Static Code analysis Static/dynamic testing of mobile applications Vulnerability Assessment Penetration Testing. SAST Penetration testing Vulnerability Assessment

Role: Senior Security Specialist Location : Bangalore Working Model : Hybrid Final Round Interview : F2F Summary of essential job functions The overall responsibility of the team is to provide assurance to the management on the Information Security, Compliance and Risk Management of the organization globally. The candidate would be expected to lead security assessments of Products and Infrastructure globally. Education, Certification and Experience: Qualification Required: Bachelor/Master’s degree in Computer/ Information science, Software Engineering, Cybersecurity, or a related field Certification preferred: OSCP, OSWE, OSEP, ECSA|LPT, CPT, CEH Minimum experience: 08-10 years in Vulnerability Assessment and Penetration Testing- Thin & Thick Client, API , Infrastructure, Cloud, Mobile Competency Requirements: Performs a combination of duties in accordance with departmental guidelines: Hands-on experience in Vulnerability Assessment (VA) and Penetration Testing (PT) for Web, APIs, AI/ML models, Mobile , Network, and Infrastructure. Strong command of OWASP Top 10 with practical knowledge of attack vectors and mitigation strategies. Familiarity with industry standards and frameworks such as OSSTMM, OQASP, CESG, CREST, NIST, ISSAF, and PTES. Expertise in Secure Development Lifecycle (SDLC), including Threat Modeling, Secure Coding Practices, and Security Assessments. Proficient in both Static and Dynamic Application Security Testing (SAST, DAST, IAST), and Software Composition Analysis (SCA). Experience conducting secure code reviews and identifying logic flaws in code bases written in Java, .NET, C/C++, Python, etc. Knowledge of cryptographic protocols, secure communication, data security and key management. Hands-on with commercial and open-source tools: Burp Suite, OWASP ZAP, Acunetix, AppSpider,SQLMap, Nmap, Metasploit, Nessus, OpenVAS, Fortify, Checkmarx, Veracode, SonarQube, NexusIQ and Snyk. Proficient in assessing mobile applications (thick/hybrid clients) using tools like Dex2jar, ADB, Frida. Exposure to AuthN/AuthZ protocols such as OAuth, SAML, OIDC; ability to read, write, and interpret application logic. Familiarity with vulnerability standards: CVSS, CVE, CWE, CAPEC; and patch management lifecycle. Experience automating tasks via shell scripting and Python/Ruby/Php etc. Proficiency in secure code development and reviewing DAST/SAST reports across languages. Understanding security aspects in AWS, Azure, and GCP including IAM, VPC/VNet, S3/Blob storage, API gateway, Load Balancers, WAF, Containers (Docker), and Kubernetes. Experience in infrastructure/network penetration testing and exploitation techniques on Windows/Linux environments. Experience in mentoring, leading teams, and managing security assessments under tight deadlines. Manage third-party security assessments, including vendor risk evaluations, engagement oversight, and ensuring compliance with organizational security standards. Proven ability to provide technical oversight and drive engagement quality across security projects. Exposure to agile/scrum development methodologies and ability to work with cross-functional teams. Familiarity with security standards like PCI DSS, SOC, ISO 27001. Participation in bug bounty program and CTFs is a strong plus. Proactive learning approach, staying updated with evolving cybersecurity trends and technologies. Job Responsibilities: Plan, conduct, and close end-to-end Vulnerability Assessments and Penetration Tests for Web Applications, APIs, Mobile Apps, Thick Clients, Infrastructure, and Cloud environments. Perform both manual and automated security assessments to identify, validate, and prioritize vulnerabilities. Review application code in various programming languages and provide actionable remediation recommendations. Reproduce reported vulnerabilities with proof-of-concept (PoC) and assess associated risks. Evaluate new security tools and products for adoption and integration. Guide development teams on Secure Coding standards and OWASP-aligned practices. Lead and contribute to secure SDLC processes, threat modeling workshops, and risk reviews. Manage and triage security bugs from Bug Bounty programs, working closely with engineering teams to ensure timely resolution. Maintain and improve the security posture of applications across business units, aligning with best practices. Act as a security advisor on project teams, influencing architecture and design decisions. Drive security awareness initiatives and conduct training sessions for developers and QA teams. Update and maintain InfoSec policies and procedures in line with emerging threats, technologies, and compliance requirements; provide support to both internal and external auditors during security assessments and audits. Other Requirements: Strong ethics and understanding of ethics in business and information security. Proficiency in English (both written and oral communication skills). Ability to complete tasks and deliver professionally written reports for clients. Ability to present findings to technical staff and executives. Ability to interact with 247 internal stakeholders to review their requirements. Should be able to think “out of the box” and implement new attack vectors. Self-motivated, curious, knowledgeable pertaining to news and current events Show more Show less

Job Title: Penetration Tester Location: Remote Experience Required: 5 Years Employment Type: Full-Time Job Summary: We are seeking a highly skilled and experienced Senior Penetration Tester with 5 years of hands-on experience in offensive security. The ideal candidate will be responsible for conducting advanced security assessments, simulating real-world cyberattacks, and providing actionable recommendations to enhance the organization’s security posture. This role demands deep technical expertise, strong analytical skills, and the ability to communicate effectively with both technical and non-technical stakeholders. Key Responsibilities: Plan, execute, and document black-box, grey-box, and white-box penetration tests across various environments (web apps, networks, APIs, mobile, cloud, etc.) Conduct Red Team/Blue Team exercises and collaborate with threat hunters and SOC teams. Identify, exploit, and report vulnerabilities in systems, applications, and infrastructure. Develop and maintain custom exploitation tools, scripts, and payloads . Perform social engineering engagements , including phishing simulations and physical assessments (where applicable). Provide detailed, risk-based reporting , including technical findings, proof-of-concept exploits, and remediation guidance. Stay current with emerging threats, vulnerabilities, and tools in the cybersecurity domain. Mentor junior team members and contribute to the development of internal testing methodologies and frameworks. Participate in threat modeling, architecture reviews, and security design discussions . Required Skills and Qualifications: 5 years of professional experience in penetration testing, red teaming, or offensive security . Proficiency in tools such as Burp Suite, Metasploit, Nmap, Wireshark, Cobalt Strike, Nessus, etc. Deep understanding of OWASP Top 10 , MITRE ATT&CK , and NIST security frameworks . Strong knowledge of network protocols, web application architectures, cloud environments (AWS/Azure/GCP), and secure coding practices. Experience with manual testing techniques and not just automated scanners. Strong scripting and automation skills in Python, PowerShell, Bash, or Go . Experience with Active Directory exploitation , privilege escalation, and lateral movement techniques. Demonstrated ability to write clear, concise, and detailed technical reports. Strong verbal and written communication skills. Preferred Certifications (any of the following): Offensive Security Certified Professional (OSCP) Offensive Security Certified Expert (OSCE) Certified Red Team Professional (CRTP) GIAC Penetration Tester (GPEN) Certified Ethical Hacker (CEH) CREST Registered Tester or equivalent Show more Show less

