510 Nmap Jobs - Page 4

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you’ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS. Our most valuable asset is our people . At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems—the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Offensive Security Analyst We are looking for a professional to join us as an Offensive Security Analyst in our Pune, India office. This professional will be responsible for conducting penetration tests and security assessments across cloud and on-premises environments. This role requires good technical expertise, out-of-box thinking, and effective communication skills to proactively identify, communicate and address security risks. What you’ll do: Typical daily work will consist of planning and performing penetration tests on cloud-based and on-premises infra & applications to identify security weaknesses and loopholes Support the penetration testing lifecycle—from information gathering and vulnerability scanning to manual exploitation and documentation Collaborate closely with the vulnerability management team to validate exploitable vulnerabilities and help prioritize remediation Collaborate with infra owners, developers, business teams to understand applications and infrastructure and provide practical, remediation-focused security advice Help create clear, actionable penetration testing reports including proof-of-concept, risk ratings, and remediation guidance Developing and testing custom exploits to demonstrate vulnerabilities and assess the potential impact on systems Conduct comprehensive cloud penetration tests targeting AWS, Azure, GCP to identify and exploit misconfigurations, insecure interfaces, and vulnerabilities in cloud services and applications Regularly review and enhance penetration testing methodologies and practices to adapt to evolving threats and technologies Participate in internal security knowledge-sharing sessions and team meetings to learn from senior testers and share discoveries What you’ll bring: Strong foundational understanding of information security principles Familiarity with tools such as: Nmap, Burp Suite, OWASP ZAP, Nikto (Web/App Testing) Nessus, OpenVAS, Kali Linux (Infrastructure Scanning), and Metasploit (for controlled exploit validation) Basic Knowledge of: OWASP Top 10 web application vulnerabilities Common infrastructure weaknesses (e.g., SMB, RDP, DNS, FTP, SMTP issues) Authentication and access control issues A deep interest in Cyber Security and a drive to learn about penetration testing skills through hands-on practice, research, and community engagement Comfort working in command-line environments (Linux shells, Windows CMD/PowerShell) for reconnaissance and exploitation. Strong analytical and problem-solving mindset, with the ability to break down complex problems and think creatively Eagerness to learn from real-world engagements and senior team members, with a growth mindset and a proactive approach to developing technical depth and practical experience Familiarity with secure communication protocols (e.g., HTTPS, SSH, VPNs) and how insecure configurations can be exploited Good verbal and written communication skills to clearly explain technical concepts and document findings Passion for cybersecurity, demonstrated through CTF participation, cybersecurity clubs, academic projects, personal labs, or platforms like Hack the Box, TryHackMe, or OverTheWire Good to have skills and abilities: Completion of relevant cybersecurity coursework or certifications Basic scripting in Python, Bash, or PowerShell for automating tasks or building internal tools Understanding of web application architecture (client-server model, HTTP protocol, APIs) Awareness of vulnerability disclosure platforms (e.g., CVE database) and responsible reporting practices Basic Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System used for scoring vulnerabilities Academic Qualifications: Bachelor’s degree in computer science/management of computer information/Cybersecurity 0-2 years of Penetration Testing / Red-Teaming / Offensive Security Must have Security Certifications: OSCP / CREST / GPEN / HTB-CPTS Security Certifications: CRTP/CARTP, CRTE, CRTO (I & II), OSEP, OSED, GRTP Cloud Certifications: AWS CLP, AWS Security Specialty Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel: Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying? At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application: Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered. NO AGENCY CALLS, PLEASE. Find Out More At: www.zs.com

Our growth plans: We process close to 4% of the country's freight on our software platform. Our goal is to get to 20% of the country's freight by 2028. This gives us a bird’s eye view of the market. We’re already the largest road freight technology platform in the country and we plan to build on this base to drive growth in software, freight marketplace and supply chain financing to get to a 100M USD revenue by 2028. About the Role: Cyber Security Engineer plays a pivotal role in safeguarding Freight Tiger’s Application & Cloud infrastructure assets and information. Key responsibilities: Lead the efforts towards development and implementation of cyber security architecture for Freight Tiger’s application and cloud infrastructure. Conduct regular vulnerability assessments to identify and mitigate potential security risks in applications and perform penetration testing to simulate cyber-attacks and identify weaknesses in the cloud infrastructure. Work and coordinate with engineering teams to fix security vulnerabilities & bugs and integrate security measures into the development lifecycle to ensure security is considered in all stages of software and system development. Lead incident response plans to address security incidents and investigate security breaches and provide detailed reports on root causes and recommended actions. Conduct cybersecurity best practices and awareness training campaigns across the organization. Plan and implement solutions to monitor network traffic and end user computing devices for unusual activities and potential security threats. Participate in regular security audits to assess compliance with security standards. Preferred qualifications: Graduation or higher, preferably in CS or relevant stream. CEH or similar industry certification. 3 - 5 years of relevant experience conducting security and vulnerability assessment of Applications and cloud infrastructure. Product Expertise: Strong experience with leading security assessment tools like Burp Suite, Metasploit, Wireshark, Snort and Nmap etc. Hands-on exposure of working with AWS environment including the security services like IAM, Guard Duty, CloudTrail, WAF, Shield etc. Exposure of participation in the audit process, preferably for PCI-DSS, ISO 2701, SOC II etc. Strong attention to detail with an analytical mind and outstanding problem-solving skills. Great awareness of cybersecurity trends and hacking techniques.

About the role: We are seeking an experienced and innovative Director-IT Infra to lead our IT Infrastructure and IT Security teams. The ideal candidate will drive the management and strategic oversight of on premises datacenter assets, end user systems and on-cloud SaaS / PaaS / IaaS services with a focus on Microsoft and Open-Source technologies, while leading initiatives to transition workloads from current on-premises to hybrid cloud ecosystem. Leadership and Management:  Work closely with CTO to define a strategic direction for organization IT ecosystem and align them to business objectives; digital transformation initiatives and “Right-Fit” technology.  Formulate, strategize and implement IT and InfoSec policies aligning them to industry standards; best practices / guidelines and organization goals.  Managing vendor / service provider relationships and run periodic cost optimization through vendor / tool consolidation and timely AMC negotiations / renewals.  Develop and implement change management processes to ensure smooth transition and adoption of new technologies. Communicate changes to all stakeholders and provide necessary support during change.  Lead the IT Infra team and IT InfoSec teams. Foster an innovation driven, collaborative, ever learning and high-performance team environment. IT Infrastructure Management:  Lead initiatives to migrate on-premises workloads to Microsoft Azure and integrate Open Source tools like Docker and Kubernetes. Developing and executing strategies for the migration of data and applications to cloud-based infrastructure.  Manage on-premises servers using Microsoft Windows Server and Linux Ubuntu running on virtualization platforms like VMware ESXi and Linux KVM.  Ensure the reliability, availability. performance, security and high uptime of all IT assets, including hardware like Dell servers; HPE servers; SAN Data Storages; WAN / LAN Devices; EPABX systems etc.  Develop and implement maintenance schedules using tools like Microsoft System Center. Setting up, managing and monitoring organization's datacenter operations.  Oversee network architecture, connectivity uptime, and network performance using Cisco routers, switches, and other communication devices.  Setup IT Infrastructure Monitoring Tools to identify and resolve IT infrastructure problems before they can adversely affect critical business processes. Report to management team insight into the status of physical, virtual, and cloud systems and help ensure availability and performance. Security and Compliance:  Implement and manage security measures, including Next-Generation Firewalls; IDS / IPS; VPNs; Next-Generation Endpoint Security; DLP; IRM / EDRM; Web Proxy etc.  Conduct regular security assessments at server level and network level using tools like Nessus, Nmap etc. to assess security implementation and mitigate vulnerabilities.  Ensure compliance with security policies and procedures using SIEM solutions like Splunk and ensure zero data theft and data leakage.  Monitor and respond to security incidents with solutions like Microsoft Defender for Cloud and Open-Source tools such as Wazuh, OSSEC etc.  Ensure compliance with industry regulations and standards, maintaining certifications such as ISO 9001, ISO 27001, PCI DSS.  Implement disaster recovery and business continuity plans based on best practices and industry standards using solutions such as Commvault, Borg, Veeam etc. Innovation and Improvement:  Identify opportunities for technological improvements and innovation with a focus on Microsoft / Open-Source solutions and build blueprints to transition from older technology leading to reduce TCO and enhanced systems experience.  Promote the adoption of emerging technologies and open-source tools to enhance business / IT operations.  Setup key IT processes and capture data touchpoints to evaluate IT Teams performance and OKRs. Build a culture of continuous improvement and service excellence.  Provide leadership to drive Infrastructure and Network Security maturity improvements across the organization, in line with the changing Threat Landscape, Regulatory and Compliance requirements etc.  Rewire the current processes, practices and disciplines for IT Service Management using ITIL principles aligning IT services with the needs of the business Experience:  At least 10-12 years of relevant experience in IT infrastructure management and information security.  Must have proven experience leading and managing complex hybrid IT teams.  Must have proven experience in leading initiatives to transition workloads from current on-premises to hybrid cloud ecosystem.  Must have proven experience in implementing and managing IT Security, Business Continuity Plans, Disaster Recovery Frameworks and Security Audits.  Must have technical proficiency and hands-on experience with Microsoft technologies (e.g., Windows Server, Azure Services, Microsoft 365, SharePoint etc.) and Open-Source technologies (e.g., Ubuntu Linux, KVM, Docker, Kubernetes etc.).  Experience in managing datacenter operations, network systems and virtualization environments.  Experience with IT process optimization and implementing change management processes.  Any relevant industry certifications like CISSP, CISM, Azure Solutions Architect Expert, Red Hat Certified, Cisco Certified Network Professional etc. will be added advantage.  Experience working in large publication company, management consulting company or Tier 1 startups will be added advantage.

