510 Nmap Jobs - Page 7

Dear Candidate, We are hiring a Compliance Engineer to ensure code and dependencies meet licensing and audit standards. Key Responsibilities: Track open-source usage and license compliance. Automate compliance scanning and reporting. Assist in security reviews and audits. Required Skills & Qualifications: Familiarity with tools like FOSSA, Black Duck. Knowledge of OSS licenses (MIT, GPL, Apache). Experience with code scanning and SBOMs. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Description As an IT/OT Vulnerability Assessment and Penetration Testing (VAPT) Engineer, you will be engaged in identifying and mitigating security vulnerabilities across IT systems, Industrial Control Systems (ICS), and Industrial Internet of Things (IIoT) environments. Your work will involve rigorous security assessments of critical infrastructure, SCADA systems, PLCs, field devices, gateways, and cloud-connected IIoT platforms. You will simulate advanced adversary tactics to expose vulnerabilities and provide strategic remediation guidance. The role is suited for professionals with a deep understanding of both enterprise IT security and industrial/embedded system ecosystems. Responsibilities 1-Vulnerability Assessment & Penetration Testing (IT + ICS/IIoT): Perform black-box, grey-box, and white-box VAPT on: Enterprise IT assets (servers, databases, web/mobile apps, Active Directory, cloud) OT/ICS assets (PLCs, RTUs, HMIs, engineering workstations, protocol gateways) IIoT platforms (MQTT/CoAP-based telemetry, edge gateways, cloud dashboards) Emulate APT-level attacks across air-gapped, segmented, or hybrid IT-OT architectures. Execute Red Team scenarios to simulate insider threats or supply chain compromise. 2- ICS Protocol & Field Device Security Testing: Analyze and exploit vulnerabilities in ICS protocols: Modbus TCP, DNP3, IEC 104, OPC-UA, S7comm, Profinet, BACnet, CIP (EtherNet/IP), MQTT, CoAP Perform live traffic analysis, packet manipulation, and protocol fuzzing to test resilience. Evaluate control logic vulnerabilities in ladder logic, structured text, and function blocks. 3- Firmware & Hardware Exploitation (IIoT/ICS Devices): Extract and analyze firmware from industrial devices using JTAG, UART, SPI interfaces. Perform static and dynamic analysis using Ghidra, Binwalk, Radare2, or IDA Pro. Reverse engineer file systems (e.g., squashfs, cramfs) and analyze web interfaces or CLI backdoors. Exploit misconfigured bootloaders, insecure firmware upgrade mechanisms, or exposed debug ports. 4- Network Architecture & Segmentation Testing: Review and test IT-OT segmentation via firewall ACLs, VLANs, DMZ configurations. Assess trust relationships, weak credential policies, and insecure remote access (e.g., exposed VNC, Telnet, RDP). Identify unauthorized bridging of air-gapped networks or misconfigured routing/switching. 5- Cloud & IIoT Platform Security: Evaluate MQTT brokers, edge-to-cloud telemetry, and analytics pipelines. Test REST APIs, insecure mobile app integrations, and cloud misconfigurations (S3, IAM, IoT Core). Identify insecure certificate handling, default API tokens, and lack of encryption at rest/in transit. Reporting & Mitigation Develop technical and executive-level reports with CVSS scoring, attack paths, and exploitation evidence. Recommend hardening measures for both IT (patches, SIEM, EDR) and OT (control policy tuning, physical zoning, least privilege for operators). Coordinate with ICS engineers, IT admins, and SOC teams for patch validation and monitoring upgrades. Compliance & Framework Alignment Ensure assessments comply with industry and regulatory frameworks: NIST SP 800-82, ISA/IEC 62443, ISO 27001, NERC CIP, SANS ICS Top 20 Map findings to MITRE ATT&CK for ICS and monitor emerging CVEs relevant to industrial products. Eligibility Educational Background: Bachelor’s or Master’s in Cybersecurity, Computer Science, Industrial Automation, Electronics, or a related field. Technical Skills: Deep knowledge of ICS/SCADA systems, embedded architectures, and real-time OS (VxWorks, QNX, FreeRTOS). Hands-on experience with tools: VAPT Tools: Nessus, Burp Suite, Metasploit, Nmap, Nikto, SQLMap ICS Tools: Wireshark, Scapy, PLCScan, ICSFuzz, S7comm Tools, Conpot, ModScan Firmware Tools: Binwalk, Ghidra, Radare2, OpenOCD, Logic Analyzers IIoT Security: Shodan, Censys, MQTTX, Postman, OWASP ZAP Certifications (Preferred): OSCP, GRID, GICSP, CRT, CRTP, CEH, CISSP, or equivalent. Participation in ICS/IoT-focused CTFs or open-source contributions is a plus. Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph.

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like you? Then it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development Stay updated on the latest security trends, vulnerabilities, and technology advancements. Provide training and guidance to the team and other departments on security best practices. Strategy and Planning Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) Internal/external network penetration, privilege escalation, and lateral movement Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing Working knowledge of Kali Linux and frameworks like MITRE ATT&CK Basic understanding of AI/ML security: adversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: Offensive: Burp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver Reconnaissance: Nmap, Amass, Shodan, OSINT frameworks/tools Vulnerability Scanners: Nessus, Qualys, Nexpose Programming/Scripting: Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills Excellent written and verbal communication skills Strong analytical and problem-solving capabilities Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): Highly Desirable: OSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE Other Considered: EWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at: www.siemens.com/careers

