62 Openvas Jobs

About Worldline Worldline helps businesses of all shapes and sizes to accelerate their growth journey - quickly, simply, and securely. We are the innovators at the heart of the payments technology industry, shaping how the world pays and gets paid. Our technology powers the growth of millions of businesses across 5 continents. And just as we help our customers accelerate their business, we are committed to helping our people accelerate their careers. Together, we shape the evolution. The Opportunity Join our dedicated 5-member Security Team within Merchant Services as an IT System Engineer with a Linux and IT security focus. You'll play a crucial role in safeguarding our critical infrastructure whilst contributing to the security posture of our payment technology solutions. Day-to-Day Responsibilities Monitor, analyse, and resolve IT security vulnerabilities across Linux server systems Coordinate and implement security patches and updates in production environments, ensuring proper documentation Conduct regular vulnerability scans and develop appropriate mitigation strategies Collaborate with internal teams and external service providers to remediate identified security issues Support incident and problem management processes, particularly for security-related incidents Who Are We Looking For We look for big thinkers. People who can drive positive change, step up and show what's next – people with passion, can-do attitude and a hunger to learn and grow. In practice this means: 6-10 years of experience in Linux system administration with a strong focus on IT security Hands-on experience with vulnerability management tools (e.g., Nessus, OpenVAS) and security patch management Knowledge of ITIL processes, particularly in security contexts, and familiarity with automation tools (e.g., Ansible) Strong analytical skills with experience in monitoring solutions and incident management Excellent communication skills and collaborative approach to working with cross-functional teams Perks & Benefits Permanent contract with hybrid working arrangements Opportunity to work with cutting-edge payment technology and security solutions Collaborative team environment with opportunities for professional development Shape the evolution We are pushing towards the next frontiers of payments technology, and we look for big thinkers to join our journey. People with passion, can-do attitude and a hunger to learn and grow. Here you'll work with ambitious colleagues from around the world, take on unique challenges as a team, and make a real impact on the society. And with our empowering culture, strong technology and extensive training opportunities, we help you accelerate your career. Wherever you decide to go. Join our global team of over 18,000 innovators across 40+ countries, and shape a tomorrow that is yours to own. Learn more about life at Worldline at jobs.worldline.com We are proud to be an Equal Opportunity employer. We do not discriminate based upon race, religion, colour, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as an individual with a disability, or any applicable legally protected characteristics.

About The Opportunity SOC Analyst & Security Engineering Internship (Cybersecurity / Ethical Hacking) - Remote, Unpaid A fast-growing organization operating in the Information Security & Networking sector, delivering managed security, penetration testing, and secure network design to enterprise and mid-market customers. We seek curious, hands-on interns to join a remote Security Operations Center (SOC) and engineering team focused on real-world security monitoring, incident response, and vulnerability remediation across cloud and on-prem environments. Role & Responsibilities Monitor security telemetry and alerts in SIEM platforms; triage, validate, and escalate incidents following defined playbooks. Perform vulnerability scans and basic penetration testing on assigned systems; document findings and recommend remediation steps. Investigate suspicious activity using log analysis, packet captures, and host forensics; produce clear incident summaries and timelines. Develop automation scripts (Python/Bash) to enrich alerts, reduce false positives, and streamline repetitive SOC tasks. Support secure configuration reviews for cloud and network assets; assist in implementing basic hardening recommendations. Collaborate with senior engineers on threat hunting, signature tuning, and knowledge-base updates to raise detection coverage. Skills & Qualifications Must-Have Enrolled in or recent graduate of a degree/diploma in Computer Science, Information Security, Cyber Security or related field. Strong Linux command-line comfort and basic Windows troubleshooting skills. Practical experience with at least one scripting language (Python/Bash/PowerShell) for automation. Familiarity with networking fundamentals (TCP/IP, DNS, ports) and common security tools (Nmap, Wireshark). Good written and verbal communication; able to produce concise incident reports and remediation guidance. Preferred Hands-on exposure to SIEMs (Splunk/Elastic/QRadar) or logging stacks and alert tuning. Knowledge of vulnerability scanners (Nessus/OpenVAS) or basic pentesting lab experience (OWASP, Kali). Familiarity with cloud security concepts (AWS/Azure) and common hardening patterns. Benefits & Culture Highlights 100% remote internship open to candidates based in India with flexible working hours. Mentorship from experienced security engineers, regular hands-on learning, and exposure to client-grade environments. Certificate of completion, letter of recommendation for high performers, and potential conversion to a full-time role. Full time opportunity is also open after internship. Internship Details Type: Internship (Unpaid, learning-focused) Mode: Remote (Work from Anywhere) Duration: 4–5 months (flexible) Perks: Certificate of Completion, Letter of Recommendation (LOR), Mentorship, Full-time opportunities for top performers. This role is ideal for proactive learners seeking practical SOC and security-engineering experience. If you enjoy investigating incidents, automating workflows, and building defensive controls, apply with your resume and a short note describing a security project or lab exercise you completed. Note: This is a unpaid internship.Skills: malware analysis,bash,information security,kali linux,cyber,azure,vulnerability assessment,firewalls,cloud security,python,qradar,remediation,wireshark,network security,ethical hacking,shell scripting,splunk,vulnerability,penetration testing,security audits,aws,soar,cybersecurity,cloud,gcp,automation,owasp top ten,burp suite,ids/ips,security,elastic,soc,completion,siem,risk assessment,nessus,openvas,incident response

Position Overview We are looking for a highly skilled and experienced Senior VAPT Engineer to join our cybersecurity team. The ideal candidate will lead vulnerability assessment and penetration testing activities, identify security weaknesses, and provide actionable recommendations to improve security posture. This role is critical in ensuring the resilience of our clients’ applications, networks, and infrastructure against evolving cyber threats. The Senior VAPT Engineer will collaborate with cross-functional teams and deliver high-quality security assessments in a fast-paced, client-facing environment. Key Responsibilities Client Engagement & Leadership Act as a trusted security advisor for multiple high-value clients. Manage end-to-end security assessment projects, including scoping, execution, reporting, and remediation guidance. Conduct technical and executive-level briefings to communicate findings, risks, and strategic recommendations clearly. Translate complex technical vulnerabilities into business risk insights to help clients prioritize actions. Collaborate closely with client stakeholders to ensure security recommendations are practical and actionable. Advanced Threat Modelling & Risk Assessment Design and maintain threat models tailored to client applications, networks, and cloud environments. Perform risk assessments focusing on business impact and likelihood of exploitation. Develop attack scenarios based on the latest threat intelligence and real-world attacker techniques. Guide clients in integrating security into their software development lifecycle (SDLC) and cloud infrastructure designs. Penetration Testing & Red Team Operations Lead advanced black-box, grey-box, and white-box penetration testing engagements for web applications, APIs, networks, and cloud environments. Conduct sophisticated Red Team exercises to simulate targeted attack campaigns. Design and develop custom exploits and testing tools to replicate specific attacker techniques. Perform social engineering tests (phishing campaigns, physical security assessments) in controlled and ethical scenarios. Provide detailed post-exercise analysis, including actionable remediation strategies and long term improvement plans. Comprehensive Reporting & Documentation Produce clear and technically thorough vulnerability assessment and penetration testing reports. Create executive-level summaries focused on business impact and compliance risks. Maintain structured and up-to-date testing methodologies and playbooks. Contribute to internal knowledge base, documenting research, custom tools, and successful testing strategies. Technical & Programming Expertise Expert in vulnerability assessment and exploitation techniques across a wide range of technologies. Proficient in security testing tools such as Burp Suite, Nessus, Metasploit, Nmap, OpenVAS, Cobalt Strike, Wireshark, and tcpdump. Strong scripting and automation skills (Python, Bash, PowerShell) to automate repetitive testing tasks and tool workflows. Capable