Job Title: Consultant – VAPT Location: Navi Mumbai, Mumbai Experience Required: 2+ years Industry: Consulting Domain: Banking and Financial Services Work Mode: Work from Office (WFO) Joining: Immediate joiners preferred Key Responsibilities: Conduct end-to-end Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, network, and cloud infrastructure. Perform security assessments as per OWASP Top 10, SANS 25, and relevant standards. Identify, exploit, and document vulnerabilities with detailed remediation recommendations. Prepare technical and executive-level reports and present findings to internal teams and clients. Coordinate with client IT/security teams for fixes and re-validation. Maintain documentation and ensure adherence to security governance frameworks. Support audit and compliance requirements (e.g., RBI, ISO 27001, etc.). Work with Banking and Financial Services clients in a consulting environment. Desired Skills & Qualifications: Bachelor’s degree in Computer Science, Information Security, or related field. Relevant certifications preferred: CEH, OSCP (or working toward it) . Strong knowledge of security tools (Burp Suite, Nessus, Nmap, Metasploit, etc.). Understanding of BFS sector security needs and regulatory landscape. Good communication skills and client handling experience. Exposure to security governance and policy frameworks is a plus.

About the Job: Are you passionate about Cyber Security and ready to kickstart your career in one of the most dynamic fields? Join us as Intern - Cyber Security! What You'll Do: Defensive Security: Proactively monitor and assess potential threats, ensuring that systems remains secure Offensive Security: Evaluate the security of networks and applications by simulating real-world attacks to identify vulnerabilities Scripting and Automation: Develop custom scripts & create programs to improve system security and automate Reporting and Documentation: Assist senior consultants in preparing assessment reports and policies Learning and Collaboration: Work alongside experienced security engineers, gaining hands-on experience Who You Are: Education: A final-year student pursuing a B.E./B.Tech/B.C.A with a focus in Electronics, CS, Cybersecurity, Information Science, or a related discipline Strong foundational knowledge of operating systems (Windows, Ubuntu) Proficient in at least one scripting language (e.g., Python, Shell, SQL, PowerShell, PHP) Understanding of computer networking concepts, TCP/IP, Firewalls and LAN Familiarity with both offensive and defensive cybersecurity tools - Nmap, Burp Suite, Wireshark. Active on platforms like TryHackMe, HackTheBox, or PentesterLab, with a valid ranking Preferred Qualities: Proactive Learner: Driven to keep up-to-date with the latest cybersecurity trends & tools Team Player: Willing to collaborate, and work closely with others to tackle security challenges Perks: Hybrid work (2-3 days a week on-site in Bengaluru) Paid Internship If you excel, there's a chance for a full-time offer after graduation!

A career in our Cybersecurity, Privacy and Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy and Forensics professionals at PwC, but at our clients and industry analysts across the globe. The Cyber Penetration Testing (CPT2) team focuses on delivering threat actor simulation services, device or application assessments, and penetration tests. You will help clients understand the tangible risks they face from a variety of threat actors and what they target to include different postures, scenarios, or targeted assets. Working as a member of CPT2 also provides the opportunity to directly help clients enhance or tune their preventative, and detective controls on a proactive basis. Our team focuses on assessment and recommendation services that blend deep technical manual tradecraft with targeted automation to simulate real threats to a client’s environments. As a part of this center of excellence, you will drive change at PwC’s clients by providing risk outside of the theoretical while contributing to the technical acumen of the practice and amplifying your own personal capabilities. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. As a Senior Associate, You'll Work As Part Of a Team Of Problem Solvers, Helping To Solve Complex Business Issues From Strategy To Execution. PwC Professional Skills And Responsibilities For This Management Level Include But Are Not Limited To: Use feedback and reflection to develop self awareness, personal strengths and address development areas. Delegate to others to provide stretch opportunities and coach to help deliver results. Develop new ideas and propose innovative solutions to problems. Use a broad range of tools and techniques to extract insights from from current trends in business area. Review your work and that of others for quality, accuracy and relevance. Share relevant thought leadership. Use straightforward communication, in a structured way, when influencing others. Able to read situations and modify behavior to build quality, diverse relationships. Uphold the firm's code of ethics and business conduct. As a Technical Writer, You Will Work As Part Of a Team, Helping To Producing High-quality Documentation For Threat Actor Simulation Services, Device And Application Assessments, And Penetration Test Results. PwC Professional Skills And Responsibilities For This Management Level Include But Are Not Limited To: Work closely with business team to gather information and understand documentation requirements; Create, edit, and maintain documentation for penetration testing reports, procedures, guidelines, and standards. Explain complex technical concepts clearly and concisely; Write clear, concise, and user-friendly content tailored to various audiences, including technical and non-technical stakeholders; Stay updated on the latest cybersecurity trends and technologies to ensure documentation reflects current practices and solutions; Analyze existing content to recommend and implement improvements; Ensure documentation meets industry standards, regulatory requirements, and organizational compliance needs; Identify opportunities to improve documentation processes and tools; Manage a variety of viewpoints to build consensus and create positive outcomes for all parties; Focus on building trusted relationships; and, Uphold the firm's code of ethics and business conduct. Basic Qualifications : Job Requirements and Preferences : Minimum Degree Required : bachelor’s degree Minimum Years Of Experience : 4-9 year(s) Preferred Qualifications : Preferred Fields of Study : Computer and Information Science, Information Security, Information Technology, Management Information Systems, Computer Applications, Computer Engineering Certification(s) Preferred : Certification in Technical Writing Preferred Knowledge/Skills : Demonstrates extensive abilities and/or a proven record of success in the following areas: Familiarity with technical concepts such as application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management; Familiarity with security testing tools, such as BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Responder, Nmap, or other tools included within the Kali Linux distribution; Knowledge of networking protocols, TCP/IP stack, systems architecture, and operating systems; Familiarity with well-known Cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, and NY-DFS; and, Demonstrates extensive abilities and/or a proven record of success in the following areas: Experience in writing about cybersecurity articles, reports, tools, protocols, and best practices; Experience in translating technical jargon into clear, concise, and accessible language for various audiences; Experience in developing and maintaining a library of technical documentation that meets organizational standards; Experience in collaborating with cybersecurity professionals to gather information and clarify technical details; Proven skills in analyzing and synthesizing information from multiple sources to produce comprehensive and accurate documentation; Ability to manage multiple documentation requirements effectively, ensuring timely delivery and adherence to deadlines; Ability to ensure accuracy and consistency in all documentation, minimizing errors and omissions to meet quality standards; Adapting writing styles and content formats to suit different platforms and audience needs; Ability to leverage graphic design and visualization tools to enhance documentation clarity and user engagement; Proactively seeking feedback. Guidance, clarification and making iterative improvements to documentation processes and outputs; and, Keeping leadership informed of progress and issues. Professional and Educational Background Bachelor's Degree Preferred.

