionable mitigations Key Responsibilities Conduct penetration test on web , applications, API , internal and external networks. Perform vulnerability assessments and exploit the weakness using manual techniques and automated tools (e.g. Burp Suite , Kali Linux etc) Create comprehensive reports outlining findings , potential impact and remediation guidance Collaborate with development and infrastructure to prepare the plan for conducting the test and also mitigate the finding identified during the exercise. Required skills & Experience Proven experience in penetration testing and ethical hacking (5+ experience preferred) Strong knowledge and hands-on experience with Burp Suite, Kali Linux, NMAP, Metasploit etc. Proficiency in scripting languages for automating tasks and exploits Deep understanding of OWASP top 10 , MITRE ATT&CK framework and CVSS scoring Familiarity with various operating systems Ability to document technical findings in a clear, concise manner Regards, Priscilla Nancy HR TAG - Cyber Security Tata Consultancy Services Show more Show less

Vulnerability Assessment, Vulnerability Mitigation, Manual Penetration Testing using OWASP checklists, Penetration Testing, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Cyber Security Perform comprehensive penetration testing and vulnerability assessments on enterprise networks, firewalls, routers, switches other infrastructure components Identify and exploit vulnerabilities to assess the security posture of network components Provide detailed reports with risk ratings, remediation steps, and security recommendations Work with IT DevOps teams to ensure timely resolution of vulnerabilities Utilize industry-standard tools such as Nessus, Nmap, Metasploit, Burp Suite, Wireshark, Open VAS Implement and manage vulnerability scanning solutions across the organization Collaborate with IT, DevOps security teams to ensure patches and mitigations are applied effectively Conduct security assessments for cloud environments (AWS, Azure, GCP) including configuration audits Identify misconfigurations, privilege escalations security risks in cloud infrastructure Implement continuous monitoring logging solutions for cloud security visibility

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Data Security Assessment Consulting Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies Prepare detailed reports on findings from simulations and suggest improvements Facilitate training sessions for internal teams on security awareness and breach response tactics

Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, Static/dynamic testing of mobile applications, Static Code analysis Artifacts/Grey box Infra Activity (VA/CA) Windows Server - Performing Scanning and preparing reports - application Security Testing/ Infra VACA

Static Code analysis Static/dynamic testing of mobile applications Vulnerability Assessment Penetration Testing. SAST Penetration testing Vulnerability Assessment

Role: Senior Security Specialist Location : Bangalore Working Model : Hybrid Final Round Interview : F2F Summary of essential job functions The overall responsibility of the team is to provide assurance to the management on the Information Security, Compliance and Risk Management of the organization globally. The candidate would be expected to lead security assessments of Products and Infrastructure globally. Education, Certification and Experience: Qualification Required: Bachelor/Master’s degree in Computer/ Information science, Software Engineering, Cybersecurity, or a related field Certification preferred: OSCP, OSWE, OSEP, ECSA|LPT, CPT, CEH Minimum experience: 08-10 years in Vulnerability Assessment and Penetration Testing- Thin & Thick Client, API , Infrastructure, Cloud, Mobile Competency Requirements: Performs a combination of duties in accordance with departmental guidelines: Hands-on experience in Vulnerability Assessment (VA) and Penetration Testing (PT) for Web, APIs, AI/ML models, Mobile , Network, and Infrastructure. Strong command of OWASP Top 10 with practical knowledge of attack vectors and mitigation strategies. Familiarity with industry standards and frameworks such as OSSTMM, OQASP, CESG, CREST, NIST, ISSAF, and PTES. Expertise in Secure Development Lifecycle (SDLC), including Threat Modeling, Secure Coding Practices, and Security Assessments. Proficient in both Static and Dynamic Application Security Testing (SAST, DAST, IAST), and Software Composition Analysis (SCA). Experience conducting secure code reviews and identifying logic flaws in code bases written in Java, .NET, C/C++, Python, etc. Knowledge of cryptographic protocols, secure communication, data security and key management. Hands-on with commercial and open-source tools: Burp Suite, OWASP ZAP, Acunetix, AppSpider,SQLMap, Nmap, Metasploit, Nessus, OpenVAS, Fortify, Checkmarx, Veracode, SonarQube, NexusIQ and Snyk. Proficient in assessing mobile applications (thick/hybrid clients) using tools like Dex2jar, ADB, Frida. Exposure to AuthN/AuthZ protocols such as OAuth, SAML, OIDC; ability to read, write, and interpret application logic. Familiarity with vulnerability standards: CVSS, CVE, CWE, CAPEC; and patch management lifecycle. Experience automating tasks via shell scripting and Python/Ruby/Php etc. Proficiency in secure code development and reviewing DAST/SAST reports across languages. Understanding security aspects in AWS, Azure, and GCP including IAM, VPC/VNet, S3/Blob storage, API gateway, Load Balancers, WAF, Containers (Docker), and Kubernetes. Experience in infrastructure/network penetration testing and exploitation techniques on Windows/Linux environments. Experience in mentoring, leading teams, and managing security assessments under tight deadlines. Manage third-party security assessments, including vendor risk evaluations, engagement oversight, and ensuring compliance with organizational security standards. Proven ability to provide technical oversight and drive engagement quality across security projects. Exposure to agile/scrum development methodologies and ability to work with cross-functional teams. Familiarity with security standards like PCI DSS, SOC, ISO 27001. Participation in bug bounty program and CTFs is a strong plus. Proactive learning approach, staying updated with evolving cybersecurity trends and technologies. Job Responsibilities: Plan, conduct, and close end-to-end Vulnerability Assessments and Penetration Tests for Web Applications, APIs, Mobile Apps, Thick Clients, Infrastructure, and Cloud environments. Perform both manual and automated security assessments to identify, validate, and prioritize vulnerabilities. Review application code in various programming languages and provide actionable remediation recommendations. Reproduce reported vulnerabilities with proof-of-concept (PoC) and assess associated risks. Evaluate new security tools and products for adoption and integration. Guide development teams on Secure Coding standards and OWASP-aligned practices. Lead and contribute to secure SDLC processes, threat modeling workshops, and risk reviews. Manage and triage security bugs from Bug Bounty programs, working closely with engineering teams to ensure timely resolution. Maintain and improve the security posture of applications across business units, aligning with best practices. Act as a security advisor on project teams, influencing architecture and design decisions. Drive security awareness initiatives and conduct training sessions for developers and QA teams. Update and maintain InfoSec policies and procedures in line with emerging threats, technologies, and compliance requirements; provide support to both internal and external auditors during security assessments and audits. Other Requirements: Strong ethics and understanding of ethics in business and information security. Proficiency in English (both written and oral communication skills). Ability to complete tasks and deliver professionally written reports for clients. Ability to present findings to technical staff and executives. Ability to interact with 247 internal stakeholders to review their requirements. Should be able to think “out of the box” and implement new attack vectors. Self-motivated, curious, knowledgeable pertaining to news and current events Show more Show less