At Gryffin Global, we are seeking a proactive and skilled Network Security Engineer to join our expanding IT security team. This role is integral to ensuring the integrity, confidentiality, and availability of our network systems and data by implementing cutting-edge security solutions, responding to security threats, and maintaining a robust security posture across our global infrastructure. The ideal candidate will bring deep expertise in network security protocols, hands-on experience with various security technologies, and the ability to work collaboratively with cross-functional teams. Key Responsibilities: Network Security Design & Implementation: Design, implement, and maintain secure network architecture to protect Gryffin Global’s critical systems and data. This includes firewalls, intrusion detection systems (IDS), virtual private networks (VPNs), and other security appliances. Threat Detection & Incident Response: Monitor and analyze network traffic for security threats, such as DDoS attacks, intrusions, or malicious activity. Act as a primary responder to network security incidents and work to quickly mitigate threats and prevent recurrence. Security Audits & Vulnerability Management: Regularly perform network security audits and vulnerability assessments to identify potential risks and areas for improvement. Provide recommendations for remediation and work with the IT and development teams to address vulnerabilities in a timely manner. Security Policies & Compliance: Develop and enforce network security policies, procedures, and guidelines to comply with industry standards and regulations (e.g., NIST, ISO 27001, GDPR). Ensure that the organization is aligned with best practices for data protection. Collaboration & Cross-Functional Support: Work closely with IT, system administrators, and development teams to integrate security into all aspects of our infrastructure, applications, and workflows. Provide guidance and support on secure network design, configuration, and implementation. Continuous Improvement: Stay current with emerging security technologies, industry trends, and evolving cyber threats. Continuously improve security posture by evaluating new tools, methodologies, and protocols that can enhance network protection. Documentation & Reporting: Maintain accurate and up-to-date documentation on network security architecture, configurations, and incident reports. Communicate security findings and risk assessments to senior leadership and stakeholders. Qualifications: Education & Experience: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field, or equivalent work experience. Minimum of 5 years of experience in network security, with a proven track record of managing and securing enterprise-level networks. Hands-on experience with security solutions (firewalls, IDS/IPS, VPNs, network monitoring tools, etc.) and best practices for network security. Certifications: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM) is preferred. Cisco Certified Network Associate (CCNA), Certified Network Defender (CND), or other relevant certifications are a plus. Technical Skills: Strong understanding of network protocols (TCP/IP, DNS, HTTP/S, etc.) and services (firewalling, VPN, IDS/IPS, etc.). Experience with network monitoring and security tools (e.g., Wireshark, Nmap, Snort, Palo Alto, Cisco ASA, etc.). Expertise in securing cloud environments (AWS, Azure, Google Cloud) and network security in hybrid environments. Familiarity with scripting languages (Python, Bash, etc.) to automate security tasks is a plus. Soft Skills: Excellent verbal and written communication skills, with the ability to clearly explain complex technical concepts to non-technical stakeholders. Strong problem-solving skills and ability to think critically under pressure. Ability to work both independently and collaboratively in a fast-paced environment. A proactive, detail-oriented mindset with a passion for continuous learning and professional growth. If you are passionate about cybersecurity, enjoy solving complex challenges, and want to be part of a forward-thinking organization, we would love to have you join our team!

Role Overview We are seeking a skilled and driven Sr. Security Engineer with a strong background in penetration testing (web, mobile, and network) and an understanding of security compliance standards such as SOC 2, ISO 27001, and GDPR. The ideal candidate will have hands-on experience identifying and exploiting vulnerabilities, preparing technical and compliance reports, and guiding clients or internal teams on remediation and governance. Key Responsibilities Conduct penetration testing of web applications, mobile apps (iOS/Android), and internal/external networks. Perform vulnerability assessments and risk evaluations across client environments. Create detailed technical and executive reports with prioritized remediation strategies. Assist in SOC 2 readiness assessments, ISO 27001 implementation, and GDPR compliance checks. Collaborate with cross-functional teams for remedial activities to improve the security posture. Stay updated with the latest exploits, tools, and compliance updates. Required Qualifications 5+ years of experience in cybersecurity with a focus on penetration testing and compliance. Proficiency in tools like Burp Suite, Nmap, Metasploit, Nessus, MobSF, and manual testing techniques. Strong knowledge of OWASP Top 10, secure coding practices, network protocols, and common attack vectors. Understanding of SOC 2, ISO 27001, GDPR, and associated implementation or audit processes. Certifications (Preferred) CEH (Certified Ethical Hacker) ISO/IEC 27001 Lead Auditor / Lead Implementer Other relevant certs: e.g., CompTIA Security+, eWPT, eCPPT, GPEN Nice-to-Have Skills Familiarity with DevSecOps pipelines, source code reviews, or CI/CD security integration. Client-facing consulting experience or report presentation skills. Cyber Security vibe is a must. (ref:hirist.tech)

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like you? Then it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development Stay updated on the latest security trends, vulnerabilities, and technology advancements. Provide training and guidance to the team and other departments on security best practices. Strategy and Planning Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) Internal/external network penetration, privilege escalation, and lateral movement Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing Working knowledge of Kali Linux and frameworks like MITRE ATT&CK Basic understanding of AI/ML security: adversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: Offensive: Burp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver Reconnaissance: Nmap, Amass, Shodan, OSINT frameworks/tools Vulnerability Scanners: Nessus, Qualys, Nexpose Programming/Scripting: Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills Excellent written and verbal communication skills Strong analytical and problem-solving capabilities Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): Highly Desirable: OSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE Other Considered: EWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at: www.siemens.com/careers