Essential Services : Role & Location fungibility At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team . To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service . The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the Role At ICICI Bank, Information Security Group believes in providing services to its customers in the safest and most secure manner keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. Our support application team performs application vulnerability assessments and document vulnerabilities which were found and provides recommendations for remediation according to BFSI guidelines and industry best practices. As an Application Security Manager, you will provide guidance to the application team on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. You will work along with cross functional business teams to get closure of identified gaps and utilize escalation matrix effectively wherever necessary. You will conduct application security assessment results review and mitigation approval. You will keep abreast of new technologies to ensure that the organization remains at the forefront of security. Key Responsibilities: Support and Testing: Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets with security tools like BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc. Analysis: Perform in-depth analysis of VAPT results, Review assessment reports to provide risk mitigation & recommendations on that basis. Collaboration: Collaborate with the application team and provide them guidance on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. Qualifications & Skills Educational Qualification: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with relevant experience. Certifications: OSCP Compliance: Knowledge of cyber security trends & hacking techniques, MITRE ATT&CK framework with hacker mindset. Network Security: Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Key Technologies: Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance, Knowledge of Networking concepts & Good understanding of latest Network /security technologies such as Cloud security and recent trends. About the Business Group ICICI Bank’s Information Security Group believes in providing services to its customers in the safest and secured manner, keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. The CIA triad of Confidentiality, Integrity, and Availability is built on the vision of creating a comprehensive information security framework. The Bank also lays emphasis on customer elements like protection from phishing, adaptive authentication, awareness initiatives, and provide easy to use protection and risk configuration ability in the hands of customers. With this core responsibly, ICICI administer and promotes on going campaigns to create awareness among customers on security aspects while banking through digital channels.

As a Security Analyst at Dedalus, a prominent healthcare technology company, you will have the opportunity to contribute to the team in Chennai, India, and play a crucial role in enhancing healthcare services for a healthier planet. Your primary responsibility will involve Security Vulnerability Analysis and Penetration Testing, where you will assess, exploit, and report security vulnerabilities in software applications and infrastructure, providing recommendations for appropriate solutions. Working alongside a highly skilled team, your work will have a significant impact on the healthcare sector. Your duties will include: - Conducting Security Vulnerability Analysis, Threat Modelling, and Risk Assessment - Performing static code reviews using automated SAST tools and analyzing false positives - Executing dynamic testing (DAST) with tools like Burp-suite, Invicti, or Nessus - Conducting manual Penetration Testing and utilizing Ethical Hacking techniques to identify vulnerabilities - Compiling assessment and validation reports on identified vulnerabilities, risks, impact, recommended solutions, and Proof of Concepts (POCs) - Explaining threats and presenting assessment reports to the Developer and Architect community To excel in this role, you must meet the following essential requirements: - Minimum of four years of experience in security vulnerability analysis and Penetration Testing (VAPT) on cloud services, web products, or enterprise applications - Proficiency in using Appsec tools, including industry-standard tools like Burp-suite, Invicti, Fortify, and open-source tools such as Kali, Nmap, Wireshark, Metasploit, ZAP, and Echo Mirage - Technical knowledge of Software Development Life Cycle (SDLC) and implementation essentials for various application types (Desktop, Web, API, Mobile, and Cloud) - Ability to review Java or .NET code with a focus on security vulnerabilities and familiarity with OWASP, GDPR, and ISO Security standards - Certification in VAPT or Ethical Hacking in Mobile, Web, or Cloud security is mandatory - Exposure to DevAppSec automation and scripting is preferred - Knowledge of AI tools and securing Docker containers like Kubernetes is advantageous - Understanding of real-world threats and data protection regulations is desirable Join Dedalus and be part of a diverse and inclusive workplace where innovation and collaboration drive better healthcare outcomes for millions of patients worldwide. Dedalus is dedicated to fostering a work environment that encourages learning, innovation, and meaningful contributions to healthcare. If you are passionate about making a difference in the healthcare sector, join us on this journey to transform and improve healthcare options globally. Application Closing Date: 18th August 2025 Dedalus is committed to promoting diversity and inclusion in the workplace, ensuring respect, inclusion, and success for all employees and communities. Our dedication to diversity and inclusion is reflected in our work culture, emphasizing the importance of an inclusive and diverse workforce to drive innovation and create better healthcare solutions globally.,

Job Description At Honeywell, we make a lot of incredible things. But most importantly, we make the future and are looking for people to join our global team of future shapers. When you join Honeywell, you become a member of our performance culture comprised of diverse leaders, thinkers, innovators, dreamers and doers who are changing the future. Our people are committed to each other and to the realization of our vision through their unique job functions. Our businesses embrace the challenges of innovation so that we define the future. And our global opportunities are endless for you to grow and get recognized for your passion to perform. We are seeking a creative and forward-thinking cybersecurity engineer to develop and enhance cyber security solutions to address unique security challenges in critical infrastructure and industrial businesses. This position is responsible for providing on-site cyber security services associated with industrial Process Control Networks for Honeywell customers in the Oil and Gas; Hydrocarbon Processing; Power Generation; Pulp, Paper & Printing; Continuous Web Solutions; Petrochemicals; Life Sciences; and Metals, Minerals and Mining markets. Services provided include on-site consulting, troubleshooting, network designs, implementation, assessments, and other related tasks as identified. Responsibilities Key Responsibilities: Assume the lead role in assigned projects, ensuring delivery on time, within budget, and to customer satisfaction. Stay technically current with cybersecurity solutions and expand knowledge in designated network disciplines. Maintain relevant cybersecurity certifications such as CCNA, CISSP, GICSP, or similar. Keep abreast of current industry security standards (e.g., IEC-62443, ISO 27000). Build strong relationships with internal and external customers by providing accurate and efficient technical/engineering support. Diagnose problems and provide timely, accurate technical solutions in response to customer inquiries, questions, and issues. Network (VLANs, STP, HSRP, Static routing) config and Troubleshooting, Firewall configuration i.e policies, communication troubleshooting, AD, NMS, SIEM, AV, WSUS, etc Installation, configuration and troubleshooting. Uphold industrial safety awareness through the completion of pertinent safety certifications. Qualifications Basic Qualifications: Bachelor's degree in computer-related fields (e.g., Computer Science, Computer Information Systems, Electronics) or equivalent experience. Cisco Certified Network/Design/Security Professional (at least one certification). GICSP/CISSP Certified Information Systems Security Professional or similar security certification. 5+ years of experience in Networking, endpoint security, and conducting audits/assessments in IT security. 3+ years of experience in Security Projects. 2+ years of experience in Cybersecurity Vulnerability or Risk assessment. 2+ years of experience with Microsoft Active Directory, DNS, WSUS, and Terminal Server. 2+ year of experience in vulnerability scanning and assessments using tools like Nessus and NMAP. Proven experience designing or deploying a minimum of 10 projects leveraging virtualization, preferably VMware. 3+ years of Network Security Experience: Firewalls, ACL, IDS, IPS, SIEM, particularly with Cisco Routers, Switches, or Firewalls. 3+ years of experience with antivirus systems and backup & restore solutions. 3+ years of experience providing network services on customer sites. Excellent written and oral communication skills. Willingness to travel 30-65%. Preferred Qualifications and Experience 3 years’ experience in Operational Technology (OT). IEC-62443 Risk Assessment/Design/Maintenance Certification (at least one). Knowledge of networking protocols including HSRP, STP, RSTP, MSTP, VLAN, 802.1q, IPv4, IPv6, RIPv2, OSPF, EIGRP, DNS, NTP, EtherChannel, FTP, TFTP, and SSH. Awareness of OT cybersecurity best practices and recommendations. Proficiency in preparing functional and detailed design specifications. Ability to work independently. Excellent troubleshooting skills to resolve complex network, application, or system integration issues. About Us Honeywell helps organizations solve the world's most complex challenges in automation, the future of aviation and energy transition. As a trusted partner, we provide actionable solutions and innovation through our Aerospace Technologies, Building Automation, Energy and Sustainability Solutions, and Industrial Automation business segments – powered by our Honeywell Forge software – that help make the world smarter, safer and more sustainable.