Job Title: Penetration Tester Location: Remote Experience Required: 5 Years Employment Type: Full-Time Job Summary: We are seeking a highly skilled and experienced Senior Penetration Tester with 5 years of hands-on experience in offensive security. The ideal candidate will be responsible for conducting advanced security assessments, simulating real-world cyberattacks, and providing actionable recommendations to enhance the organization’s security posture. This role demands deep technical expertise, strong analytical skills, and the ability to communicate effectively with both technical and non-technical stakeholders. Key Responsibilities: Plan, execute, and document black-box, grey-box, and white-box penetration tests across various environments (web apps, networks, APIs, mobile, cloud, etc.) Conduct Red Team/Blue Team exercises and collaborate with threat hunters and SOC teams. Identify, exploit, and report vulnerabilities in systems, applications, and infrastructure. Develop and maintain custom exploitation tools, scripts, and payloads . Perform social engineering engagements , including phishing simulations and physical assessments (where applicable). Provide detailed, risk-based reporting , including technical findings, proof-of-concept exploits, and remediation guidance. Stay current with emerging threats, vulnerabilities, and tools in the cybersecurity domain. Mentor junior team members and contribute to the development of internal testing methodologies and frameworks. Participate in threat modeling, architecture reviews, and security design discussions . Required Skills and Qualifications: 5 years of professional experience in penetration testing, red teaming, or offensive security . Proficiency in tools such as Burp Suite, Metasploit, Nmap, Wireshark, Cobalt Strike, Nessus, etc. Deep understanding of OWASP Top 10 , MITRE ATT&CK , and NIST security frameworks . Strong knowledge of network protocols, web application architectures, cloud environments (AWS/Azure/GCP), and secure coding practices. Experience with manual testing techniques and not just automated scanners. Strong scripting and automation skills in Python, PowerShell, Bash, or Go . Experience with Active Directory exploitation , privilege escalation, and lateral movement techniques. Demonstrated ability to write clear, concise, and detailed technical reports. Strong verbal and written communication skills. Preferred Certifications (any of the following): Offensive Security Certified Professional (OSCP) Offensive Security Certified Expert (OSCE) Certified Red Team Professional (CRTP) GIAC Penetration Tester (GPEN) Certified Ethical Hacker (CEH) CREST Registered Tester or equivalent Show more Show less