Hiring Manager: Abhishar Balodhi Recruiter: Archana SM Location: Gurugram Carrer Level: E Why BT We’ve always been an organisation with a purpose; to use the power of communication to make a better world. You can trace this back to our beginning as pioneers of the world’s firs telecommunications company. At our heart we’re a technology company with research and innovation in our bones and a desire to be personal, simple, and brilliant for our customers - those are the values we live by whilst also creating an inclusive working environment where people from all backgrounds can succeed.Our pursuit of progress over the past 180 years has established BT as a strong, successful brand, with huge scale capable of achieving great things. From supporting emergency services, hospitals, banks and keeping economies around the world online, safe and secure, to delivering large scale technology infrastructure like the creation of BT Sport. Today in this fast-changing, always on, digital world our purpose remains true. Yet the market conditions, regulations and competition we face are tougher than ever before. So, if you have the drive, optimism and resilience to help propel us forward we’ll offer unrivalled personal development, a wealth of opportunities to learn, experience new things and pursue new careers. If that’s you and what you’re looking for, we’d love you to be part of our future. Why this job matters As an experienced Information Security Services provider, we will help lead a highly motivated team laser-focused on analysing, designing, developing and delivering solutions built to stop adversaries and strengthen your operations Our Competent individuals and Skilled leadership will provide you incident response, risk reviews and vulnerability assessments, identifying threats, all of which ladder up to driving secure solutions. What I’ll Be Doing – Your Accountabilities Accountable for delivering vulnerability assessments and penetration tests. Responsible for increasing individual technical skill whilst also delivering BAU. Accountable for increasing capability of the penetration testing team through web application, network & mobile skill acquisition. Accountable for support leadership in setting strategy for the team moving forward. Responsible for contributing to the positive research and technical capability of BT security. To support and maintain the BT Business Support – Protect BT ISO27001 certificate for Offensive Security team The Skills You Need Pentest Skills – Web application pen test (OWASP, NIST framework), Network pen test (Linux, windows), API & Mobile pen test. Networking Skills – TCP/IP packet level understanding, Routing, Switching, firewall understanding. Linux Skills – Linux directory structure & basic command line knowledge from pentest/vulnerability assessment standpoint. Vulnerability management- This requires understanding of vulnerability assessment framework (CVE/CVSS) and Security assessment tools (such as Nmap, Metasploit, Burp Suite, SQL map, Nessus) Regulatory Understanding- PCI DSS guidelines, GDPR. Leadership Accountabilities Accountabilities of the job: Solution focused achiever: We need this person to focus on delivering exceptional penetration testing services Customer champion: we are transforming how we communicate with our customers and need responsible person with a customer-focused attitude. Change agent: We need a tester who sees our processes and immediately thinks of better ways to do what we are doing and then leads that change. Experience You Would Be Expected To Have Mandatory 2-4 Years experience in the field on pen testing. Mandatory Bachelor’s degree or higher preferred. CEH, OSCP, CREST, LPT certifications are highly preferred. Ability to understand packet level TCP/IP knowledge. Good scripting knowledge (e.g. Python) will be highly preferred. Capable of working successfully with end customers PREFERRED. BT is part of BT Group, along with EE, Openreach, and Plusnet. Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding. We value diversity and celebrate difference. ‘We embed diversity and inclusion into everything that we do. It’s fundamental to our purpose: we connect for good.’ We all stick to the same values: Personal, Simple, and Brilliant. From day one, you’ll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won’t be alone: we’ll be there with help and support, learning and development. This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it. Show more Show less

We are seeking an OT Network Engineer to contribute to the development of an industrial automation and security platform with advanced OT network discovery, device fingerprinting, real-time tracking, and security compliance features . The ideal candidate will have expertise in network scanning, industrial protocols (SNMP, LLDP, ARP), Zero Trust security, IEC 62443 compliance, and PLC inventory management . This role requires hands-on experience in building scalable, secure, and AI-driven OT networking solutions integrated into the platform. Key Responsibilities: OT Network Discovery & Device Fingerprinting Develop and integrate automated network scanning for industrial assets into the platform. Implement passive & active network scanning using SNMP, LLDP, ARP, and industrial protocols. Design and optimize device fingerprinting to classify OT devices (PLCs, SCADA nodes, IIoT gateways, sensors) based on manufacturer, model, firmware, and protocol stack. Enable real-time endpoint tracking and automated asset registration within the platform. 2. Industrial Network Security & Compliance (IEC 62443, Zero Trust) Implement IEC 62443-based security frameworks within the platform to ensure OT network compliance. Integrate Zero Trust security models for industrial endpoints and control networks. Work on network segmentation strategies for isolating critical industrial systems within the platform. Design and develop anomaly detection features for unauthorized device behaviors using AI-based security analytics. 3. SCADA-Integrated Asset Management & Monitoring Contribute to the development of a SCADA-integrated asset inventory system for industrial environments. Develop a real-time monitoring engine for tracking PLC instances, network ports, and communication health. Optimize SCADA-to-OT data flows for improved visibility and control. Design SCADA security monitoring dashboards for operational visibility and threat detection. 4. OT Network Simulation & Testing Framework Develop a virtualized OT network environment for testing protocol translations and device communications. Simulate SCADA-to-PLC interactions within a cloud-based or hybrid testing framework. Create automated test cases for evaluating platform performance in large-scale OT environments. 5. AI-Driven Security & Network Optimization Contribute to AI-powered security heuristics for intrusion detection, anomaly recognition, and behavioral analysis. – Strongly Preferred Design real-time correlation engines to map network security events to operational risk indicators. Work with data scientists to integrate machine learning models for predictive network failure analysis. Required Skills & Qualifications: Networking & Industrial Protocols: Expertise in SNMP, LLDP, ARP-based discovery and industrial networking standards. Deep understanding of SCADA, PLC, DCS, and IIoT network architectures. Strong knowledge of Modbus TCP/IP, OPC-UA, EtherNet/IP, PROFINET. Security & Compliance: In-depth knowledge of IEC 62443, Zero Trust Architecture (ZTA), and industrial cybersecurity. Experience in firewall configurations, network segmentation, and encrypted communications (TLS 1.3, AES-256). Understanding of SIEM integration and OT security monitoring tools (Claroty, Nozomi, Dragos, CyberX). Platform Development & Integration: Experience in building scalable network discovery and security platforms for industrial automation. Familiarity with cloud-based OT security solutions (Azure Defender for IoT, AWS IoT Device Defender). Ability to work with RESTful APIs, MQTT, Kafka, and real-time event processing frameworks. Tools & Technologies: Network Security & Monitoring: Wireshark, Nmap, Zeek, Snort, Suricata. OT Security Platforms: Claroty, Nozomi Networks, Dragos, CyberX. Cloud & Edge Security: Azure IoT Hub, AWS IoT Core, Google Cloud IoT. PLC & SCADA Systems: Siemens, Rockwell, ABB, Schneider Electric, GE. Cloud & Edge Security: Azure Defender for IoT, AWS IoT Device Defender. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Cyber Security (OT Security) – Technology Consulting – Senior GDS Advisory's Risk group is a unique, industry-focused business unit that provides a broad range of integrated services that leverage deep industry experience with strong functional capability and product knowledge. Risk practice team provides integrated advisory services to leading Fortune 500 Companies. The team provides Risk Assurance, Risk Transformation, Internal Audit, Cybersecurity, Financial Services Risk Management and Actuarial services that take an enterprise-wide view, so that risk mitigation and risk management strategies and processes are embedded in every part of the organization. Our services mitigate risk, reduce the cost of control and help create value. The opportunity The GDS Architecture Engineering and Emerging Technology (AEET) services help our clients tackle the many security challenges they face on a daily basis and develop effective solutions using people, processes and technology, while enabling better security and risk decisions, and reducing costs related to manging security risks. The AEET team is looking for individuals who will play a direct role in delivery of Operational Technology (OT) security engagements, development of proposals in this area, and develop OT security solutions. You will play a key role in supporting our clients to secure their IT/OT environments, either through advisory and/or implementation support. Your key responsibilities To qualify, candidates must have: Understanding of security-related operational processes in the OT-ICS environments Understanding of OT SOC/ OT Identity Access Management/ OT Pen testing/ Zero Trust on OT Understanding of technologies (typical assets, communication protocols, technical architectures) utilized by OT-ICS systems and networks Knowledge of cyber / information security concepts, risk and controls concepts Understanding of aspects of functional safety (SIS) Knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts Knowledge of the technical security solutions utilized within OT-ICS systems and networks Knowledge of OS (Windows / Linux) security, Database security Knowledge of IT infrastructure Knowledge of cyber threats and vulnerabilities related to platform and infrastructure is a plus Prior experience working alongside delivery leads and architects to Identify and manage risks is a plus Skills And Attributes For Success Completed technical higher education in the field of industrial automation, computer science, electronics or other relevant fields Certificates or education related to industrial automation / engineering etc. Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP Knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, etc. is a plus Knowledge on tools like Nessus, BackTrack, NMAP, BurpSuite, etc. is a definite plus Knowledge on OT network monitoring solution such as Nozomi, Claroty, Armis, DarkTrace, Azure Defender. To qualify for the role, you must have 5+ years of experience in the Cyber Security and OT Security Domain Minimum B. Tech. or equivalent educational qualification ISA/IEC 62443 Fundamental* SCADA Fundamentals CompTIA Network+ CompTIA Security+ What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills And Attributes For Success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills and attributes for success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What we look for Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What working at EY offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