Job Title: Cybersecurity Consultant – VAPT Specialist Location: Riyadh Experience Level: Mid to Senior Employment Type: Full-time Job Summary We are seeking a highly skilled and passionate Cybersecurity Consultant with deep expertise in Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, and API platforms . The ideal candidate will have a strong background in identifying and remediating high-risk vulnerabilities, collaborating with cross-functional teams, and implementing robust security strategies tailored to diverse industries. This role requires a proactive approach to threat mitigation, excellent technical capabilities, and a commitment to continuous learning. Roles & Responsibilities Conduct in-depth Vulnerability Assessment and Penetration Testing (VAPT) for web, mobile, and API platforms, addressing OWASP Top 10, identifying business logic flaws, and uncovering complex attack vectors. Collaborate with IT and development teams to remediate vulnerabilities effectively and within defined SLAs. Design and implement yearly cybersecurity plans aligned with regulatory standards including SAMA CSF, SAMA ITGF, NCA CSCC, NCA ECC , and PCI-DSS . Perform advanced threat hunting, source code reviews , and SIEM audits to detect integration flaws and hidden threats. Carry out network and server configuration reviews in line with NIST, CIS benchmarks , or customized Minimum Baseline Security Standards (MBSS) . Utilize advanced security tools such as: Core Impact, Tenable SC, Nessus, Nmap, Metasploit, Acunetix, AppScan, Splunk, QRadar, Volatility, Hydra, Burp Suite, SonarQube, SQLMap, Fortify , etc. Conduct risk assessments, compromise assessments , and provide tailored recommendations to strengthen the organization’s security posture. Demonstrate strong communication and interpersonal skills , ensuring seamless collaboration across departments and with clients. Stay ahead of evolving threats by researching the latest technologies and attack vectors , and apply this knowledge to secure client environments. Required Qualifications Bachelor of Science Deep understanding of security frameworks, methodologies, and risk-based prioritization. Certifications (Preferred) Certified Information Security Manager (CISM) Certified Red Team Professional (CRTP) eLearn Certified Threat Hunting Professional (eCTHP) eLearn Web Penetration Tester (eWPT) Certified Ethical Hacker (Practical) (CEH) NSE1 – Network Security Associate Key Skills VAPT (Web, Mobile, API) Threat Hunting & Compromise Assessment Source Code & Network Configuration Review Regulatory Compliance (PCI-DSS, NCA, SAMA) Security Tool Proficiency (BurpSuite, Nessus, Metasploit, etc.) Risk Analysis & Communication Skills Report Writing & Executive Summarization

We are hiring Senior Security Consultant -VAPT Specialist for our client located in Kozhikode. Position Summary As a Senior VAPT Specialist, you will be responsible for conducting comprehensive security assessments, managing client relationships, and delivering high-quality penetration testing services. You will also conduct client-side vulnerability checks for your diverse clients. These will include assessing their security postures and offering actionable recommendations to fortify their cybersecurity defenses. As a senior VAPT specialist, you will engage in tasks that include: Client Management & Communication Be the trusted security expert and advisor for your assigned clients in undertaking security assessments. Lead engaging briefings, provide status updates, and prepare effective presentations. Convert complex technical findings into insights that drive decision-making for our clients. Build relationships that not only last, but also ensure client satisfaction, trust, and value for your service-oriented projects. Document findings that guide you to derive solutions. Threat Modeling & Risk Assessment Develop comprehensive threat models for client applications and infrastructure Conduct risk assessments and prioritize security findings based on business impact Design attack scenarios and security test cases based on threat intelligence Collaborate with development teams to integrate security into SDLC processes Red Team Operations Plan and execute red team exercises to simulate real-world attack scenarios Develop custom tools and exploits for specific client environments Conduct social engineering assessments and physical security testing when required Provide post-exercise debriefings and improvement recommendations Documentation & Reporting Contribute to internal knowledge base and best practices documentation Create detailed technical reports documenting vulnerabilities, exploitation methods, and remediation steps Develop executive summaries tailored for C-level audiences Maintain accurate project documentation and testing methodologies Required Qualifications Experience & Background 3-5 years of hands-on experience in vulnerability assessment and penetration testing Proven track record of successful client engagements and project delivery Experience with enterprise-level security assessments across various industries Demonstrated ability to work independently and manage multiple projects simultaneously Technical Expertise Deep understanding of security frameworks and standards: Penetration Testing Execution Standard (PTES) OWASP Top 10 and OWASP Testing Guide SANS Top 25 Most Dangerous Software Errors NIST Cybersecurity Framework CIS Critical Security Controls MITRE ATT & CK Framework Development & Programming Experience Software Development Background: Hands-on experience in application development and an understanding of secure coding practices are highly recommended. Programming and Scripting Languages: If you’re proficient in Python and Bash, that would be an added advantage. Additional experience in PowerShell is highly appreciated. Basic knowledge in at least one compiled language (C/C++, Go, Java, or C#) Custom Tool Development: You can efficiently develop custom security tools, exploits, and automation scripts Security Tools Expertise: You’re the person who can confidently leverage security tools with expert-level proficiency, such as Burp Suite Professional, OWASP ZAP, Nmap, Nessus, OpenVAS, Metasploit, Cobalt Strike, Wireshark, tcpdump, Static analysis tools (SonarQube, Checkmarx, and Veracode), and Custom exploit development tools. Social Engineering & Phishing Expertise Social Engineering Assessments: Design social engineering tests to trigger human response to various threat scenarios. Phishing Simulations: Run phishing simulations ethically. Physical Security Testing: Perform on-site assessments through tailgating, badge cloning, and facility penetration. Awareness Training: Provide security awareness training based on assessment findings OSINT (Open Source Intelligence): Gather and analyze publicly available information for reconnaissance and social engineering preparation. Communication & Language Skills Excellent communication skills (both written and spoken) Effectively communicate complex technical concepts to non-technical stakeholders Strong presentation and public-speaking abilities Can professionally draft technical documentation and reports Professional Attributes Strong analytical and problem-solving abilities Attention to detail with a methodical approach to testing Ability to think like an attacker and anticipate security threats Commitment to ethical hacking principles and professional conduct Continuous learning mindset to stay current with emerging threats and technologies Research-Oriented Mindset: Can deep research in all efficacy to understand emerging vulnerabilities, attack vectors, and security trends. Innovation and Tool Development: Proactive approach to developing custom security tools, scripts, and methodologies for enhancing testing capabilities Creative thinking for developing novel attack scenarios and bypassing security controls Preferred Qualifications Certifications: OSCP (Added Advantage), GPEN, CRTO, and CRT Additional Experience (If any applicable) Experience with DevSecOps practices and CI/CD pipeline security Background in software development or system administration Knowledge of compliance frameworks (PCI DSS, HIPAA, GDPR, SOC2, ISO 27001) Experience with threat intelligence platforms and indicators of compromise Familiarity with containerization security (Docker, Kubernetes) Previous consulting or client-facing experience Location: Govt. Cyberpark, Calicut Experience: 3 – 5 Years Be it undertaking vulnerability assessment or performing in-depth penetration testing, your role as a senior VAPT consultant highly counts when it comes to safeguarding our clients’ critical assets by detecting threats and closing security gaps – proactively and efficiently. Where confidence, knowledge, and aptitude combine to effectively undertake high-profile security tests like ethical hacking, it is these qualities that we expect from you for the concerned role. Contact us if you believe you aptly fit in this role.