of custom tool development and advanced exploit research to target unique client environments. Strong knowledge of application security vulnerabilities (OWASP Top 10, SANS Top 25) and attack surface analysis. In-depth understanding of cloud security risks, identity and access management, and container security (Docker, Kubernetes). Social Engineering & OSINT Expertise Design and execute social engineering and phishing simulations tailored to client environments. Perform physical security assessments through tactics like tailgating and badge cloning. Apply Open Source Intelligence (OSINT) techniques to gather reconnaissance data for assessments. Provide training and awareness recommendations based on assessment outcomes. Professional Attributes & Mindset Strong analytical, problem-solving, and creative thinking skills. Ethical hacker mindset with a continuous drive to research emerging threats, attack techniques, and defense bypass methods. Methodical and detail-oriented approach to testing with the ability to think like an attacker. Strong communication and presentation skills, able to engage both technical teams and business leadership. Proactively innovate by developing new tools, scripts, or methodologies to improve testing efficiency and depth. Preferred Qualifications Certifications such as OSCP, GPEN, CREST CRT, CRTO are highly desirable. Experience in DevSecOps, CI/CD pipeline security, or automated security testing frameworks. Familiarity with industry compliance frameworks like PCI-DSS, GDPR, HIPAA, SOC2, and ISO 27001. Prior consulting experience in a service delivery or customer-facing environment. Experience with threat intelligence platforms and indicators of compromise (IoCs). Required Qualifications 7+ years of hands-on experience in Vulnerability Assessment, Penetration Testing, and security consulting. Strong technical expertise in application security, network security, cloud security (AWS, Azure, GCP), and infrastructure security testing. Proven experience using VAPT tools such as Burp Suite, Nessus, Qualys, Nmap, Metasploit, Nikto, OpenVAS, etc. Solid knowledge of exploitation techniques, post-exploitation frameworks, and manual testing methodologies. In-depth knowledge of web application vulnerabilities (OWASP Top 10) and network protocol analysis. Experience conducting cloud security assessments, including misconfigurations, IAM permissions analysis, and container security. Proficiency in scripting and automation (Python, Bash, PowerShell) to customize tests and tools. Familiarity with security frameworks and standards such as NIST, ISO 27001, MITRE ATT&CK. Strong reporting and documentation skills, able to translate technical findings into business friendly recommendations. Excellent communication and stakeholder management skills, able to lead client-facing engagements. Relevant certifications are a strong plus (e.g., OSCP, CREST, CISSP, CEH, GIAC GPEN). Skills: python,burp suite,cloud security,security

Summary Job Description – Security Analyst We are looking for a skilled Security Analyst with expertise in application and network security. The candidate will be responsible for conducting DAST, SAST, and VAPT assessments to identify and remediate vulnerabilities across web, mobile, APIs, and infrastructure. The role involves working with multiple stakeholders, performing manual and automated testing, and ensuring the overall security posture of applications and networks. Role & Responsibilities Perform Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) for web and mobile applications. Conduct Vulnerability Assessment & Penetration Testing (VAPT) for applications, APIs, and networks. Identify, validate, and exploit security flaws including OWASP Top 10 and SANS 25 vulnerabilities. Perform network security assessments (firewalls, servers, cloud, configurations). Collaborate with development and IT teams to provide remediation guidance. Prepare detailed security reports with findings, risk ratings, and recommendations. Stay updated on latest threats, CVEs, and zero-day vulnerabilities. Support in secure SDLC and DevSecOps initiatives. Skills & Competencies Strong knowledge of application security, API security, and network security. Hands-on with tools like Burp Suite, OWASP ZAP, Nessus, OpenVAS, WPScan, Metasploit, Postman. Understanding of TLS/SSL, authentication, encryption, access controls, cloud security. Good analytical, reporting, and communication skills. Knowledge of compliance frameworks (ISO 27001, PCI-DSS, OWASP, CIS). Experience Required 1-3 years of experience in Application and Network Security (VAPT, DAST, SAST). Strong background in manual penetration testing is essential. Knowledge and experience in automated penetration testing are expected. Exposure to secure coding practices and remediation support. Certifications like CEH or equivalent is a prerequisite.