You Lead the Way. We’ve Got Your Back. With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally. At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong. Join Team Amex and let's lead the way together. How will you make an impact in this role? Responsible for contacting clients with overdue accounts to secure the settlement of the account. Also they do preventive work to avoid future overdues with accounts that have a high exposure. A PCI Penetration Tester, often referred to as a security expert or ethical hacker, is responsible for simulating real-world cyberattacks on systems and networks to identify vulnerabilities related to the Payment Card Industry Data Security Standard (PCI DSS). Their role involves performing vulnerability assessments, exploiting weaknesses, and providing actionable recommendations for remediation to ensure compliance with PCI DSS requirements. Key Responsibilities: PCI DSS Compliance: Ensuring that systems and networks meet the security requirements outlined in PCI DSS standards. Vulnerability Assessment: Identifying and classifying security flaws in systems, networks, and applications within the Payment Card Industry (PCI) environment. Penetration Testing: Simulating attacks on systems and networks to exploit identified vulnerabilities and assess their impact. Reporting and Recommendations: Documenting findings, including risk assessments, and providing detailed recommendations for improving security posture and addressing identified weaknesses. Compliance and Security: Collaborating with IT and development teams to implement security measures and ensure compliance with PCI DSS and other relevant standards. Staying Updated: Keeping abreast of the latest security threats, vulnerabilities, and testing methodologies to enhance their expertise. Specific Tasks: Network Scanning: Using tools like Nmap to identify open ports, services, and potential vulnerabilities within the network. Application Testing: Evaluating web applications, mobile apps, and APIs for security weaknesses and potential exploitation points. Reporting: Creating detailed reports, including risk assessments, technical findings, and remediation recommendations, for stakeholders. Skills and Qualifications: Bachelor’s Degree in Computer Science, Information Systems, Business 10+ years of experience in cyber security Penetration testing Strong understanding of PCI DSS requirements and compliance. Experience in penetration testing methodologies and tools. Proficiency in network protocols, operating systems, and web application technologies. Knowledge of common security vulnerabilities and exploitation techniques. Ability to communicate technical findings clearly and concisely. Certifications: Industry certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or similar can be beneficial. We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

Job Description Summary We are looking for a smart, security-minded, enthusiastic and friendly cyber security advisor who can work collaboratively with development teams to complete design and SDLC work for Products and Systems. Product Cyber-security Specialist is responsible for the analysis of controllers, systems for cyber security requirements. Conduct tests to verify Cyber security levels and recommend mitigation plans for products, systems during product development stages. As a member of a global and matrixed team, she/he will also be responsible for guiding secure design, testing of different products, control systems. Job Description Essential Responsibilities Involve in reviews, suggest changes, conduct tests to ensure systems, controllers to meet Cyber security requirements. Facilitate decisions and bring teams together to design and document software architecture, modularity, and future- proofing. Support/Involve development of proofs-of-concept to prove out strategy and manage development and product risks. Support production of technical documentation for software architecture, design, verification plans. Engage with development teams and ensure all software developed is compliant to Cyber-security requirements. Collaborate with a team of controls and system engineers developing operational technology software for various subsystems. The position requires an understanding of OT System, cloud application architecture and conversant with all Cyber security requirements. This role requires strong cooperation with system and subsystem teams necessary for command and control of the systems involved. Work with multiple teams in different location to identify vulnerability, suggest remediation to the software to meet customer requirements. Contribute to multi-generation product and tool planning. Qualifications/Requirements Bachelor in computer science/Cyber Security or relevant engineering or equivalent knowledge / experience with 0-1 Years of Experience. Good understanding in Cyber security for Controller, Systems in OT Space. Familiar with penetration testing for Controllers, Systems, Web software’s, CAPEC, Ethical hacking. Good Knowledge/worked on Cyber security tools and solutions like Wireshark, NESSUS, Burp Suite, Nmap, Nozomi, Claroty, Splunk, Acronis, Ivanti, etc. Knowledge in different phases of Software Development Life cycle (SDLC) including Design, Implementation and Testing. Knowledge on web technologies like JavaScript, jQuery, AJAX, JSON, AngularJS, Angular 6, NodeJs, Spring, Hibernate, Spring boot, MVC, RESTful Web Services, Flux, SOAP will be an added advantage. Knowledge on database RDBMS, MySQL NoSQL databases will be an added advantage. Software component: MS Visual Studio, MS Office, MS Visio, SVN, GitHub Linux and Windows OS Familiar with ISA 624443, NIST 800 standards will be an added advantage. Familiar on active directory, certificate management and hardening w.r.t CIS benchmarks for critical assets like switches, windows-based workstation and controllers. Familiar with threat modelling and risk assessment for OT products Additional Information Relocation Assistance Provided: Yes