What you will do Review and triage new vulnerability tickets to validate the impact. Assist users by providing security guidance for remediation of Vulnerabilities. Validate remediation efforts from internal customers. Investigate possible security exceptions. Update, maintain and document security controls. Ensure application teams are implementing remediations within SLA Maintain documentation of work performed and remediation actions using ServiceNow ticketing system What you should possess Strong customer focus with the ability to advise and work closely with application teams and vendors on mitigation. Exposure to commercial and open-source tools such as Burpsuite, WebInspect, , Qualys, nmap, etc. Experience cataloguing and risk-scoring vulnerabilities discovered through assessments. Knowledge about public cloud environments Knowledge about basic computer networking and HTTP Good understanding and experience with: Web application security assessment, including hands-on techniques. Hands-on experience in identifying, mitigating, and remediating vulnerabilities based on OWASP Top10 (API, Web) Basic Scripting knowledge with the capability to automate analysis of technical engineering tasks using python, bash, or the use of PowerAutomate CVSS3 scoring and its use in risk rating. Basic experience with Linux Preferable certifications like CEH / ECSA / CompTIA or other equivalent security certifications What success looks like Prompt, effective review and collaboration on remediation of security vulnerabilities. Responsiveness to internal customer requests. Validation of remediated tickets within published service level agreements (SLAs). What you will do Review and triage new vulnerability tickets to validate the impact. Assist users by providing security guidance for remediation of Vulnerabilities. Validate remediation efforts from internal customers. Investigate possible security exceptions. Update, maintain and document security controls. Ensure application teams are implementing remediations within SLA Maintain documentation of work performed and remediation actions using ServiceNow ticketing system What you should possess Strong customer focus with the ability to advise and work closely with application teams and vendors on mitigation. Exposure to commercial and open-source tools such as Burpsuite, WebInspect, , Qualys, nmap, etc. Experience cataloguing and risk-scoring vulnerabilities discovered through assessments. Knowledge about public cloud environments Knowledge about basic computer networking and HTTP Good understanding and experience with: Web application security assessment, including hands-on techniques. Hands-on experience in identifying, mitigating, and remediating vulnerabilities based on OWASP Top10 (API, Web) Basic Scripting knowledge with the capability to automate analysis of technical engineering tasks using python, bash, or the use of PowerAutomate CVSS3 scoring and its use in risk rating. Basic experience with Linux Preferable certifications like CEH / ECSA / CompTIA or other equivalent security certifications What success looks like Prompt, effective review and collaboration on remediation of security vulnerabilities. Responsiveness to internal customer requests. Validation of remediated tickets within published service level agreements (SLAs). What You Can Expect A fun, cutting-edge, and collaborative environment A culture of innovation and continuous learning. Training, support, and mentoring to expand and evolve your expertise. Opportunities to impact the security of Comcast products in millions of homes and businesses What We Require: Bachelor's Degree in Computer Science, Information Systems, or other related field or equivalent work experience. Disclaimer: The above information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications. Comcast is an EEO/AA/Drug Free Workplace. Comcast is an equal opportunity employer. A fun, cutting-edge, and collaborative environment A culture of innovation and continuous learning. Training, support, and mentoring to expand and evolve your expertise. Opportunities to impact the security of Comcast products in millions of homes and businesses What We Require: Bachelor's Degree in Computer Science, Information Systems, or other related field or equivalent work experience. Disclaimer: The above information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications. Comcast is an EEO/AA/Drug Free Workplace. Comcast is an equal opportunity employer.

About Netskope Today, there's more data and users outside the enterprise than inside, causing the network perimeter as we know it to dissolve. We realized a new perimeter was needed, one that is built in the cloud and follows and protects data wherever it goes, so we started Netskope to redefine Cloud, Network and Data Security. Since 2012, we have built the market-leading cloud security company and an award-winning culture powered by hundreds of employees spread across offices in Santa Clara, St. Louis, Bangalore, London, Paris, Melbourne, Taipei, and Tokyo. Our core values are openness, honesty, and transparency, and we purposely developed our open desk layouts and large meeting spaces to support and promote partnerships, collaboration, and teamwork. From catered lunches and office celebrations to employee recognition events and social professional groups such as the Awesome Women of Netskope (AWON), we strive to keep work fun, supportive and interactive. Visit us at Netskope Careers. Please follow us on LinkedIn and Twitter@Netskope. About The Position Netskope is looking for an analyst on the Threat and Vulnerability Management team. This position will focus on the identification and proactive mitigation of Netskope’s attack surface, threat landscape, security gaps , and cyber threats which could impact the business. In addition, this role will be responsible for performing the vulnerability management function such as finding, reporting, and supporting business units in their vulnerability remediation efforts. Roles & Responsibilities Continuous development and execution of the enterprise Threat and Vulnerability Management strategic plan to identify and reduce vulnerable attack surfaces Perform complex analysis to understand emerging threats, and continuously demonstrates awareness of current threat posture Reviews emerging and existing threat methodologies and exploit code / proof of concept code to develop mitigations, prioritize risks and navigating sources for identification of vulnerable assets. Execute on core team functions such as scanning, reporting, custom checks, asset tagging, as well as incorporating threat intelligence into vulnerability checks Automate security tasks using scripting languages such as python. Maintain and contribute to the threat models understanding emerging/existing threats and countermeasures to them. Partners with internal teams to lead, develop, test, and continuously validate detection signatures for various attacks Provide internal teams with hardening guidance and develop tooling for auditing Support teams by being a Remediation Champion giving them guidance on various strategies to remediate a vulnerability and supporting them in their testing and validation efforts. Provides expertise in incident response activities. Teach and understand CVSS, CVE, and additional vulnerability ratings and methodologies Qualifications/Requirements Experience 2 to 5 Yrs in Security Should possess relevant university degree and/or professional qualifications/certification (e.g. CEH, OSCP) Must have knowledge with tools Tenable, Qualys, NMAP, SCAPY, and other tools. Must have the ability to understand hardening guidelines for new technologies and applications being adopted by Netskope. Understanding of containerization and containerized applications, their security weaknesses and how to secure them Must have an understanding of patch automation, security orchestration, and management tooling for on premise, private cloud, and cloud infrastructure. Knowledge of OWASP Web and Mobile Top 10 vulnerabilities and identifying them. Knowledge of TCP/IP and other application and network level protocols. Knowledge of Cloud Applications like AWS, Azure and other SAAS Applications. Excellent written and verbal communication skills. Self-motivated, curious, knowledgeable pertaining to news and current events. Ability to be effective in a remote global work environment. Netskope is committed to implementing equal employment opportunities for all employees and applicants for employment. Netskope does not discriminate in employment opportunities or practices based on religion, race, color, sex, marital or veteran statues, age, national origin, ancestry, physical or mental disability, medical condition, sexual orientation, gender identity/expression, genetic information, pregnancy (including childbirth, lactation and related medical conditions), or any other characteristic protected by the laws or regulations of any jurisdiction in which we operate. Netskope respects your privacy and is committed to protecting the personal information you share with us, please refer to Netskope's Privacy Policy for more details.