Your role spans designing CI/CD workflows, managing and automating cloud infrastructure (AWS/GCP/Azure), containerizing and orchestrating environments, enabling infrastructure as code, enhancing observability, and enforcing best-in-class security- all while collaborating across teams to power resilient and scalable deployments. What You’ll Be Doing Undertake ongoing management, maintenance and administration activity of remote server(s) for clients. Attend, manage and rectify technical support queries belonging to active managed hosting services contracts. Work on performance tuning, package pulling/installation, updates patch management, network and server management issues. Managing helpdesk/tickets and technical support operations for all clients along with planning of scheduled maintenance where ever required. Learn new technologies and convert them into customer solutions. Achieve successful onboarding of new clients onto the hosting infrastructure. Streamline deployment processes with automation to faster and secure deployment Diagnosing, troubleshooting, and rectification of various system resources, software components, or other network infrastructure related problems. Manage dedicated & virtual servers environment onboarding setups and assist applications deployments as-well-as migration. Mentoring Network and IT team on various aspects and maintaining ongoing assistance for all vital priorities. Constantly improve security practices, deployment and automation methodologies Maintain Health check report of IT-Infrastructure, Break-down reports and other analytics as required by management. Accountable for compliance of ISO and other security standards What We’d Love To See Design, implement, and maintain CI/CD pipelines using GitLab, GitHub Actions, or Jenkins. Manage deployments across AWS, GCP, and Azure environments. Provision and manage cloud infrastructure using Terraform/CloudFormation templates. Containerize and orchestrate workloads using Docker and Kubernetes (EKS/AKS/GKE). Set up monitoring, logging, and alerting (CloudWatch, Prometheus, Grafana, Site24x7, New Relic). Ensure cloud infrastructure security with IAM, network security groups, firewalls, and secrets management. Troubleshoot cloud and deployment issues, participate in on-call rotations. Collaborate with development teams for efficient build and deployment workflows. It’d Be Great If You Had Experience with GCP or Azure platforms Prior exposure to client communication, especially over calls Ability to coordinate across multiple teams for resolving infrastructure issues Familiarity with DevSecOps tools like Snyk, Trivy, OpenVAS beyond basic usage Deep understanding of high-availability infrastructure setups and disaster recovery strategies Hands-on with performance optimization and cost-efficient architecture on cloud platforms

Engineering at Innovaccer With every line of code, we accelerate our customers' success, turning complex challenges into innovative solutions. Collaboratively, we transform each data point we gather into valuable insights for our customers. Join us and be part of a team that's turning dreams of better healthcare into reality, one line of code at a time. Together, we’re shaping the future and making a meaningful impact on the world. About the Role We at Innovaccer are looking for an Security Engineer-II for SecOps who will be responsible to perform real time monitoring, analysis of the security events and administration of Security tools. This role will encompass the use of a broad range of security domains (Monitoring, Endpoint Security, Data Security, Cloud Security, VAPT). This role would be a great opportunity to learn and grow as you would be exposed to multiple security domains at single time. A Day in the Life Vulnerability Assessment & Penetration Testing. This role requires being available on call during weekends and off hours. Proficiency in Data Security will be preferred. Corporate IT Penetration testing like Wifi, Router, LAN, etc. Familiarization with AWS, Azure & GCP. Perform analysis of events generated by the DLP solution and follow defined process to escalate any potential incidents Triage, Investigate, document, and report on information security events. Partial Administration and Contribution to the configuration and maintenance of security solutions such as Antivirus, Data Leak Prevention, Host Intrusion Detection Systems (HIDS), Network Intrusion Detection Systems (NIDS), and Security Information and Event Management (SIEM). Integration of devices like Linux and Windows machines, Antivirus, Firewalls, IDS/IPS, Web Servers etc. Creation of Use Cases, dashboards based on the requirements. Supervising Continuity & Recovery activity with Cloud Engineering Team Exposure of Data Leak Prevention (DLP) Conduct security assessments on infrastructure and deliver reports detailing assessment observations and associated recommendations for information security program development to meet security and compliance standards. Governance of Cloud Infrastructure (AWS/Azure/GCP) Reviewing IAM roles and performing config audits on cloud infra. Work closely with DevOps, Engineering, Product departments to remediate security related issues and incidents Good to have proficiency in Scripting & Automation CEH, OSCP, OSCE, Security+ and other likewise security certifications is desirable What You Need Bachelor’s degree in Information Technology, Computer Science Engineering preferred Minimum 5 to 8 years of professional experience in Cybersecurity. Prior experience with core security technologies (Kali Linux, Network Security, Nessus). Strong understanding of TCP/IP Protocols, network analysis, security applications and devices, vulnerability management, and standard Internet protocols and applications. Proficient with OpenVAS, Nessus, nmap, etc. Experience in Cloud Security AWS Security Hub,, Azure Security Center. Familiar with Amazon AWS/Microsoft Azure services as an IaaS/PaaS containers (Dockers/Kubernetes). Reporting & incident management. Able to work independently, being a team player, ability to work well under pressure. Able to multi-task, prioritize, and manage time effectively. Collaborates effectively and communicates efficiently. Work in 24x7 environment. Proficient