About the Company - Kempegowda International Airport, Bengaluru (KIAB/ BLR Airport), named after founder of the City – Hiriya Kempegowda – has the unique distinction of being the first Greenfield Airport in India, established on a Public-Private Partnership (PPP) model. This heralded a revolution in Indian aviation, as more airports in the Country were privatised, thereafter. Responsibilities - Managed XDR Operations: Oversee threat detection, threat prevention, identity and access management, and incident response activities. Optimize the performance of managed XDR solutions to proactively identify and mitigate risks. Ensure a well-defined incident response plan is in place and regularly tested through simulations. Continuously improve detection and response capabilities based on threat intelligence and industry trends. Regularly review and update playbooks to address emerging threats and advanced attack techniques. Conduct post-incident reviews to identify lessons learned and improve processes. Monitor and evaluate partner performance, addressing any issues related to quality, cost, or delivery. Manage escalations as per contracted frameworks. Ensure unresolved escalations are tabled in governance forums and taken up for resolution. Drive the resolution of such escalations by working with all concerned stakeholders Review and provide feedback on periodic process, SLAs and KPI reports published by various ICT teams Escalate process compliance issues to senior leadership along with suggestion on remediation plan Review all Change Requests and provide insight & recommendations ensuring CRs/amendments are fit for purpose, negotiated and executed by working with all stakeholders. Execution of Security Projects: Lead and manage the successful delivery of cybersecurity projects, ensuring they align with business needs. Define clear project milestones, KPIs, and timelines to track progress effectively. Collaborate with internal and external stakeholders to ensure smooth implementation. Transition completed projects into ongoing operations with defined ownership and support mechanisms. Anticipate potential challenges and implement proactive risk management strategies. Financial Management: Oversee the development, management, and monitoring of the InfoSec budget, ensuring optimal allocation of resources. Accountability of budgeting and periodic financial forecasting for InfoSec – ensuring that the inputs on budgeting and forecasting are as per agreed frequency. Analyze and report on InfoSec financial performance, providing insights and recommendations for cost optimization, return on investment (ROI) and/ or Value Realization. Prepare and track InfoSec PRs and invoice processing and subsequent payments to partners and vendors. Ensure all InfoSec vendor payments are validated and approved by respective InfoSec teams and are aligned to agreed vendor payments terms and conditions. Track vendor payments against approved amount in InfoSec budget. Publish reports on InfoSec Financial Management to ICT leadership for review Security Architecture: Develop and implement a robust security architecture framework that integrates IT and OT systems. Evaluate and recommend security technologies and tools to improve organizational resilience. Ensure scalability, flexibility, and future-readiness of the security architecture. Conduct regular architecture reviews to ensure compliance with evolving standards and business changes. Provide technical leadership on emerging technologies and trends, such as Zero Trust and Secure Access Service Edge (SASE). Act as the primary SPOC for InfoSec in ARB (Architecture Review Board), ensuring terms and conditions are favorable and aligned with BIAL’s strategic information security goals. Regularly review deployments for compliance with organizational policies, regulatory requirements, ARB approvals and industry standards. Use insights gained from project performance to refine future ARBs, driving continuous improvement in partner selection, infosec requirements, service delivery and cost management. Maintain accurate and up-to-date records of all contractual communications, amendments, and performance evaluations. ICS Security: Develop and enforce security policies and controls for Industrial Control Systems (ICS) and Operational Technology (OT). Work closely with BIAL Projects and E&M teams to design secure processes for OT systems/ ICS. Perform regular vulnerability assessments and penetration testing of OT systems. Ensure alignment with BIAL Operational Technology Cybersecurity Policy and other relevant ICS/OT-specific security standards, such as IEC 62443. Establish monitoring mechanisms to detect and respond to threats in real-time within OT environments. Governance, Risk, and Compliance (GRC): Develop, implement, and maintain information security policies and governance frameworks. Conduct periodic risk assessments and audits to identify vulnerabilities and ensure regulatory compliance, both internally and with external partners. Provide regular updates to executive leadership on the organization’s risk profile and mitigation strategies. Manage relationships with regulatory authorities and ensure timely reporting of compliance metrics. Promote a culture of security awareness and responsibility throughout the organization. Ensure the maintenance of the BIAL’s certifications and standards, including ISO 27001:2022. Strategic Leadership: Provide strategic direction and leadership to the InfoSec team, fostering a culture of excellence and continuous improvement. Drive innovation in information security solutions and practices, ensuring the organization remains competitive and forward-looking. Act as a key advisor to senior management on Information Security matters, contributing to strategic decision-making. Qualifications: Bachelor’s degree in computer science, Information Security, or a related field (Master’s degree preferred). Certifications such as CISSP, CISM, CISA, CEH, or equivalent are highly desirable. A minimum of 12 years of experience in information security, with at least 5 years in a leadership role. Required Skills: Comprehensive understanding of cybersecurity frameworks, technologies, and methodologies (e.g., NIST CSF, ISO 27001, MITRE ATT&CK, ITIL v3, PMP, TOGAF, ISO 20k & 27k and COBIT). Expertise in managed XDR operations, incident response, threat intelligence, and identity management. Familiarity with security architecture principles, ICS/OT security frameworks, and industrial protocols. Strong knowledge of GRC principles and regulatory standards applicable to the industry. Proficient in process improvement and development practices. Strong knowledge of SLA & service management, contract negotiation, and operations management. Knowledge with InfoSec tools like: AV/EDR, Data Leakage Prevention, Metasploit, TripWire, Rapid7, Tenable, Snort, Nessus, Burp Suite, Appscan, Nmap, Wireshark, Firewalls, SIEM, SOAR, , SASE, CASB, PIM/PAM, WAF, O365 suite (Intune, Conditional access, Data classification and protection). Preferred Skills: Experience in driving initiatives centered on continuous improvement, innovation, execution excellence, customer centricity and automation. Leadership and strategic planning skills to align cybersecurity with organizational goals. Analytical and problem-solving skills for assessing threats, vulnerabilities, and risks in complex environments. Exceptional communication and stakeholder management skills to influence decision-making and secure buy-in. Technical expertise in deploying advanced security tools and technologies. Proven ability to lead cross-functional teams, drive organizational change, and manage complex projects. Ability to build and maintain relationships with internal teams, partners, and external vendors.