Job description Cyber Security Engineer will develop and execute vulnerability and penetration test suites. Automate test suites where possible. Perform vulnerability and threat assessments with help from cybersecurity architects and PSRs. Assess vulnerability patches and identify the impact on the products. Develop common cyber solutions, tools & help integrate with modalities. Representative Tasks: Runs Web application vulnerability software to detect security issues in web applications Analyses output of web application test scans to determine valid security issues. Meets with internal/external customers to analyze outputs from web application scans. Recommends remediation and mitigation strategies of security issues in web applications to customers. Bug bounty program participations Required Knowledge/Understanding: Web Vulnerability/Risk assessment processes OWASP top 10 vulnerabilities Report Writing Manual Testing Tools: Nessus Burp Suite SQL Map Nikto Metasploit Certification: Certified Ethical Hacker (CEH) Note: Candidate's who doesn't have CEH should complete CEH certification within one month if selected. Job Types: Permanent, Full-time Salary: From ₹15,000.00 per month Schedule: Morning shift Job Types: Full-time, Permanent, Fresher Salary: ₹15,000.00 - ₹25,000.00 per month Benefits: Health insurance Provident Fund Job Type: Full-time Pay: ₹15,000.00 - ₹20,000.00 per month Benefits: Health insurance Provident Fund Application Question(s): What is your expected salary? Have you submitted valid bug/ vulnerabilities (including duplicates)in bug bounty programs ? Have you completed CEH, EJPT or any security certifications. Have you ever been attended for security training course. Do you have hands-on experience using tools such as Burp, Nessus, nmap, Zap, or similar? Will you be able to reliably commute to Tambaram, Chennai, Tamil Nadu for this job? Work Location: In person

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : DevSecOps Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :To play a key role in enabling successful project delivery across multiple projects. This role expects you to specialize in a range of security domains, including penetration testing, dynamic and static application security testing, software composition analysis, security architecture review and container security. Additionally, you provide comprehensive support in vulnerability management, service monitoring, and DevSecOps practices. Roles & Responsibilities:-Should have hands-on experience and knowledge of manual and automated penetration testing on the web, mobile and cloud-based applications.-Should have hands-on experience and knowledge of DAST (Dynamic Application Security Testing) to identify runtime vulnerabilities in staging and production environments.-Should have hands-on experience and knowledge of SAST (Static Application Security Testing) for early-stage source code and binary analysis.-Should have hands-on experience and knowledge of SCA (Software Composition Analysis) to detect open-source risks and license compliance issues.-Should have hands-on experience and knowledge of executing SAR (Security Architecture Review) of complex and cloud-based application and should be able to strategize risk remediation with the stakeholders or Security Architect.-Should have hands-on experience and knowledge of integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI).-Should have hands-on experience and knowledge of enforcing policy-as-code, shift-left security testing, and secure code delivery practices and automate security checks for container images and Kubernetes workloads.-Should be able to scan and harden docker containers using industry-standard tools.-Should be able to monitor vulnerabilities in container registries and orchestrators (e.g., Kubernetes, ECS).-Skilled in communicating security findings to technical and non-technical stakeholders.-Contribute to secure architecture reviews, risk assessments, and compliance initiatives.-Should be able to manage clients and various stakeholders.Should be a good people manager and should have experience of people and project management. Professional & Technical Skills: Tools & Technologies:Pentest Tools:Burp Suite Pro, OWASP ZAP, Nmap, Postman, Kali Linux,DAST/SAST/SCA:Fortify, Checkmarx, Veracode, Coverity, AppScan, Black Duck, Snyk,DevSecOps:GitHub Actions, Jenkins, GitLab, Docker, Kubernetes,VM Tools:Qualys, Tenable, ThreadFix,Monitoring:ServiceNow, Jira, Confluence-Should be able to collaborate with infrastructure and DevOps teams to secure cloud-native deployments.-Should be able to identify, triage, and manage vulnerabilities using centralized platforms (e.g., ThreadFix).-Should track vulnerability lifecycle from detection through remediation and reporting.-Should support real-time service monitoring to maintain system integrity and threat detection coverage. Additional Information:- The candidate should have minimum 7.5 years of experience in DevSecOps.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Description and Requirements "At BMC trust is not just a word - it's a way of life!" Hybrid Description and Requirements "At BMC trust is not just a word - it's a way of life!" We are an award-winning, equal opportunity, culturally diverse, fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, because we know you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud! We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation! The IZOT product line includes BMC’s Intelligent Z Optimization & Transformation products, which help the world’s largest companies to monitor and manage their mainframe systems. The modernization of mainframe is the beating heart of our product line, and we achieve this goal by developing products that improve the developer experience, the mainframe integration, the speed of application development, the quality of the code and the applications’ security, while reducing operational costs and risks. We acquired several companies along the way, and we continue to grow, innovate, and perfect our solutions on an ongoing basis. We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles And Responsibilities Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure you’re set up for success, you will bring the following skillset & experience: 3+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes. CA-DNP Our commitment to you! BMC’s culture is built around its people. We have 6000+ brilliant minds working together across the globe. You won’t be known just by your employee number, but for your true authentic self. BMC lets you be YOU! If after reading the above, You’re unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply! We want to attract talents from diverse backgrounds and experience to ensure we face the world together with the best ideas! BMC is committed to equal opportunity employment regardless of race, age, sex, creed, color, religion, citizenship status, sexual orientation, gender, gender expression, gender identity, national origin, disability, marital status, pregnancy, disabled veteran or status as a protected veteran. If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page. BMC Software maintains a strict policy of not requesting any form of payment in exchange for employment opportunities, upholding a fair and ethical hiring process. At BMC we believe in pay transparency and have set the midpoint of the salary band for this role at 1,725,800 INR. Actual salaries depend on a wide range of factors that are considered in making compensation decisions, including but not limited to skill sets; experience and training, licensure, and certifications; and other business and organizational needs. The salary listed is just one component of BMC's employee compensation package. Other rewards may include a variable plan and country specific benefits. We are committed to ensuring that our employees are paid fairly and equitably, and that we are transparent about our compensation practices. ( Returnship@BMC ) Had a break in your career? No worries. This role is eligible for candidates who have taken a break in their career and want to re-enter the workforce. If your expertise matches the above job, visit to https://bmcrecruit.avature.net/returnship know more and how to apply.

Summary Position Summary Red Team — Senior Consultant 2 – Senior Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes Interacts with clients, managers and partners to build and nurture strong relationships Tailors firm tools and methodologies as per client requirements Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships with their direct client contacts at a minimum at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Advanced communication skills (written and verbal) with experience delivering high-level technical presentations, detailed engagement reports, and executive briefings to stakeholders and leadership teams. Proven ability to design and execute complex red team operations, providing tactical and strategic guidance for enhancing organizational security posture through actionable insights. Comprehensive project management skills, with experience in leading large-scale offensive security engagements from inception to execution, including coordinating cross-functional teams. Expert-level understanding of threat analysis, enterprise-level defense mechanisms, and advanced mitigation strategies, with a focus on bridging offensive techniques with defensive improvements. Hands-on experience in bypassing complex security defenses such as firewalls, EDR, IDS/IPS, SIEM solutions (e.g., Splunk, QRadar, ArcSight), using cutting-edge evasion techniques. Extensive knowledge of cyber kill chains, advanced multi-stage attack scenarios, and the ability to execute sophisticated adversarial campaigns using real-world TTPs. Deep expertise in reverse engineering, malware analysis, and exploiting vulnerabilities to uncover security flaws within complex infrastructures. Strong knowledge of cloud security (AWS, Azure, GCP) and demonstrated ability to conduct adversarial simulations targeting cloud-based environments. Advanced knowledge of operating systems (Windows/Linux) and networking technologies critical to red team operations, with the ability to exploit system misconfigurations and weaknesses. Mastery of adversarial simulation tools like Cobalt Strike, Sliver, Metasploit, Empire, Nessus, nmap, Qualys, and Tenable, with the capability to customize attack vectors. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Proven experience leading red teaming, purple teaming, and Breach Attack Simulations (BAS) at the enterprise level, simulating advanced persistent threats (APTs) to assess security defenses. Expertise in spear-phishing campaigns, HTML smuggling, payload delivery mechanisms, and opsec strategies to evade detection throughout engagements. Deep understanding of advanced attack frameworks like MITRE ATT&CK and SANS Top 25, using them to design tailored attack scenarios specific to client environments. In-depth knowledge of EDR/AV evasion techniques, privilege escalation, lateral movement, and persistence in both on-premise and hybrid cloud infrastructures. Ability to architect, deploy, and optimize custom Red Team/Offensive Security solutions, including managing command and control infrastructure, payload obfuscation, and real-time response actions. Ability to manage cross-functional teams across red, blue, and purple engagements, fostering collaboration and improving overall security resilience through continuous improvement cycles. High-level proficiency in strategic planning, engaging with leadership to define security objectives, risk prioritization, and translating technical findings into business-centric solutions. Strong knowledge of attack surface management and vulnerability management, with experience discovering and analyzing hidden or misconfigured assets, especially shadow IT. Advanced OpSec and tradecraft knowledge, ensuring red team engagements are conducted without exposing tools or tactics to detection, while continuously adapting methods to outpace blue team defenses. As a Senior Solutions Delivery Lead, you will lead the charge in adversarial simulation operations, pushing the boundaries of offensive security capabilities. You will: Architect and lead advanced red team engagements, simulating the tactics, tools, and techniques used by sophisticated threat actors to test client defenses. Conduct multi-phase, coordinated attack campaigns, including phishing simulations, exploitation of vulnerabilities, and covert lateral movement across complex environments. Develop and optimize adversarial simulation tactics, ensuring constant evolution of red team methodologies in response to emerging threats. Provide in-depth reports and post-engagement briefings with a focus on strategic remediation advice that aligns with organizational security goals. Oversee the red team infrastructure, ensuring all tools, C2 systems, and exploit frameworks are continually updated and configured for optimal effectiveness. Lead purple team exercises, working closely with blue teams to collaboratively improve detection, response, and mitigation strategies in real time. Remain at the forefront of offensive security innovations, guiding the team through new techniques, tools, and adversarial simulations to enhance effectiveness. Ensure OpSec best practices are strictly followed to avoid detection during engagements and protect the integrity of the red team toolkit. Collaborate with clients and stakeholders to review attack scenarios, findings, and deliver customized security enhancements tailored to their specific business risks. Preferred: B. E / B.Tech / M.S in any engineering discipline; 7-9 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 306123