Job Summary: We are seeking a highly experienced “Senior VAPT & Penetration Testing Specialist” to lead and ensure the quality and effectiveness of our vulnerability assessment and penetration testing operations. This role involves findings, validating findings, reviewing technical reports, ensuring compliance with standards (OWASP, PTES, NIST, etc.), and improving methodologies and tools. Key Responsibilities: Conduct in-depth vulnerability assessments and penetration tests on web, mobile, network, API, and cloud infrastructure using manual and automation. Utilize industry-standard tools like SQLMap, Burp Suite, Nessus, Nmap, and custom scripts for advanced exploitation techniques. Simulate various cyber-attacks including DDoS, Brute Force, XSS, SQL Injection, DNS attacks, and Social Engineering to identify system vulnerabilities. Perform peer reviews of technical deliverables and verify accuracy of findings and recommendations. Ensure that all assessments are aligned with industry standards such as OWASP, PTES, MITRE ATT&CK, and NIST. Act as a technical lead and mentor for junior VAPT team and QA team members. Identify gaps in the current testing methodologies and implement process improvements. Prepare detailed documentation and the VA report and ensure clear, actionable, and risk-rated reporting. Collaborate with clients and internal teams to understand scope and provide post-assessment clarifications. Present the client meeting for the future VAPT assignments. Stay updated with emerging threats, tools, techniques, and frameworks. Required Skills & Qualifications: Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field. 3 to 5 years of hands-on experience in VAPT and penetration testing. In-depth knowledge of web, network, mobile, cloud, and API security. Strong understanding of secure coding practices and vulnerability management. Expertise in tools like Burp Suite, Nmap, Nessus, Metasploit, Qualys, Kali Linux, Wireshark, etc. Familiarity with SIEM, IDS/IPS, EDR tools is a plus. Excellent report writing and documentation skills. Strong communication and overseas client-interaction skills. Preferred Certifications: OSCP (Offensive Security Certified Professional) – Highly preferred CEH (Certified Ethical Hacker) CREST / GPEN / GWAPT / CISSP – Optional but desirable ISO 27001 Lead Auditor or Lead Implementer – Added advantage Job Type: Full-time Pay: Up to ₹1,800,000.00 per year Schedule: Monday to Friday UK shift Work Location: In person Speak with the employer +91 9429521724

Job Description We are seeking an experienced and highly skilled Network Administrator with 6-10 years of experience to join our IT team. The ideal candidate will be responsible for designing, implementing, managing, and optimizing our network infrastructure to ensure high availability, performance, and security. This role involves strategic planning, technical execution, and collaboration with other IT professionals to support the organization's networking needs. Key Responsibilities Design, configure, and deploy reliable and scalable network solutions. Implement and maintain network infrastructure including LAN, WAN, VPN, and wireless networks. Monitor network performance and troubleshoot issues to ensure optimal performance. Perform regular network maintenance tasks, including updates and patches. Implement and maintain robust network security measures to protect against threats. Ensure compliance with industry standards, legal regulations, and companypolicies. Optimize network configurations and performance to support business operations. Ensure network resilience and availability through redundancy and failover strategies. Develop and implement proactive measures to prevent recurring problems. Skills Set As a network administrator, we are expecting you to be proficient in one or more tools/technologies and be open to learning and adapting to other tools/technologies. We value adaptability and a proactive approach to embracing new technologies and industry best practices. Technical Skills: Relevant certifications (e.g., Cisco CCNA/CCNP, CompTIA Network+, Juniper JNCIA/JNCIP) preferred. Strong understanding of networking protocols and technologies (e.g., TCP/IP, DNS, DHCP, BGP, OSPF). Experience with Cisco, Fortinet or Palo Alto firewall management, VPN configuration, and network security best practices. Knowledge of wireless networking and VoIP solutions. Familiarity with cloud networking solutions (e.g., AWS, Azure). Must have - Network vulnerability assessment tools like Qualys, Nmap etc. Experience in Network security at all layers like IPsec, spoofing at Data link layer, Man-in-the-middle attack prevention, Dos, DDos attacks etc. Soft Skills: Strong communication and interpersonal skills. Excellent problem-solving and analytical skills. Attention to detail and a proactive approach to tasks. Strong organisational and time management skills. Ability to work independently and as part of a team. Education: Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent experience). 6-10 years of experience in network administration or a similar role, with demonstrated expertise in managing large-scale network environments. Relevant certifications (e.g., Cisco CCNA/CCNP, CompTIA Network+, Juniper JNCIA/JNCIP) preferred. Show more Show less

Job Description Role Profile: The Cyber and IT Audit Manager will oversee IT and cybersecurity audits, managing a team of auditors to assess IT processes and Operational Technology (OT) environments. The manager will ensure audits are aligned with the company’s strategic objectives and regulatory requirements, with a focus on delivering value and identifying critical risks in IT and cybersecurity. This role includes responsibility for overseeing security assessments and implementing audit methodologies that support continuous improvement. Responsibilities ' Manage and execute a portfolio of IT and cybersecurity audits, focusing on complex audits related to IT general controls, cybersecurity frameworks, and OT environments. Oversee medium complexity security assessments for IT and OT systems, ensuring comprehensive audit coverage. Collaborate with the CAE, IT audit Director and IT stakeholders to build an audit pipeline, addressing emerging risks and identifying areas for process improvement. Lead the development of audit programs and methodologies, ensuring alignment with industry best practices and regulatory frameworks (e.g., NIST, COBIT, IEC 62443). Manage audit staff, providing guidance and ensuring adherence to professional standards (IIA, ITGC). Present audit findings to senior management, communicating risks, recommendations, and opportunities for improvement. Qualifications ' 7+ years of experience in IT auditing, cybersecurity, and OT systems. Proven experience managing audits and teams, with a focus on IT governance, cybersecurity, and risk management. Expertise with security assessment tools (e.g., Nmap, Nessus, Kali Linux, Metasploit, Burp Suite) and audit methodologies for IT and OT systems. Strong understanding of industry frameworks (NIST, COBIT, ISO 27001, MITRE ATT&CK) and IEC 62443 for OT environments. OT knowledge and experience is highly desirable. Certifications such as CISSP, CISA, CISM, OSCP, OSWP, CRTP, CEH, HTB CPTS, HTB CBBH, HTB CWEE are preferred. Bachelor’s or Master’s degree in Information Technology, Cybersecurity, or related disciplines. Strong leadership, project management, and communication skills, with the ability to influence stakeholders at all levels. At Nextracker, we are leading in the energy transition, providing the most comprehensive portfolio of intelligent solar tracker and software solutions for solar power plants, as well as strategic services to capture the full value of solar power plants for our customers. Our talented worldwide teams are transforming PV plant performance every day with smart technology, data monitoring and analysis services. For us at Nextracker, sustainability is not just a word. It's a core part of our business, values and our operations. Our sustainability efforts are based on five cornerstones: People, Community, Environment, Innovation, and Integrity. We are creative, collaborative and passionate problem-solvers from diverse backgrounds, driven by our shared mission to provide smart solar and software solutions for our customers and to mitigate climate change for future generations. Culture is our Passion Show more Show less