🛡️ Cyber Security Analyst Intern 📍 Location: Remote (100% Virtual) 📅 Duration: 3 Months 💸 Stipend for Top Interns: ₹15,000 🎁 Perks: Certificate | Letter of Recommendation | Full-Time Offer (Performance-Based) About INLIGHN TECH INLIGHN TECH is a rapidly growing edtech startup focused on practical, real-world learning. Our Cyber Security Analyst Internship is built to provide aspiring professionals with the tools, knowledge, and experience needed to understand, detect, and respond to cyber threats. 🚀 Internship Overview As a Cyber Security Analyst Intern , you will gain hands-on experience in monitoring systems, identifying vulnerabilities, analyzing threats, and implementing basic security measures. You will work on real-time use cases and contribute to strengthening the organization’s cyber defense posture. 🔧 Key Responsibilities Monitor and analyze system logs and network traffic for suspicious activities Conduct vulnerability assessments and assist in penetration testing Use tools like Wireshark, Nmap, Nessus, Burp Suite, or Splunk Assist in implementing security policies, firewalls, and access controls Respond to simulated incident scenarios and create incident reports Stay updated with the latest cyber threats, malware trends, and attack vectors Document findings, recommendations, and best practices ✅ Qualifications Pursuing or recently completed a degree in Cybersecurity, Computer Science, IT , or related fields Familiarity with network protocols , Linux/Windows systems , and security tools Understanding of concepts like firewalls, encryption, OWASP Top 10, and vulnerability scanning Strong analytical thinking and problem-solving abilities Basic knowledge of scripting or automation tools (e.g., Bash, Python) is a plus Eagerness to learn, research, and grow in the cybersecurity domain 🎓 What You’ll Gain Real-world exposure to cyber threat analysis and defensive strategies Hands-on practice with popular security tools and platforms Internship Certificate upon successful completion Letter of Recommendation for outstanding performance Opportunity for a Full-Time Offer based on performance Experience to help prepare for certifications like CEH, CompTIA Security+, or OSCP

We are looking for highly motivated and technically skilled individuals to join our Cyber Security – VAPT team. This role offers an opportunity to gain hands-on experience in identifying vulnerabilities, performing penetration tests, and implementing security solutions to protect critical systems and data. As part of the Cyber Security team, you will be working on real-time security assessments, analyzing threat vectors, and providing actionable insights to enhance an organization’s security posture. Requirements • Conduct Vulnerability Assessment & Penetration Testing (VAPT) on web applications, mobile apps, servers, cloud infrastructure, and networks. • Identify, exploit, and document security vulnerabilities using both automated and manual tools. • Prepare comprehensive technical reports with clear explanations of findings, risk levels, and mitigation strategies. • Collaborate with development and infrastructure teams to suggest remediation and patch management. • Perform risk assessments and help enforce security compliance as per industry standards (OWASP Top 10, ISO 27001, NIST). • Monitor new cyber threats and assist in creating incident response protocols. • Use tools like Burp Suite, Nessus, Nmap, Metasploit, Wireshark, Kali Linux, etc. • Stay updated with emerging threats, vulnerabilities, and mitigation techniques. • Education: Pass-out or final semester students awaiting results (2023/2024/2025) • Status: Pursuing students (still in college) are not eligible • Should have basic knowledge of networking, firewalls, ethical hacking, and cybersecurity tools • Good understanding of OWASP Top 10, malware analysis, phishing attacks, etc. • Strong analytical thinking and problem-solving skills • Willingness to learn and grow in the cybersecurity domain

Location : Onsite – Dwarka, Delhi Job Type : Full-Time Experience : 1+ years in Cybersecurity Certification Required : EC-Council Certified Ethical Hacker (CEH v11 or higher) About Us We are a cybersecurity-focused organization committed to delivering proactive security services and protecting our clients from evolving digital threats. We work across industries to provide high-impact assessments, advisory, and compliance support. Job Summary We are seeking a passionate and certified Ethical Hacker to join our team in Dwarka (Onsite) . The ideal candidate will have at least 1 year of hands-on cybersecurity experience and a valid CEH certification . You will be responsible for identifying system vulnerabilities, conducting penetration tests, and helping our clients enhance their security posture. Key Responsibilities Perform penetration testing on web, mobile, network, and cloud environments Identify, exploit, and document vulnerabilities in systems and applications Conduct vulnerability assessments using industry-standard tools Simulate cyberattacks and red team exercises as required Assist in incident response and forensic investigations Prepare clear, detailed, and actionable reports Keep up with current security trends, exploits, and threat intelligence Collaborate with internal teams to help fix discovered vulnerabilities Required Skills & Qualifications EC-Council Certified Ethical Hacker (CEH v11 or higher) Minimum 1 year of experience in cybersecurity or ethical hacking roles Familiarity with tools like Burp Suite, Metasploit, Nmap, Nessus, Wireshark, etc. Basic understanding of OWASP Top 10, network protocols, and system hardening Ability to write or understand scripts (e.g., Bash, Python, PowerShell) Strong analytical and problem-solving skills Good communication and documentation skills Preferred (Nice to Have) Exposure to red teaming or bug bounty programs Knowledge of secure coding practices Familiarity with SIEM tools, DevSecOps, or cloud security (AWS/Azure) What We Offer Onsite role with strong mentorship and growth opportunities Exposure to real-world security assessments and client projects A collaborative and skilled cybersecurity team Opportunity to contribute to cutting-edge engagements