Hiring Manager: Abhishar Balodhi Recruiter: Archana SM Location: Gurugram Carrer Level: E Why BT We’ve always been an organisation with a purpose; to use the power of communication to make a better world. You can trace this back to our beginning as pioneers of the world’s firs telecommunications company. At our heart we’re a technology company with research and innovation in our bones and a desire to be personal, simple, and brilliant for our customers - those are the values we live by whilst also creating an inclusive working environment where people from all backgrounds can succeed.Our pursuit of progress over the past 180 years has established BT as a strong, successful brand, with huge scale capable of achieving great things. From supporting emergency services, hospitals, banks and keeping economies around the world online, safe and secure, to delivering large scale technology infrastructure like the creation of BT Sport. Today in this fast-changing, always on, digital world our purpose remains true. Yet the market conditions, regulations and competition we face are tougher than ever before. So, if you have the drive, optimism and resilience to help propel us forward we’ll offer unrivalled personal development, a wealth of opportunities to learn, experience new things and pursue new careers. If that’s you and what you’re looking for, we’d love you to be part of our future. Why this job matters As an experienced Information Security Services provider, we will help lead a highly motivated team laser-focused on analysing, designing, developing and delivering solutions built to stop adversaries and strengthen your operations Our Competent individuals and Skilled leadership will provide you incident response, risk reviews and vulnerability assessments, identifying threats, all of which ladder up to driving secure solutions. What I’ll Be Doing – Your Accountabilities Accountable for delivering vulnerability assessments and penetration tests. Responsible for increasing individual technical skill whilst also delivering BAU. Accountable for increasing capability of the penetration testing team through web application, network & mobile skill acquisition. Accountable for support leadership in setting strategy for the team moving forward. Responsible for contributing to the positive research and technical capability of BT security. To support and maintain the BT Business Support – Protect BT ISO27001 certificate for Offensive Security team The Skills You Need Pentest Skills – Web application pen test (OWASP, NIST framework), Network pen test (Linux, windows), API & Mobile pen test. Networking Skills – TCP/IP packet level understanding, Routing, Switching, firewall understanding. Linux Skills – Linux directory structure & basic command line knowledge from pentest/vulnerability assessment standpoint. Vulnerability management- This requires understanding of vulnerability assessment framework (CVE/CVSS) and Security assessment tools (such as Nmap, Metasploit, Burp Suite, SQL map, Nessus) Regulatory Understanding- PCI DSS guidelines, GDPR. Leadership Accountabilities Accountabilities of the job: Solution focused achiever: We need this person to focus on delivering exceptional penetration testing services Customer champion: we are transforming how we communicate with our customers and need responsible person with a customer-focused attitude. Change agent: We need a tester who sees our processes and immediately thinks of better ways to do what we are doing and then leads that change. Experience You Would Be Expected To Have Mandatory 2-4 Years experience in the field on pen testing. Mandatory Bachelor’s degree or higher preferred. CEH, OSCP, CREST, LPT certifications are highly preferred. Ability to understand packet level TCP/IP knowledge. Good scripting knowledge (e.g. Python) will be highly preferred. Capable of working successfully with end customers PREFERRED. BT is part of BT Group, along with EE, Openreach, and Plusnet. Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding. We value diversity and celebrate difference. ‘We embed diversity and inclusion into everything that we do. It’s fundamental to our purpose: we connect for good.’ We all stick to the same values: Personal, Simple, and Brilliant. From day one, you’ll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won’t be alone: we’ll be there with help and support, learning and development. This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it. Show more Show less