Job Description Summary We are looking for a smart, security-minded, enthusiastic and friendly cyber security advisor who can work collaboratively with development teams to complete design and SDLC work for Products and Systems. Product Cyber-security Specialist is responsible for the analysis of controllers, systems for cyber security requirements. Conduct tests to verify Cyber security levels and recommend mitigation plans for products, systems during product development stages. As a member of a global and matrixed team, she/he will also be responsible for guiding secure design, testing of different products, control systems. Job Description Essential Responsibilities Involve in reviews, suggest changes, conduct tests to ensure systems, controllers to meet Cyber security requirements. Facilitate decisions and bring teams together to design and document software architecture, modularity, and future- proofing. Support/Involve development of proofs-of-concept to prove out strategy and manage development and product risks. Support production of technical documentation for software architecture, design, verification plans. Engage with development teams and ensure all software developed is compliant to Cyber-security requirements. Collaborate with a team of controls and system engineers developing operational technology software for various subsystems. The position requires an understanding of OT System, cloud application architecture and conversant with all Cyber security requirements. This role requires strong cooperation with system and subsystem teams necessary for command and control of the systems involved. Work with multiple teams in different location to identify vulnerability, suggest remediation to the software to meet customer requirements. Contribute to multi-generation product and tool planning. Qualifications/Requirements Bachelor in computer science/Cyber Security or relevant engineering or equivalent knowledge / experience with 0-1 Years of Experience. Good understanding in Cyber security for Controller, Systems in OT Space. Familiar with penetration testing for Controllers, Systems, Web software’s, CAPEC, Ethical hacking. Good Knowledge/worked on Cyber security tools and solutions like Wireshark, NESSUS, Burp Suite, Nmap, Nozomi, Claroty, Splunk, Acronis, Ivanti, etc. Knowledge in different phases of Software Development Life cycle (SDLC) including Design, Implementation and Testing. Knowledge on web technologies like JavaScript, jQuery, AJAX, JSON, AngularJS, Angular 6, NodeJs, Spring, Hibernate, Spring boot, MVC, RESTful Web Services, Flux, SOAP will be an added advantage. Knowledge on database RDBMS, MySQL NoSQL databases will be an added advantage. Software component: MS Visual Studio, MS Office, MS Visio, SVN, GitHub Linux and Windows OS Familiar with ISA 624443, NIST 800 standards will be an added advantage. Familiar on active directory, certificate management and hardening w.r.t CIS benchmarks for critical assets like switches, windows-based workstation and controllers. Familiar with threat modelling and risk assessment for OT products Additional Information Relocation Assistance Provided: Yes Show more Show less

We are a leading Training Institute committed to building a skilled digital workforce. We are currently looking for a Cyber Security Trainer who can educate and empower learners with real-world cyber defense techniques and strategies. Key Responsibilities: Deliver interactive training sessions on Cyber Security Fundamentals, Ethical Hacking, Network Security, Threat Detection , and Penetration Testing . Cover tools and platforms like Kali Linux, Wireshark, Metasploit, Nmap , etc. Create and maintain training content, hands-on labs, case studies, and assessments. Guide students on industry best practices, compliance standards (ISO, NIST), and incident response. Stay updated with the latest security threats, tools, and technologies. Requirements: Strong hands-on experience in cyber security, ethical hacking, or IT security roles. Proficiency in security tools, Linux OS, and networking concepts. Prior experience in training/mentoring preferred. Excellent communication and teaching skills. Ability to deliver both beginner and advanced-level training. Preferred Qualifications: Certifications like CEH, CompTIA Security+, CISSP, OSCP are a plus. Experience in cloud security, DevSecOps, or security audits. Familiarity with cyber law and regulatory frameworks (GDPR, HIPAA, etc.). Job Types: Full-time, Permanent Pay: ₹10,228.99 - ₹32,802.78 per month Schedule: Day shift Ability to commute/relocate: Thiruvananthapuram, Kerala: Reliably commute or planning to relocate before starting work (Preferred) Work Location: In person

Description Design, implement, and manage deception strategies and technologies within the organisation's cybersecurity infrastructure. Responsibilities Hands-on experience in working with Deception Technology and SIEM Tool. Design and development of scalable, reliable, and fault-tolerant systems. Integrate/Modify existing open-source software according to the requirements. Prepare presentations and reports. Authoring research papers. Hands-on experience in virtualisation, cloud deployments, and networking. Ability to debug code and overcome fundamental challenges while coding. Hands-on experience in Python. Knowledge of tools like -- nmap, Metasploit, Wireshark, Burp suite, etc. Comfortable in using Linux OS. Good writing and communication skills to assist the group in technical writing. Eligibility A Bachelor's degree in computer science or a similar subject is required 2 years of experience in the same domain as mentioned under the category of responsibilities Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph. Show more Show less

You Lead the Way. We’ve Got Your Back. With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally. At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong. Join Team Amex and let's lead the way together. How will you make an impact in this role? Responsible for contacting clients with overdue accounts to secure the settlement of the account. Also they do preventive work to avoid future overdues with accounts that have a high exposure. A PCI Penetration Tester, often referred to as a security expert or ethical hacker, is responsible for simulating real-world cyberattacks on systems and networks to identify vulnerabilities related to the Payment Card Industry Data Security Standard (PCI DSS). Their role involves performing vulnerability assessments, exploiting weaknesses, and providing actionable recommendations for remediation to ensure compliance with PCI DSS requirements. Key Responsibilities: PCI DSS Compliance: Ensuring that systems and networks meet the security requirements outlined in PCI DSS standards. Vulnerability Assessment: Identifying and classifying security flaws in systems, networks, and applications within the Payment Card Industry (PCI) environment. Penetration Testing: Simulating attacks on systems and networks to exploit identified vulnerabilities and assess their impact. Reporting and Recommendations: Documenting findings, including risk assessments, and providing detailed recommendations for improving security posture and addressing identified weaknesses. Compliance and Security: Collaborating with IT and development teams to implement security measures and ensure compliance with PCI DSS and other relevant standards. Staying Updated: Keeping abreast of the latest security threats, vulnerabilities, and testing methodologies to enhance their expertise. Specific Tasks: Network Scanning: Using tools like Nmap to identify open ports, services, and potential vulnerabilities within the network. Application Testing: Evaluating web applications, mobile apps, and APIs for security weaknesses and potential exploitation points. Reporting: Creating detailed reports, including risk assessments, technical findings, and remediation recommendations, for stakeholders. Skills and Qualifications: Bachelor’s Degree in Computer Science, Information Systems, Business 10+ years of experience in cyber security Penetration testing Strong understanding of PCI DSS requirements and compliance. Experience in penetration testing methodologies and tools. Proficiency in network protocols, operating systems, and web application technologies. Knowledge of common security vulnerabilities and exploitation techniques. Ability to communicate technical findings clearly and concisely. Certifications: Industry certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or similar can be beneficial. We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations. Show more Show less