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

Job Summary: We are seeking a passionate and experienced Security & Compliance Engineer to join our team. This role is pivotal in ensuring our cloud services meet the highest standards of security and compliance. You will work cross-functionally with engineering teams, project managers, and compliance stakeholders to identify, implement, and monitor security controls and processes. Your work will directly contribute to the protection of our infrastructure, data, and services. The service you will be joining is Key Protect, IBM’s key management system https://www.ibm.com/products/key-protect. Key Responsibilities: Support security and compliance initiatives across Key Protect & Security Services. Collaborate with development and operations teams to mitigate security risks. Implement, and monitor security controls and compliance processes. Contribute to risk assessments, gap analyses, and remediation planning. Support internal and external audits by providing evidence and documentation. Support adherence to regulatory standards such as FedRAMP, HIPAA, GDPR, SOC 2, PCI, ISO27K, NIST, ISMAP, ENS, HITRUST, etc. Drive improvements in patch management, vulnerability management, and access control. Maintain accurate asset inventories and ensure configuration management best practices. Monitor logs and systems for anomalies and respond to incidents. Participate in penetration testing and threat modeling exercises. Communicate security requirements and findings to technical and non-technical stakeholders. Ideal Candidate Traits: Growth mindset and eagerness to learn. Strong problem-solving and critical thinking abilities. Self-starter, ability to work independently. Ability to translate complex security concepts into actionable guidance. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Experience: 4+ years in security engineering, compliance, DevOps or related roles. Experience with cloud technologies and infrastructure. Hands-on experience with compliance frameworks (e.g., FedRAMP, HIPAA, GDPR, SOC 2, PCI, ISO, NIST). Knowledge of end-to-end Security and Compliance activities such as Threat Models, Security Privacy by Design. Knowledge of Security scanning tools such as Nessus scanner, SonarQube, NMap. Knowledge of Security concepts (includes understanding of identity mgmt./authentication, authorization, firewall, auditing, secure communication, managing certificates, password management) Understanding of cryptographic key management and its lifecycle. Strong understanding of access management, data protection, and secure system configuration. Experience on Kubernetes/ OpenShift deployments, Container Tools such as Docker, Podman, Rancher Excellent communication and documentation skills. Ability to work independently and collaboratively across teams. Preferred technical and professional experience Experience with tools such as GitHub and ServiceNow. Experience with microservice architectures and Restful API development Familiarity using Container Security tools such as Prisma Cloud & AquaSec Experience in DevSecOps pipelines - Jenkins, Tekton Toolchains Scripting and automation skills (Python, Bash, Terraform, etc.)

We are seeking a highly skilled Senior Application Engineer with strong expertise in network infrastructure, application deployment, and enterprise security tools. The ideal candidate will design and manage robust network architectures while ensuring performance, reliability, and cybersecurity compliance. The role includes working on LAN/WAN/VPN infrastructure, supporting application performance, and managing EDR, XDR, SIEM, and MDM platforms. 🛠 Key Responsibilities: Network & Infrastructure: Design, implement, and manage LAN, WAN, VPN, and wireless network architectures. Configure and install firewalls, routers, switches, and access points. Monitor and maintain network performance, uptime, and security posture. Troubleshoot complex network outages and performance bottlenecks. Maintain network documentation, diagrams, and topology maps. Application Engineering: Lead application deployment, performance tuning, and upgrade rollouts. Manage middleware, web, and application servers (e.g., Apache, Tomcat, IIS). Monitor application health, logs, and metrics for performance or anomalies. Ensure application availability, redundancy, and disaster recovery readiness. Collaborate with DevOps and development teams for CI/CD and production support. Security & Governance: Manage and respond to alerts from EDR/XDR and SIEM platforms (e.g., Splunk, Microsoft Defender, SentinelOne). Implement MDM and endpoint hardening policies. Enforce network segmentation and Zero Trust security principles. Support container security in Docker and Kubernetes environments. 🧰 Tools & Skills: Wireshark, Burp Suite, Nmap, Nessus, Qualys, Splunk, etc. Deep understanding of security frameworks and best practices. Strong documentation, communication, and team collaboration skills. Ability to multitask in a fast-paced and evolving tech landscape. 🎓 Qualifications: B.E. / B.Tech / M.Tech in Computer Science, IT, or equivalent. 3+ years of hands-on experience in network, system, or application engineering. Industry certifications preferred (CCNP, RHCE, CEH, Azure/AWS Security, etc.).

Job requisition ID :: 81576 Date: Jul 3, 2025 Location: Kochi Designation: Consultant Entity: Deloitte Touche Tohmatsu India LLP Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST/ Your role as a Consultant We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, Senior Executive across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation Committed to creating purpose - Creating a sense of vision and purpose Agile - Achieving high-quality results through collaboration and Team unity Skilled at building diverse capability - Developing diverse capabilities for the future Persuasive / Influencing - Persuading and influencing stakeholders Collaborating - Partnering to build new solutions Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization Effective communication – Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte Empathetic leadership and inclusivity - creating a safe and thriving environment where everyone's valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive. How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

We are seeking a highly skilled Senior Application Engineer with strong expertise in network infrastructure, application deployment, and enterprise security tools. The ideal candidate will design and manage robust network architectures while ensuring performance, reliability, and cybersecurity compliance. The role includes working on LAN/WAN/VPN infrastructure, supporting application performance, and managing EDR, XDR, SIEM, and MDM platforms. Key Responsibilities: Network & Infrastructure: Design, implement, and manage LAN, WAN, VPN, and wireless network architectures. Configure and install firewalls, routers, switches, and access points. Monitor and maintain network performance, uptime, and security posture. Troubleshoot complex network outages and performance bottlenecks. Maintain network documentation, diagrams, and topology maps. Application Engineering: Lead application deployment, performance tuning, and upgrade rollouts. Manage middleware, web, and application servers (e.g., Apache, Tomcat, IIS). Monitor application health, logs, and metrics for performance or anomalies. Ensure application availability, redundancy, and disaster recovery readiness. Collaborate with DevOps and development teams for CI/CD and production support. Security & Governance: Manage and respond to alerts from EDR/XDR and SIEM platforms (e.g., Splunk, Microsoft Defender, SentinelOne). Implement MDM and endpoint hardening policies. Enforce network segmentation and Zero Trust security principles. Support container security in Docker and Kubernetes environments. Tools & Skills: Wireshark, Burp Suite, Nmap, Nessus, Qualys, Splunk, etc. Deep understanding of security frameworks and best practices. Strong documentation, communication, and team collaboration skills. Ability to multitask in a fast-paced and evolving tech landscape. Qualifications: B.E. / B.Tech / M.Tech in Computer Science, IT, or equivalent. 3+ years of hands-on experience in network, system, or application engineering. Industry certifications preferred (CCNP, RHCE, CEH, Azure/AWS Security, etc.). Job Type: Full-time Pay: ₹300,000.00 - ₹660,000.00 per year Benefits: Cell phone reimbursement Flexible schedule Health insurance Paid time off Provident Fund Schedule: Day shift Supplemental Pay: Performance bonus Yearly bonus Work Location: In person