We are seeking an OT Network Engineer to contribute to the development of an industrial automation and security platform with advanced OT network discovery, device fingerprinting, real-time tracking, and security compliance features . The ideal candidate will have expertise in network scanning, industrial protocols (SNMP, LLDP, ARP), Zero Trust security, IEC 62443 compliance, and PLC inventory management . This role requires hands-on experience in building scalable, secure, and AI-driven OT networking solutions integrated into the platform. Key Responsibilities: OT Network Discovery & Device Fingerprinting Develop and integrate automated network scanning for industrial assets into the platform. Implement passive & active network scanning using SNMP, LLDP, ARP, and industrial protocols. Design and optimize device fingerprinting to classify OT devices (PLCs, SCADA nodes, IIoT gateways, sensors) based on manufacturer, model, firmware, and protocol stack. Enable real-time endpoint tracking and automated asset registration within the platform. 2. Industrial Network Security & Compliance (IEC 62443, Zero Trust) Implement IEC 62443-based security frameworks within the platform to ensure OT network compliance. Integrate Zero Trust security models for industrial endpoints and control networks. Work on network segmentation strategies for isolating critical industrial systems within the platform. Design and develop anomaly detection features for unauthorized device behaviors using AI-based security analytics. 3. SCADA-Integrated Asset Management & Monitoring Contribute to the development of a SCADA-integrated asset inventory system for industrial environments. Develop a real-time monitoring engine for tracking PLC instances, network ports, and communication health. Optimize SCADA-to-OT data flows for improved visibility and control. Design SCADA security monitoring dashboards for operational visibility and threat detection. 4. OT Network Simulation & Testing Framework Develop a virtualized OT network environment for testing protocol translations and device communications. Simulate SCADA-to-PLC interactions within a cloud-based or hybrid testing framework. Create automated test cases for evaluating platform performance in large-scale OT environments. 5. AI-Driven Security & Network Optimization Contribute to AI-powered security heuristics for intrusion detection, anomaly recognition, and behavioral analysis. – Strongly Preferred Design real-time correlation engines to map network security events to operational risk indicators. Work with data scientists to integrate machine learning models for predictive network failure analysis. Required Skills & Qualifications: Networking & Industrial Protocols: Expertise in SNMP, LLDP, ARP-based discovery and industrial networking standards. Deep understanding of SCADA, PLC, DCS, and IIoT network architectures. Strong knowledge of Modbus TCP/IP, OPC-UA, EtherNet/IP, PROFINET. Security & Compliance: In-depth knowledge of IEC 62443, Zero Trust Architecture (ZTA), and industrial cybersecurity. Experience in firewall configurations, network segmentation, and encrypted communications (TLS 1.3, AES-256). Understanding of SIEM integration and OT security monitoring tools (Claroty, Nozomi, Dragos, CyberX). Platform Development & Integration: Experience in building scalable network discovery and security platforms for industrial automation. Familiarity with cloud-based OT security solutions (Azure Defender for IoT, AWS IoT Device Defender). Ability to work with RESTful APIs, MQTT, Kafka, and real-time event processing frameworks. Tools & Technologies: Network Security & Monitoring: Wireshark, Nmap, Zeek, Snort, Suricata. OT Security Platforms: Claroty, Nozomi Networks, Dragos, CyberX. Cloud & Edge Security: Azure IoT Hub, AWS IoT Core, Google Cloud IoT. PLC & SCADA Systems: Siemens, Rockwell, ABB, Schneider Electric, GE. Cloud & Edge Security: Azure Defender for IoT, AWS IoT Device Defender. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Cyber Security (OT Security) – Technology Consulting – Senior GDS Advisory's Risk group is a unique, industry-focused business unit that provides a broad range of integrated services that leverage deep industry experience with strong functional capability and product knowledge. Risk practice team provides integrated advisory services to leading Fortune 500 Companies. The team provides Risk Assurance, Risk Transformation, Internal Audit, Cybersecurity, Financial Services Risk Management and Actuarial services that take an enterprise-wide view, so that risk mitigation and risk management strategies and processes are embedded in every part of the organization. Our services mitigate risk, reduce the cost of control and help create value. The opportunity The GDS Architecture Engineering and Emerging Technology (AEET) services help our clients tackle the many security challenges they face on a daily basis and develop effective solutions using people, processes and technology, while enabling better security and risk decisions, and reducing costs related to manging security risks. The AEET team is looking for individuals who will play a direct role in delivery of Operational Technology (OT) security engagements, development of proposals in this area, and develop OT security solutions. You will play a key role in supporting our clients to secure their IT/OT environments, either through advisory and/or implementation support. Your key responsibilities To qualify, candidates must have: Understanding of security-related operational processes in the OT-ICS environments Understanding of OT SOC/ OT Identity Access Management/ OT Pen testing/ Zero Trust on OT Understanding of technologies (typical assets, communication protocols, technical architectures) utilized by OT-ICS systems and networks Knowledge of cyber / information security concepts, risk and controls concepts Understanding of aspects of functional safety (SIS) Knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts Knowledge of the technical security solutions utilized within OT-ICS systems and networks Knowledge of OS (Windows / Linux) security, Database security Knowledge of IT infrastructure Knowledge of cyber threats and vulnerabilities related to platform and infrastructure is a plus Prior experience working alongside delivery leads and architects to Identify and manage risks is a plus Skills And Attributes For Success Completed technical higher education in the field of industrial automation, computer science, electronics or other relevant fields Certificates or education related to industrial automation / engineering etc. Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP Knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, etc. is a plus Knowledge on tools like Nessus, BackTrack, NMAP, BurpSuite, etc. is a definite plus Knowledge on OT network monitoring solution such as Nozomi, Claroty, Armis, DarkTrace, Azure Defender. To qualify for the role, you must have 5+ years of experience in the Cyber Security and OT Security Domain Minimum B. Tech. or equivalent educational qualification ISA/IEC 62443 Fundamental* SCADA Fundamentals CompTIA Network+ CompTIA Security+ What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills And Attributes For Success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less