Key Responsibilities: Assist in web, network, and system penetration testing. Conduct vulnerability scans using tools like Nmap, Nessus, and OpenVAS . Assist in social engineering or phishing assessments (if applicable). Prepare clear documentation, reports, and remediation guidance for stakeholders. Maintain knowledge of latest threats, vulnerabilities, and attack techniques. Must-Have Skills: Basic knowledge of networking, OSI model, and common protocols (TCP/IP, HTTP, DNS). Familiarity with Linux and Windows systems. Exposure to tools like Burp Suite, Nmap, Wireshark, Metasploit, Nikto. Understanding of OWASP Top 10 vulnerabilities. Basic scripting knowledge (Python, Bash preferred). Experience with Kali Linux or Parrot OS. Good to Have: Certifications such as CEH, OSCP, eJPT, or Security+. Familiarity with cloud environments (AWS/Azure/GCP) security practices. Basic understanding of firewalls, IDS/IPS, and SIEM tools. Participation in CTFs or bug bounty platforms.

Job Summary Business Impact & Value Re-engineer legacy applications and build state of the art platform Envision Credit Origination 2.0 platform and align it with Bank’s NextGen technology vision Consistently leads delivery of valuable features Continually looking for process improvements Proposes new ways of doing things Suggests novel ways to fulfil requirements Helps elaborate requirements where necessary. Programming In depth knowledge of IDE, language and toolset in language of choice. Excellent understanding of language & framework and a good working knowledge of the abstraction layer underneath Understanding of threads, threading model and concurrent programming Can profile and optimize code Good knowledge of other programming languages & paradigms and when to apply them Comfortable debugging/finding complex problems Key Responsibilities Design: Can identify and apply appropriate design patterns to problems. Comfortable developing large features Understands Idempotence Understands boy scout principle. Leaves code in a better state then when arrived Good understanding of cohesion, SOLID and how to apply Writes clean, maintainable code Understands importance of domain model and can coherently model a problem domain within a given context Anticipates medium term (3-6 month) vectors of change and designs and abstracts accordingly Understands & appreciates simplicity & the value of removing code Understands design patterns such as CQRS and eventual consistency Understands how to design for performance at all levels. Development Practice Automates everything by default Can build a CD pipeline Automates security scanning and performance testing as part of build Monitor systems to ensure they meet both user needs and business goals Oversee assigned programs (e.g. conduct code review), set and monitor team standards. Evaluate and select appropriate software or hardware and suggest integration methods Focus on reliability, performance and availability Infrastructure Good grasp of multiple operating systems Good grasp of scripting techniques Expertise in one database & good grasp of multiple data storage paradigms and when to apply other technologies Understands and can automate paas technologies Understands when to apply appropriate infrastructure technologies. Understanding of network communications, including TCP/IP, HTTP protocol Security Writes Secure code by default Can use tools (nmap/metasploit etc.) to perform deep security probes Understands server hardening Understating of security principles using SSL protocols and data encryptio Behaviours & Collaboration Leads group discussions on design of particular areas Comfortable presenting information Gains buy in from team and drives design Mentors and develops those around them Understands domain well enough to work with PO to drive value Shares knowledge with wider community Regulatory & Business Conduct Display exemplary conduct and live by the Group’s Values and Code of Conduct. Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct. Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters. Lead to achieve the outcomes set out in the Bank’s Conduct Principles Qualifications Education: Bachelors in Engineering or equivalent Skills And Experience We are looking for Language agnostic people, however below is the end to end tech stack we intend to use for developing our Credit Origination platforms. Java/ J2EE, Spring, Struts, Hibernate Reporting tools – OBIEE BI tools - Informatica Hands-on skills in J2EE specifications like JAX-RS, JAX-WS Cloud Solutions – Openshift or AWS Containers Management –using tools like Docker, Rocket and Drawbridge Elastic Scaling – using tools like Nginx, HAProxy or PAAS like Openshift Dynamic Discover – using tools like Zookeeper or Etcd Configuration Management – using tools like Zookeeper, Etcd, Spring, Puppet/Chef, Ansible Continuous Integration – using tools like Maven and Jenkins Continuous Deployment – using tools like Jenkins, Nolio or Go Assembly Development – using frameworks like Apache Camel or Node.js UI Development – using frameworks like Node.js, REACT, AngularJS or Backbone IDL Definition – using tools like RAML or Swagger Code Development – using IDE’s like Eclipse or IntelliJ Web API’s – for Information Exchange Collaboration – using tools like Git-Hub and JIRA Hands experience and Knowledge of microservices architecture Strong in Oracle or SQL Server PL/SQL development and designing data model. Understanding of continuous build concept and usage with maven, sonarqube or other related tools. Web services, API design, Defining Specification using swagger/RAML. Dev Ops Tools and CI/CD Processes –GitFlow, BitBucket etc. Experience with automated test configuration. Good to have experience in containerization technologies - Kubernetes About Standard Chartered We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us. Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion. Together We Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term What We Offer In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations. Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum. Flexible working options based around home and office locations, with flexible working patterns. Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning. Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Role & responsibilities Conduct Vulnerability Assessment and Penetration Testing (VAPT) on in-house web applications, iOS applications, Android applications, network infrastructure, and AWS (Cloud) services. Identify and analyze security vulnerabilities, weaknesses, and misconfigurations in the above mentioned systems. Develop comprehensive reports detailing identified vulnerabilities, potential risks, and recommended remediation strategies. Collaborate with development, operations, and IT teams to prioritize and implement security fixes and improvements. Continuously monitor and assess the security posture of internal systems and recommend proactive measures to enhance security. Stay updated with the latest security threats, vulnerabilities, and industry best practices related to web applications, mobile applications, networks, and cloud environments. Participate in incident response activities, including investigating security incidents and providing support in remediation efforts. Contribute to the development and maintenance of security policies, procedures, and standards. Provide training and awareness sessions to staff on the latest cyber security trends, best practices, and emerging threats to enhance the overall security posture of the organization.