WHO ARE WE? We are a bunch of super enthusiastic, passionate, and highly driven people, working to achieve a common goal! We believe that work and the workplace should be joyful and always buzzing with energy! CloudSEK, one of India’s most trusted Cyber security product companies, is on a mission to build the world’s fastest and most reliable AI technology that identifies and resolves digital threats in real-time. The central proposition is leveraging Artificial Intelligence and Machine Learning to create a quick and reliable analysis and alert system that provides rapid detection across multiple internet sources, precise threat analysis, and prompt resolution with minimal human intervention. Founded in 2015, headquartered at Singapore, we are proud to say that we’ve grown at a frenetic pace and have been able to achieve some accolades along the way, including: CloudSEK’s Product Suite: CloudSEK XVigil constantly maps a customer’s digital assets, identifies threats and enriches them with cyber intelligence, and then provides workflows to manage and remediate all identified threats including takedown support. A powerful Attack Surface Monitoring tool that gives visibility and intelligence on customers’ attack surfaces. CloudSEK's BeVigil uses a combination of Mobile, Web, Network and Encryption Scanners to map and protect known and unknown assets. CloudSEK’s Contextual AI SVigil identifies software supply chain risks by monitoring Software, Cloud Services, and third-party dependencies. Key Milestones: 2016 : Launched our first product. 2018 : Secured Pre-series A funding. 2019 : Expanded operations to India, Southeast Asia, and the Americas. 2020 : Won the NASSCOM-DSCI Excellence Award for Security Product Company of the Year. 2021 : Raised $7M in Series A funding led by MassMutual Ventures. Awards & Recognition : Won NetApp Excellerator's "Best Growth Strategy Award," CloudSEK XVigil joined NVIDIA Inception Program, and won the NASSCOM Emerge 50 Cybersecurity Award. 2025 : Secured $19 million in funding led by Tenacity Ventures, Commvault. BeVigil is CloudSEK’s Attack Surface Monitoring (ASM) product used by enterprises globally to identify, monitor, and secure their external attack surface . It enables organizations to discover shadow assets, misconfigurations, leaked credentials, and other exposures—before adversaries do.We are now scaling BeVigil further and are looking for a Product Manager with prior experience in security engineering or research, who can deeply empathize with the user and drive product evolution. What You'll Own Lead the product roadmap and vision for BeVigil, aligning with enterprise customer needs and evolving threat landscapes. Work closely with enterprise security teams to gather insights, validate use cases, and translate needs into product features. Define and enhance features across asset discovery, vulnerability mapping, alerting, and integrations. Collaborate with security researchers, engineers, and designers to ship high-impact features. Stay ahead of attacker trends, emerging vulnerabilities, and technologies in the ASM space. You’ll Be a Great Fit If You Have: 3–6 years of total experience , including at least 1–2 years in a cybersecurity role (security engineer, DevSecOps, or threat researcher) and 1–2 years in product management. Deep understanding of attack surface management , vulnerability assessment, threat exposure, and cyber hygiene practices. Hands-on familiarity with tools like Shodan, Nessus, Nmap, Burp Suite, OSINT frameworks, or SIEM/SOAR platforms . Experience working on enterprise SaaS products , especially in B2B security or developer tooling. Strong communication skills to work cross-functionally with GTM, engineering, research, and client success teams. Bonus: Worked on or evaluated CNAPP, CSPM, or ASM tools in your prior roles.

🔐 Cybersecurity Internship (Remote | Paid) 📍 Location: Remote (India) ⏳ Duration: 2 Months 💼 Internship Type: Part-time 🧑‍🎓 Eligibility: Students, Freshers, and Career Switchers 🌐 Company: ThriveIn CyberSpace --- 🧠 About the Internship ThriveIn CyberSpace is offering a hands-on, mentor-led Cybersecurity Internship Program designed to help you gain real-world exposure, practical skills, and industry-ready knowledge. This is ideal for candidates looking to build a strong foundation in ethical hacking, penetration testing, and information security. Key Responsibilities :- Participate in live training and complete practical lab tasks Learn and apply OWASP Top 10, Kali Linux, Burp Suite, and Nmap Assist in basic vulnerability assessments and reporting Collaborate with the community on mini cybersecurity projects Create basic cybersecurity content (optional for interested interns) --- 🎓 What You'll Learn Cybersecurity fundamentals and tools Vulnerability Assessment & Penetration Testing (VAPT) Real-time attack simulations and lab environments Resume and LinkedIn profile building Basics of bug bounty and responsible disclosure --- 📜 Perks & Benefits ✅ Internship Certificate ✅ Letter of Recommendation (for top performers) ✅ Community Support & Networking ✅ Featured on ThriveIn’s social handles ✅ Mentorship from experienced cybersecurity professionals --- 🔗 About ThriveIn CyberSpace ThriveIn is an emerging ed-tech platform focused on cybersecurity, AI, and emerging technologies. We’re on a mission to empower students and professionals with real skills, mentorship, and job readiness. --- Deadline to apply: [ July 10, 2025] 📧 Contact: contact@thrivein.tech 🌐 Website: https://thrivein.tech

Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. Your work profile. Work you’ll do as a part of our Cyber team you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. You’ll: • Works on projects with clearly defined guidelines as team member with responsibility for project delivery • Works under general supervision with few direct instructions • Performs cyber security assessments which includes vulnerability assessment & penetration testing, network security architecture review, secure configuration / code review, etc. • Understands basic business and information technology management processes. • Demonstrates knowledge of firm's methodologies, frameworks and tools • Participate in practice development initiatives The key skills required are as follows: • Understanding of basic business and information technology management processes • Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture • Experience in Infrastructure Penetration Testing and Application Security Testing • Experience in Secure Code Review (Code Security Review) • Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. • Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. • Experience in basic scripting such as: Shell, Python, PERL, etc. • Basic knowledge of Technoilogies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Role and Responsibilities: • Understanding of basic business and information technology management processes • Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture • Experience in Infrastructure Penetration Testing and Application Security Testing • Experience in Secure Code Review (Code Security Review) • Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. • Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. • Experience in basic scripting such as: Shell, Python, PERL, etc. • Basic knowledge of Technoilogies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Educational Qualification: Bachelor’s/master’s degree Certifications: OSCP How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

We seek a highly skilled and motivated Test Architect in the core domain to join our dynamic global team. You will be a key member of our Core Solutions team, This role will be critical in providing advanced expertise in IPv4/IPv6, firewalls, cloud core technologies, and Software Test experience in Telco grade products. You Have: Any Bachelor's degree or Master's degree, or equivalent degree, with 10+ years of relevant Software Test experience in Telco-grade products 7+years of System test experience in Functional and serviceability areas with high-traffic, large-scale distributed systems, and client-server architectures Good experience in verification ofCloud Native, Microservices applications, using Containers and Virtualization Technologies like Docker, Kubernetes (K8s), Consul, Redis, gRPC, Helm, Envoy, and Open Source Integration. Good experience in security testing of a product and knowledge of various security scans like Black Duck Hub, Tenable, Codenomicon/Defensics, Malware, Anchore, NMAP, Nessus, etc. Good working experience in IMS, VoLTE, 4G/5G core technologies. In-depth and working experience with cloud-ready, cloud-native, microservices, and containers architecture, DevOps, CI/CD. It would be nice if you also had: Prior experience in interfacing with customers & customer teams is an added advantage. Should have worked on the toolsets like Jira, Jenkins, or Bamboo. Able to bring in innovative practices for chaotic programmable tests like Chaos Monkey, Janitor Monkey etc. Own and drive CNCS Functional testing across multiple core network NFs like SBC, TAS, CSCF, and MRF. Own and drive CNCS security testing and execute various security scans, and analyze the scan reports. Identify security vulnerabilities in the product. Validate security-related enhancements. Overall, Responsible for driving the Test strategy and planning for CNCS releases, Test effectiveness and Improvements for the CNCS product in functional/non-functional areas, and accountable for fault escapes. Understand new feature enhancements in SBC, NTAS, CSCF, MRF, etc. NFs and plan testing of critical features therein within CNCS. Analyse critical customer issues, help identify solutions, and ensure similar issues dont escape internal testing. Work effectively in a mixed environment and use best practices and knowledge of internal or external business issues to improve products or services. Plan technical requirements from customers needs. Apply and maintain quality standards. Participate in process and tool evolutions and identify improvements therein. Mentor junior team members and help them realize their full potential.

We seek a highly skilled and motivated Test Lead in the core domain to join our dynamic global team. You will be a key member of our Core Solutions team, This role will be critical in providing advanced expertise in IPv4/IPv6, firewalls, cloud core technologies, and Software Test experience in Telco grade products. You Have: Any Bachelor's degree or Master's degree, or equivalent degree, with 6+ years of relevant Software Test experience in Telco grade products. System test experience in Functional and serviceability areas with high-traffic, large-scale distributed systems and client-server architectures. Good experience in verification ofCloud Native, Microservices applications, using Containers and Virtualization Technologies like Docker, Kubernetes (K8s), Consul, Redis, gRPC, Helm, Envoy, and Open Source Integration. Experience with security testing of a product and knowledge of various security scans like Black Duck Hub, Tenable, Codenomicon/Defensics, Malware, Anchore, NMAP, Nessus etc is an added advantage. Good working experience in IMS, VoLTE, 4G/5G core technologies. Working experience with cloud-ready, cloud-native, micro services and containers architecture, DevOps, CI/CD. It would be nice if you also had: Prior experience in interfacing with customers & customer teams is an added advantage. Should have worked on the toolsets like Jira, Jenkins, or Bamboo. Able to bring in innovative practices for chaotic programmable tests like Chaos Monkey, Janitor Monkey, etc. Contribute to CNCS Functional testing across multiple core network NFs like SBC, TAS, CSCF, and MRF. Contribute to CNCS security testing and execute various security scans, and analyze the scan reports. Validate security related enhancements. Own end-to-end CNCS functional features and deliver with quality. Overall, Responsible for driving the Test strategy, Test effectiveness, and Improvements for the CNCS product in functional/non-functional areas, and accountable for fault escapes. Works effectively in a mixed environment and uses best practices and knowledge of internal or external business issues to improve products or services. Plan technical requirements from customers needs. Applies and maintains quality standards. Participates in process and tool evolutions and improvements.