🔐 Cyber Security Intern 📍 Location: Remote (100% Virtual) 📅 Duration: 3 Months 💸 Stipend for Top Interns: ₹15,000 🎁 Perks: Certificate | Letter of Recommendation | Full-Time Offer (Based on Performance) About INLIGHN TECH INLIGHN TECH is focused on equipping students and graduates with practical, hands-on experience in emerging tech fields through structured virtual internships. Our Cyber Security Internship is designed to build a strong foundation in ethical hacking, threat detection, and system defense , making you industry-ready for a high-demand domain. 🚀 Internship Overview As a Cyber Security Intern , you will work on projects that simulate real-world cyber threats, learn to identify and mitigate vulnerabilities, and explore techniques used by security professionals to protect systems and data. 🔧 Key Responsibilities Conduct vulnerability assessments and basic penetration testing Analyze logs and traffic to identify potential threats or breaches Assist in incident response and threat mitigation activities Learn and work with tools such as Kali Linux, Burp Suite, Nmap, Metasploit, and Wireshark Study and apply the OWASP Top 10 and other security standards Support the development of security protocols and documentation Stay updated on emerging cyber threats and protection mechanisms ✅ Qualifications Currently pursuing or recently completed a degree in Cybersecurity, IT, Computer Science , or a related field Basic knowledge of networking concepts, operating systems, and system vulnerabilities Familiarity with ethical hacking techniques and cybersecurity tools Understanding of firewalls, encryption, and authentication methods Strong problem-solving skills and a desire to learn more about cyber defense Passion for cybersecurity and protecting digital environments 🎓 What You’ll Gain Hands-on experience with real-world cybersecurity tools and challenges Insight into threat analysis, penetration testing, and security compliance Internship Certificate upon successful completion Letter of Recommendation for high performers Opportunity for a Full-Time Offer based on performance A strong foundation for pursuing careers like Ethical Hacker, SOC Analyst, or Penetration Tester Show more Show less

Join our Team About this opportunity: Join Ericsson as an Oracle Database Administrator and play a key role in managing and optimizing our critical database infrastructure. As an Oracle DBA, you will be responsible for installing, configuring, Upgrading and maintaining Oracle databases, ensuring high availability, performance, and security. You’ll work closely with cross-functional teams to support business-critical applications, troubleshoot issues, and implement database upgrades and patches. This role offers a dynamic and collaborative environment where you can leverage your expertise to drive automation, improve efficiency, and contribute to innovative database solutions. What you will do: Oracle, PostgreSQL, MySQL, and/or MariaDB database administration in production environments. Experience with Container Databases (CDBs) and Pluggable Databases (PDBs) for better resource utilization and simplified management. High availability configuration using Oracle Dataguard, PostgreSQL, MySQL replication, and/or MariaDB Galera clusters. Oracle Enterprise Manager administration which includes alarm integration. Familiarity with Linux tooling such as iotop, vmstat, nmap, OpenSSL, grep, ping, find, df, ssh, and dnf. Familiarity with Oracle SQL Developer, Oracle Data Modeler, pgadmin, toad, PHP, MyAdmin, and MySQL Workbench is a plus. Familiarity with NoSQL, such as MongoDB is a plus. Knowledge of Middle ware like Golden-gate both oracle to oracle and oracle to BigData. Oracle, PostgreSQL, MySQL, and/or MariaDB database administration in production environments. Conduct detailed performance analysis and fine-tuning of SQL queries and stored procedures. Analyze AWR, ADDMreports to identify and resolve performance bottlenecks. Implement and manage backup strategies using RMAN and other industry-standard tools. Performing pre-patch validation using opatch and datapatch. Testing patches in a non-production environment to identify potential issues before applying to production. Apply Oracle quarterly patches and security updates. Implement and manage backup strategies using RMAN and other industry-standard tools. The skills you bring: Bachelor of Engineering or equivalent experience with at least 2 to 3 years in the field of IT. Must have experience in handling operations in any customer service delivery organization. Thorough understanding of basic framework of Telecom / IT processes. Willingness to work in a 24x7 operational environment with rotating shifts, including weekends and holidays, to support critical infra and ensure minimal downtime. Strong understanding of Linux systems and networking fundamentals. Knowledge of cloud platforms (AWS, Azure, GCP) and containerization (Docker, Kubernetes) is a plus. Oracle Certified Professional (OCP) is preferred Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Noida Req ID: 764288 Show more Show less

We are looking for a highly skilled and experienced Senior VAPT Engineer to lead and conduct comprehensive vulnerability assessments and penetration tests across applications, networks, and systems. The ideal candidate will be responsible for identifying security risks, reporting vulnerabilities, and providing mitigation strategies to ensure enterprise-wide cybersecurity. 🛠️ Key Responsibilities: Conduct vulnerability assessments and penetration testing for networks, web/mobile applications, APIs, and cloud infrastructure Perform manual and automated testing using industry-standard tools (e.g., Burp Suite, Nmap, Nessus, Metasploit, Kali Linux, etc.) Identify, exploit, and document security flaws, misconfigurations, and weaknesses Prepare detailed assessment reports with technical findings, risk ratings, and remediation recommendations Collaborate with development, network, and infrastructure teams to guide and verify remediation efforts Stay updated on the latest security threats, attack vectors, and tools Contribute to the development and improvement of internal VAPT methodologies and checklists Ensure compliance with industry standards and frameworks (OWASP, ISO 27001, NIST, etc.) ✅ Requirements: Bachelor’s degree in Computer Science, IT, Cybersecurity, or related field 4–7 years of experience in VAPT or ethical hacking Strong knowledge of OWASP Top 10, CVSS scoring, MITRE ATT&CK framework Experience with tools like Burp Suite Pro, Nessus, Acunetix, Wireshark, and scripting (Python, Bash, etc.) Familiarity with cloud environments (AWS, Azure, GCP) and container security (Docker/Kubernetes) is a plus CEH, OSCP, or other cybersecurity certifications preferred Excellent analytical and report writing skills Show more Show less