Offensive Security Professional Job Req ID: 49030 Posting Date: 15 Jul 2025 Function: Software Engineering Unit: Networks Location: Building No 14 Sector 24 & 25A, Gurugram, India Salary: Competitive Hiring Manager: Abhishar Balodhi Recruiter: Archana SM Location: Gurugram Carrer Level: E Why BT We’ve always been an organisation with a purpose; to use the power of communication to make a better world. You can trace this back to our beginning as pioneers of the world’s firs telecommunications company. At our heart we’re a technology company with research and innovation in our bones and a desire to be personal, simple, and brilliant for our customers - those are the values we live by whilst also creating an inclusive working environment where people from all backgrounds can succeed.Our pursuit of progress over the past 180 years has established BT as a strong, successful brand, with huge scale capable of achieving great things. From supporting emergency services, hospitals, banks and keeping economies around the world online, safe and secure, to delivering large scale technology infrastructure like the creation of BT Sport. Today in this fast-changing, always on, digital world our purpose remains true. Yet the market conditions, regulations and competition we face are tougher than ever before. So, if you have the drive, optimism and resilience to help propel us forward we’ll offer unrivalled personal development, a wealth of opportunities to learn, experience new things and pursue new careers. If that’s you and what you’re looking for, we’d love you to be part of our future. Why this job matters As an experienced Information Security Services provider we will help lead a highly motivated team laser-focused on analyzing, designing, developing and delivering solutions built to stop adversaries and strengthen your operations Our Competent individuals and Skilled leadership will provide you incident response, risk reviews and vulnerability assessments, identifying threats, all of which ladder up to driving secure solutions. What I’ll be doing – your accountabilities Accountable for delivering vulnerability assessments and penetration tests. Responsible for increasing individual technical skill whilst also delivering BAU. Accountable for increasing capability of the penetration testing team through web application, network & mobile skill acquisition. Accountable for support leadership in setting strategy for the team moving forward. Responsible for contributing to the positive research and technical capability of BT security. To support and maintain the BT Business Support – Protect BT ISO27001 certificate for Offensive Security team The skills you need Pentest Skills – Web application pentest (OWASP,NIST framework), Network pentest (Linux,windows),API & Mobile pentest. Networking Skills – TCP/IP packet level understanding,Routing,Switching,firewall understanding. Linux Skills – Linux directory structure & basic command line knowledge from pentest/vulnerability assessment standpoint. Vulnerability management- This requires understanding of vulnerability assessment framework(CVE/CVSS) and Security assessment tools (such as Nmap,Metasploit, Burp Suite, SQLmap, Nessus) Regulatory Understanding - PCI DSS guidelines, GDPR. Experience you would be expected to have Mandatory 2-4 Years experience in the field on pentesting. Mandatory Bachelor's Degree or higher preferred. CEH,OSCP,CREST,LPT certifications are highly preferred. Ability to understand packet level TCP/IP knowledge. Good scripting knowledge (e.g. Python) will be highly preferred. Capable of working successfully with end customers PREFERRED. Our leadership standards Looking in: Leading inclusively and Safely I inspire and build trust through self-awareness, honesty and integrity. Owning outcomes I take the right decisions that benefit the broader organisation. Looking out: Delivering for the customer I execute brilliantly on clear priorities that add value to our customers and the wider business. Commercially savvy I demonstrate strong commercial focus, bringing an external perspective to decision-making. Looking to the future: Growth mindset I experiment and identify opportunities for growth for both myself and the organisation. Building for the future I build diverse future-ready teams where all individuals can be at their best. About us BT is part of BT Group, along with EE, Openreach, and Plusnet. Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding. We value diversity and celebrate difference. ‘We embed diversity and inclusion into everything that we do. It’s fundamental to our purpose: we connect for good.’ We all stick to the same values: Personal, Simple, and Brilliant. From day one, you’ll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won’t be alone: we’ll be there with help and support, learning and development. This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it. A FEW POINTS TO NOTE: Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch. We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us. DON'T MEET EVERY SINGLE REQUIREMENT? Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.

Static/dynamic testing of mobile applications, Vulnerability Assessment, Penetration Testing, Cyber Security Assessment & Consulting. Secure Code Review, Web Application Security Testing, Firewall Rule Audit, Secure Configuration Review, Wireless Penetration Testing.

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment & Consulting, Cybersecurity, Data Security Assessment & Consulting. Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies. Prepare detailed reports on findings from simulations and suggest improvements. Facilitate training sessions for internal teams on security awareness and breach response tactics.

Security Analyst/ Pen Tester Join us as a Security Analyst at Dedalus , one of the World’s leading healthcare technology companies, at our team in Chennai, India to do the best work of your career and make a profound impact in providing better care for a healthier planet. What you’ll achieve As a Security Analyst , you will be part of our highly successful team, utilising your skills for Security Vulnerability Analysis/ Penetration Testing where you will test, assess, exploit & report the security vulnerabilities in the software application, infrastructure and provide recommendations for the suitable solution/ remedy. Working with an extended highly skilled team, you will be making a profound impact throughout the healthcare sector. You will: Security Vulnerability Analysis/ Threat Modelling & Risk Assessment Executing static code review using automated SAST tools & False Positive Analysis Performing dynamic testing (DAST) using automated tools like Burp-suite, Invicti/ Nessus Manual Penetration Testing and Ethical Hacking technics to exploit vulnerabilities Prepare assessment & validation report on the vulnerabilities & risks with impact, artifacts, recommended solution/ mitigation and POCs Explain threats & present assessment reports to Developer/ Architect community Take the next step towards your dream career. At Dedalus Life flows through our software. Every day we do something special by helping caregivers and health professionals deliver better care to their served communities. Take the next step in your career that will make a profound impact. Here’s what you’ll need to succeed: Essential Requirements: Minimum four-year experience in security vulnerability analysis and Pen testing (VAPT) on cloud services, web products/ enterprise applications. Ability to execute Appsec tools; Mandatory to know industry standard tools like – Burp-suite, Invicti & Fortify (or any SAST tool), Cloud-Native tools and open-source tools like - Kali, Nmap, Wireshark, Metasploit, ZAP, Echo Mirage. Technical Knowledge on SDLC and implementation essentials of various application types - Desktop, Web, API, Mobile (Hybrid/ Native) & Cloud (AWS, Azure, or GCP). Ability to understand & review Java or .NET (must have), Angular (nice to have) code with respect to security vulnerability. Clear understanding on OWASP, GDPR/ ISO Security standards. Exposure to DevAppSec automation & scripting is preferred. Valid Certification in VAPT/ Ethical Hacking in Mobile /Web /Cloud security is must. Knowledge of AI tools & securing Docker containers like Kubernetes are advantages. Understanding of real world threats & data protection acts are preferred We are Dedalus, come join us Dedalus is committed to providing an engaging, rewarding work experience that reflects the passion our employees bring to our mission of helping clinicians and nurses deliver better care to their served communities. Our company fosters a culture where employees are encouraged to learn and innovate, and to enable and enhance clinical co-operation and processes while making a meaningful difference for millions of people around the world. Each person is the end point and the starting point of the Group’s activities and the ultimate beneficiary. For this reason, we are so proud of doing our very special jobs each day. Our company is enriched by a diverse population of 7,600 people in more than 40 countries that work together to innovate and drive better healthcare options for millions of patients around the world. We are the people of Dedalus. Application Closing date: 18th August 2025 Our Diversity & Inclusion Commitment sets out Dedalus’ approach to ensuring respect, inclusion and success for all our colleagues and the wider communities we operate in. It is imperative for us to share our commitment and dedication to ensure an inclusive and diverse workplace. We recognise that we have improvements to make and on this journey, we must remain authentic and realistic but also ambitious. Our diversity & inclusion commitment – Dedalus Global Life Flows Through Our Software

Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network & blockchain. Experience in both commercial and open source tools likeBurp Professional, Nmap, Kali, Metasploit, etc. Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. Experience in preparing a security threat model and associated test plans. Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results. In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred. Knowledge of current information security threats Primary Skills Web App, Mobile, Web Services/APIs, Network & blockchain. Burp Professional, Nmap, Kali, Metasploit, etc. Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. Security threat model and associated test plans. Java, Scala, C#, Ruby, Perl, Python, PowerShell.