Job Description: Introduction: A Career at HARMAN Digital Transformation Solutions (DTS) We’re a global, multi-disciplinary team that’s putting the innovative power of technology to work and transforming tomorrow. At HARMAN DTS, you solve challenges by creating innovative solutions. Combine the physical and digital, making technology a more dynamic force to solve challenges and serve humanity’s needs Work at the convergence of cross channel UX, cloud, insightful data, IoT and mobility Empower companies to create new digital business models, enter new markets, and improve customer experience. About The Role- Senior Penetration Tester with deep expertise in application security . The ideal candidate will be responsible for planning, executing, and documenting comprehensive penetration tests, including advanced manual testing techniques and contribute to strengthening our security posture by recommending practical solution principles and secure coding practices . What You Will Do Conduct comprehensive penetration tests on web/mobile/cloud applications, firmware, and hardware devices. Perform manual security testing beyond automated tools to uncover complex vulnerabilities. Analize systems and architecture to identify security risks and attack surfaces. Use industry-standard tools such as Metasploit, Burp Suite, Nmap, Wireshark, Nessus, and custom scripts for exploitation and reconnaissance. Simulate real-world attack scenarios to evaluate system resilience. Develop and present detailed reports with proof-of-concept (PoC), risk assessments, and remediation guidance. Collaborate with development and DevOps teams to suggest secure coding practices and fix vulnerabilities at the root. Stay up to date with emerging threats, vulnerabilities, and industry trends. What You Need 8–10 years of hands-on experience in penetration testing (application and hardware). Strong knowledge of OWASP Top 10, SANS 25, and common vulnerability patterns. Deep familiarity with exploit frameworks (e.g., Metasploit), reverse engineering, and hardware-level attack techniques (e.g., JTAG, UART, SPI). Experience analyzing and testing embedded systems, IoT devices, and network appliances. Ability to explain vulnerabilities to non-security stakeholders with clarity. Proven experience in crafting custom exploits or payloads. Solid understanding of secure development lifecycle (SDLC) and CI/CD pipeline integration. Certifications like OSCP, OSCE, GPEN, or similar are a strong plus. What Is Nice To Have Knowledge of containerized environments. Familiarity with secure boot, firmware integrity, and hardware encryption modules. Contribution to bug bounty platforms or CVE submissions. What Makes You Eligible Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen. Dedicated performer & team player with the ability to advocate appropriately for product quality. Relentless learner with a dedication to learn new technologies and test methods Self-driven and Innovative to drive continuous improvements in Test process Resourcefulness in triaging problems and coordinating with multiple teams for issue resolution Strong written, verbal communication and inter personal relationship skills You Belong Here HARMAN is committed to making every employee feel welcomed, valued, and empowered. No matter what role you play, we encourage you to share your ideas, voice your distinct perspective, and bring your whole self with you – all within a support-minded culture that celebrates what makes each of us unique. We also recognize that learning is a lifelong pursuit and want you to flourish. We proudly offer added opportunities for training, development, and continuing education, further empowering you to live the career you want. About HARMAN: Where Innovation Unleashes Next-Level Technology Ever since the 1920s, we’ve been amplifying the sense of sound. Today, that legacy endures, with integrated technology platforms that make the world smarter, safer, and more connected. Across automotive, lifestyle, and digital transformation solutions, we create innovative technologies that turn ordinary moments into extraordinary experiences. Our renowned automotive and lifestyle solutions can be found everywhere, from the music we play in our cars and homes to venues that feature today’s most sought-after performers, while our digital transformation solutions serve humanity by addressing the world’s ever-evolving needs and demands. Marketing our award-winning portfolio under 16 iconic brands, such as JBL, Mark Levinson, and Revel, we set ourselves apart by exceeding the highest engineering and design standards for our customers, our partners and each other.

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like you? Then it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in performing advanced penetration testing on networks, web & mobile applications, and systems. Having ability to Identify vulnerabilities, exploit weaknesses, and assess the security posture of various assets. Having ability to develop and maintain automated testing tools and scripts. Creating detailed reports outlining findings, risks, and recommended actions. Having Extensive experience in penetration testing, vulnerability assessment, and ethical hacking. Having Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Nessus, and others. Strong understanding of network protocols, web and mobile applications, and operating systems. Maintaining documentation of testing methodologies, tools, and processes. Knowledge of scripting and programming languages (e.g., Python, Bash). You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 3-4 Years of relevant experience as Penetration Tester. Having Good command over English language (spoken & written) is non-negotiable. Working closely with business partners to understand their needs and translate them into technical requirements. Communicating findings, risks, and remediation strategies to both technical and non-technical stakeholders. Foster strong relationships with business units to ensure security measures align with business goals. Certification Preferred: Entry level certifications like CEH, eJPT, eWPT. Other certifications like eWPTX, OSCP is an advantage. We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at: www.siemens.com/careers

Job Title: VAPT Consultant / SCON/ DM/ M/ SM/ AD Location: Gurgaon, Delhi NCR (Work from Office) Experience: 4+ Years Certifications: OSCP - Mandatory Joining: Immediate joiners preferred Job Description: We are seeking a highly skilled and motivated VAPT Consultant with a strong background in Vulnerability Assessment and Penetration Testing. The ideal candidate must hold an OSCP certification and possess hands-on experience in identifying and mitigating security vulnerabilities in networks, web applications, and infrastructure. Key Responsibilities: Perform Vulnerability Assessments and Penetration Testing (Web, Mobile, Network, APIs, Cloud, etc.) Simulate real-world attacks to identify and exploit vulnerabilities Prepare detailed technical reports , risk ratings, and remediation recommendations Collaborate with development and infrastructure teams to close security gaps Stay updated with the latest vulnerabilities, hacking techniques, and threat vectors Assist in security audits , threat modeling, and risk assessments Contribute to red team/blue team security exercises and internal security knowledge building Required Skills: Minimum 4 years of hands-on VAPT experience OSCP Certification is mandatory Strong knowledge of OWASP Top 10, MITRE ATT&CK framework Proficient in using tools like Burp Suite, Nmap, Nessus, Metasploit, Kali Linux, Wireshark, etc. Experience in scripting (Python, Bash, or PowerShell) is an added advantage Understanding of network protocols, firewalls, and security controls Excellent analytical, communication, and reporting skills Preferred Qualifications: Experience with cloud security assessments (AWS, Azure, GCP) Exposure to red teaming or purple teaming engagements Ability to clearly communicate findings to both technical and non-technical stakeholders