Company: Innovesta Group Location: Onsite – Sydney / Bella Vista, NSW, Australia Experience: 4 to 8 Years Employment Type: Full Time Salary: Best in Industry About Innovesta Group Innovesta Group is a dynamic technology advisory and investment firm driving innovation and digital transformation across Australia and APAC markets. We partner with high-growth technology companies to accelerate business outcomes by providing strategic leadership, operational excellence, and cutting-edge technical expertise. Our team thrives on excellence, collaboration, and delivering measurable value to our clients globally. Role Summary We are seeking a passionate and skilled Penetration Tester (OSCP Certified) to join our team onsite in Australia. The ideal candidate will have a strong offensive security background and a drive to identify and mitigate vulnerabilities in complex environments. Key Responsibilities Perform comprehensive penetration tests on applications, networks, and infrastructure. Provide clear, actionable security reports with remediation guidance. Work closely with cross-functional teams to improve security posture. Keep abreast of emerging security threats and attack methodologies. Develop and maintain automation tools and scripts to support penetration testing. Lead red team exercises and threat simulation activities. Mentor junior security engineers and contribute to security training initiatives. Required Qualifications & Experience 4-8 years in penetration testing/offensive security roles. OSCP certification required. Experience with Kali Linux, Burp Suite, Metasploit, Nmap, Wireshark, etc. Solid understanding of OWASP Top 10 and other common vulnerabilities. Strong reporting skills with ability to translate technical risks to business impact. Proficient in network protocols, operating systems, and encryption technologies. Excellent problem-solving and communication abilities. Preferred Skills Additional certifications such as OSCE, CEH, CISSP, GPEN are a plus. Cloud security experience (AWS, Azure, GCP). Scripting/programming skills in Python, Bash, PowerShell. Familiarity with threat hunting, red teaming, incident response. Understanding of DevSecOps and CI/CD security processes. Why Innovesta? Work with a fast-growing tech advisory firm driving impactful digital transformations. Engage with top-tier clients and cutting-edge projects. Opportunities for professional growth and skill development. Collaborative and innovative work culture. Show more Show less

Vice President - Cyber Security Operations Job Statement: NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. We are looking for a proven, high energy, results oriented Cybersecurity Operations Leader, where you will be a key advisor for our clients, analyzing business requirements to design and implement ideal security solutions for their needs. As an established SecOps Leader, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security posture. This is an opportunity for you to showcase your strong communication skills and experience in SOC operations, security governance & advisory, security risk management, security architecture, and cyber incident response programs. Job responsibilities: Service Delivery Management: Oversee the end-to-end delivery of Managed XDR, Attack Surface Reduction, and Advisory services to clients, ensuring high-quality outcomes and client satisfaction. SOC Operations Leadership: Lead and manage Security Operations Center (SOC) operations, ensuring effective monitoring, incident management, and response processes are in place. Incident & Escalation Management: Take responsibility for escalations arising from security event monitoring, incident management, and response. Ensure timely resolution and process improvements. SLA & Process Compliance: Ensure that service level agreements (SLAs) are met, while also driving process adherence, continuous improvements, and operational excellence. Governance & Metrics: Establish and refine operational foundations, defining key metrics and KPIs to drive governance, quality, and efficiency. Influence operational change to improve performance. Threat Management & Detection: Lead efforts in threat management, modeling, and hunting. Identify threat vectors and develop use cases and detection rules to enhance security monitoring capabilities. Team Training & Development: Ensure that the team’s skill development and training needs are adequately addressed to maintain cutting-edge security expertise. Cybersecurity Maturity & Resilience: Assist clients in identifying potential threats, vulnerabilities, and deficiencies, advising on measures to enhance their cybersecurity maturity and resilience. Solution Design & Communication: Evaluate client needs, create tailored security solutions, and effectively communicate the value proposition of complex security concepts to both technical and non-technical stakeholders. Security Assessments: Plan and execute IT security assessments of on-premise/cloud IT assets. Understand organizational objectives, policies, and regulations to identify risk areas and prepare comprehensive review programs. Stakeholder Communication: Possess strong communication skills to engage with senior management, board members, technical teams, and key client stakeholders to convey complex security concepts effectively. Sales & Proposal Support: Contribute to sales pursuits, proposals, and the development of security practice eminence. Drive business growth through strategic client relationships. Project Delivery: Lead and deliver complex security projects in a fast-paced, team-driven environment. Knowledge Sharing & Collaboration: Foster a collaborative environment by promoting and participating in forums that enhance the firm’s collective knowledge and assist clients with complex challenges. Enterprise Security Leadership: Provide leadership and strategic direction to the organization’s information security initiatives. Cybersecurity Strategy & Technology Update: Regularly update and refine the cybersecurity strategy to incorporate new technologies and emerging threat information. Client Relationship Management: Establish and maintain strong client relationships to further expand the service portfolio and ensure long-term client success. Job specifications: 1. Qualification: A bachelor’s degree in a related field (e.g., Computer Science, Cybersecurity, or Information Technology) and a minimum of 15 years of relevant work experience. Certifications Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA). Cloud security certifications from major Cloud Service Providers (AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect), or Certified Cloud Security Professional (CCSP) / Certificate of Cloud Security Knowledge (CCSK). 2. Desired Skills: Desired Skills & Experience : SOC Expertise: Strong understanding of SOC operations, design, and management. Experience with domain administration, network architecture, and change control procedures. Risk Management Knowledge: Familiarity with IT risk management standards and frameworks, including ISO 31000, NIST Cybersecurity Framework, ISO 27001/27002, GDPR, PCI DSS, SOC 1/SOC 2, COBIT, and HITRUST. Networking & Security Technologies: Knowledge of networking (TCP/IP, OSI model), operating systems (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS), and programming languages (C, Java, Perl, Shell). Threat Landscape Awareness: In-depth understanding of cyber-attacks, threat vectors, risk management, and incident response. Security Solutions Proficiency: Hands-on experience with MDR, EDR, XDR, SIEM, Vulnerability Management, IDS/IPS, NTA, UEBA, DLP, and other security technologies. Penetration Testing Tools: Familiarity with penetration testing and application security tools (Kali Linux, Metasploit, Burp Suite, Nessus, NMAP). Security Frameworks & Methodologies: Understanding of OWASP, the MITRE Attack Framework, Cyber Kill Chain, and the SDLC (Software Development Lifecycle). Cloud Security Expertise: Advanced knowledge of cloud security practices and implementations. Vendor/Partner & Client Management: Strong experience in vendor/partner management, client management, and the ability to lead client relationships effectively. Offerings Development: Ability to research and develop innovative security risk-based offerings that meet client needs. Shaping Client Expectations: Expertise in managing and shaping client expectations throughout engagement cycles. #CybersecurityLeadership #VPOfOperations #SecurityOperations #CyberOpsLeadership #OperationsLeadership #CybersecurityVP #SecurityOps #CybersecurityExec #TechOperations #InfoSecLeadership #VPJobs #LeadershipHiring #CybersecurityCareers #OperationsExcellence #SecurityLeadershipRoles #HyderabadJobs #HyderabadHiring #HyderabadCareers #HyderabadTech #HyderabadVP #HyderabadOperations Show more Show less

The HiLabs Story HiLabs is a leading provider of AI-powered solutions to clean dirty data, unlocking its hidden potential for healthcare transformation. HiLabs is committed to transforming the healthcare industry through innovation, collaboration, and a relentless focus on improving patient outcomes. HiLabs Team Multidisciplinary industry leaders Healthcare domain experts AI/ML and data science experts Professionals hailing from the worlds best universities, business schools, and engineering institutes including Harvard, Yale, Carnegie Mellon, Duke, Georgia Tech, Indian Institute of Management (IIM), and Indian Institute of Technology (IIT). Be a part of a team that harnesses advanced AI, ML, and big data technologies to develop cutting-edge healthcare technology platform, delivering innovative business solutions. Job Title : Security Test Engineer Job Location : Pune, Maharashtra, India Job summary: We are a leading Software as a Service (SaaS) company that specializes in the transformation of data in the US healthcare industry through cutting-edge Artificial Intelligence (AI) solutions. HiLabs is looking for highly motivated and technical Sr. Software Development Engineers focused on the application of emerging technologies, who should continually strive to advance engineering excellence and technology innovation. The mission is to power the next generation of digital products and services through innovation, collaboration, and transparency. Responsibilities Design, implement, and manage security controls across cloud environments. Conduct regular vulnerability assessments, penetration tests, and risk analyses. Develop and execute test plans, test cases, and security automation scripts. Lead incident response activities including identification, containment, mitigation, and post-incident analysis. Collaborate with cross-functional teams to remediate vulnerabilities and strengthen defenses Work collaboratively with IT and engineering teams to integrate security best practices into daily operations and development cycles. Assess security controls and ensure compliance with relevant standards (e.g., OWASP, NIST, HIPAA, SocII Type2) by working closely with the compliance team. Maintain detailed security documentation and provide periodic reports to management Stay up to date with emerging threats, vulnerabilities, and security best practices. Desired Profile Bachelor’s degree in Computer Science, Information Security, or a related field. 3-6 years of experience in IT security, or related roles. Strong knowledge of IT security frameworks, best practices, and standards (e.g., NIST, ISO 27001). Hands-on experience with vulnerability management tools, SIEM solutions, and endpoint security technologies. Hands-on experience with security tools such as Kali Linux, Metasploit, Burpsuite, Wireshark, SonarQube, AppSec, Nmap, OWASP ZAP, and Nessus Understanding of security vulnerabilities, exploits, and mitigation techniques Proficiency in cloud security (AWS, Azure, or GCP) is a plus Solid understanding of network protocols, firewalls, VPNs, and IDS/IPS systems. Knowledge of security frameworks and standards (e.g., OWASP Top 10, CVSS, CIS Benchmarks). Excellent problem-solving skills and the ability to respond effectively under pressure Passionate about technology and delivering solutions to solve complex business problems Great collaboration and interpersonal skills Ability to work with team members and lead by example in code, feature development, and knowledge sharing Nice to Have Certifications such as CEH, OSCP or CompTIA Security+. Experience in the healthcare industry and knowledge of HIPAA compliance. Familiarity with container security and DevSecOps practices. Experience with automation and scripting (Python, Bash) for security tasks HiLabs is an equal opportunity employer (EOE). No job applicant or employee shall receive less favorable treatment or be disadvantaged because of their gender, marital or family status, color, race, ethnic origin, religion, disability, or age; nor be subject to less favorable treatment or be disadvantaged on any other basis prohibited by applicable law. HiLabs is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse and inclusive workforce to support individual growth and superior business results. Thank you for reviewing this opportunity with HiLabs! If this position appears to be a good fit for your skillset, we welcome your application. HiLabs Total Rewards Competitive Salary, Accelerated Incentive Policies, H1B sponsorship, Comprehensive benefits package that includes ESOPs, financial contribution for your ongoing professional and personal development, medical coverage for you and your loved ones, 401k, PTOs & a collaborative working environment, Smart mentorship, and highly qualified multidisciplinary, incredibly talented professionals from highly renowned and accredited medical schools, business schools, and engineering institutes. CCPA disclosure notice - https://www.hilabs.com/privacy Show more Show less

Line of Service Advisory Industry/Sector Not Applicable Specialism Microsoft Management Level Senior Associate Job Description & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. Those in penetration testing at PwC will focus on penetration testing (or pen testing) which is a security exercise where a cybersecurity consultant attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a system's defences which attackers could take advantage of. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Responsibilities Strong knowledge of web application security testing, API security testing Strong knowledge of Industry standard application security tools – Burp Suite, Nmap, Zap proxy Strong knowledge of Industry standard DAST tool (example: NetSparker) Strong knowledge in both static and dynamic assessments for desktop and mobile applications Strong knowledge in manual and automated testing process, focusing on OWASP methodology Strong Knowledge of vulnerability identification and remediation methodology. Knowledge of vulnerability assessments of network and security devices Strong knowledge of open source and commercial tools, proficient in Kali Linux based tools Mandatory Skill Sets VAPT, web application security testing, API security testing Preferred Skill Sets mobile security testing, DAST, penetration testing Years Of Experience Required 3+ Education Qualification B.Tech/B.E./MCA Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills API Testing, Web Application Security Testing Optional Skills Penetration Testing Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

Job Description -: Experience of 4+ years • Hands-on experience of conducting security assessments of Web Applications, Mobile Applications, Web Services/APIs, Thick-clients. • Experience in tools such as burpsuite, nessus, nmap, acunetix, metasploit, checkmarx, etc. • Experience with Open Web Application Security Project (OWASP),SANS, Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. • Ability to explain technical vulnerabilities to both technical and non technical audience highlighting business risk. • Knowledge of at least one cloud technology (AWS, Azure,GCP) is desirable, preferrably AWS and Azure. • Good understanding of coding best practices and standards. • Good knowledge of at least one of the following programming/scripting languages viz. python, ruby, C#, powershell, C/C++, Java • Good communication skills. • Critical thinking and good problem-solving abilities. • Organized in planning and time management skills are preferred. • Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable. Roles & Responsibilities -: Conduct vulnerability assessment and penetration testing for application, and other infrastructure Conduct application security assessment of web applications, mobile applications, thick-client application and API. Conduct configuration reviews for Operating System, Database, Middleware, Firewall, Routers, Switches and other infrastructure. Conduct red-team assessments Conduct cloud security assessments Conduct source-code review using automated and manual approaches Ensure timely execution of projects, delivery of status updates and final reports. Stay abreast of the latest updates in technology, security trends, vulnerabilities, exploit techniques and security news. Proficient in Ms-Excel and Powerpoint.