in opensource tools & technologies. Ready to take up more responsibilities along-with existing role. Here’s What We Offer Generous Leaves: Enjoy generous leave benefits of up to 40 days. Parental Leave: Leverage one of industry's best parental leave policies to spend time with your new addition. Sabbatical: Want to focus on skill development, pursue an academic career, or just take a break? We've got you covered. Health Insurance: We offer comprehensive health insurance to support you and your family, covering medical expenses related to illness, disease, or injury. Extending support to the family members who matter most. Care Program: Whether it’s a celebration or a time of need, we’ve got you covered with care vouchers to mark major life events. Through our Care Vouchers program, employees receive thoughtful gestures for significant personal milestones and moments of need. Financial Assistance: Life happens, and when it does, we’re here to help. Our financial assistance policy offers support through salary advances and personal loans for genuine personal needs, ensuring help is there when you need it most. Innovaccer is an equal-opportunity employer. We celebrate diversity, and we are committed to fostering an inclusive and diverse workplace where all employees, regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, marital status, or veteran status, feel valued and empowered. Disclaimer: Innovaccer does not charge fees or require payment from individuals or agencies for securing employment with us. We do not guarantee job spots or engage in any financial transactions related to employment. If you encounter any posts or requests asking for payment or personal information, we strongly advise you to report them immediately to our HR department at px@innovaccer.com. Additionally, please exercise caution and verify the authenticity of any requests before disclosing personal and confidential information, including bank account details. About Innovaccer Innovaccer activates the flow of healthcare data, empowering providers, payers, and government organizations to deliver intelligent and connected experiences that advance health outcomes. The Healthcare Intelligence Cloud equips every stakeholder in the patient journey to turn fragmented data into proactive, coordinated actions that elevate the quality of care and drive operational performance. Leading healthcare organizations like CommonSpirit Health, Atlantic Health, and Banner Health trust Innovaccer to integrate a system of intelligence into their existing infrastructure, extending the human touch in healthcare. For more information, visit www.innovaccer.com. Check us out on YouTube, Glassdoor, LinkedIn, Instagram, and the Web.

Your role spans designing CI/CD workflows, managing and automating cloud infrastructure (AWS/GCP/Azure), containerizing and orchestrating environments, enabling infrastructure as code, enhancing observability, and enforcing best-in-class security- all while collaborating across teams to power resilient and scalable deployments. What You’ll Be Doing Undertake ongoing management, maintenance and administration activity of remote server(s) for clients. Attend, manage and rectify technical support queries belonging to active managed hosting services contracts. Work on performance tuning, package pulling/installation, updates patch management, network and server management issues. Managing helpdesk/tickets and technical support operations for all clients along with planning of scheduled maintenance where ever required. Learn new technologies and convert them into customer solutions. Achieve successful onboarding of new clients onto the hosting infrastructure. Streamline deployment processes with automation to faster and secure deployment Diagnosing, troubleshooting, and rectification of various system resources, software components, or other network infrastructure related problems. Manage dedicated & virtual servers environment onboarding setups and assist applications deployments as-well-as migration. Mentoring Network and IT team on various aspects and maintaining ongoing assistance for all vital priorities. Constantly improve security practices, deployment and automation methodologies Maintain Health check report of IT-Infrastructure, Break-down reports and other analytics as required by management. Accountable for compliance of ISO and other security standards What We’d Love To See Design, implement, and maintain CI/CD pipelines using GitLab, GitHub Actions, or Jenkins. Manage deployments across AWS, GCP, and Azure environments. Provision and manage cloud infrastructure using Terraform/CloudFormation templates. Containerize and orchestrate workloads using Docker and Kubernetes (EKS/AKS/GKE). Set up monitoring, logging, and alerting (CloudWatch, Prometheus, Grafana, Site24x7, New Relic). Ensure cloud infrastructure security with IAM, network security groups, firewalls, and secrets management. Troubleshoot cloud and deployment issues, participate in on-call rotations. Collaborate with development teams for efficient build and deployment workflows. It’d Be Great If You Had Experience with GCP or Azure platforms Prior exposure to client communication, especially over calls Ability to coordinate across multiple teams for resolving infrastructure issues Familiarity with DevSecOps tools like Snyk, Trivy, OpenVAS beyond basic usage Deep understanding of high-availability infrastructure setups and disaster recovery strategies Hands-on with performance optimization and cost-efficient architecture on cloud platforms

As a member of the Vulnerability Management task force, you will be responsible for ensuring the regular patching and security of Linux systems. This includes performing operating system and third-party application patching on Linux servers and end-user devices. You will collaborate with cross-functional teams to identify dependencies and schedule maintenance windows for OS and application patching. Additionally, you will be expected to generate and maintain monthly patch baseline and compliance reports. Your role will also involve participating in Root Cause Analysis (RCA) and Problem Management discussions when necessary, ensuring compliance with organizational policies, processes, and procedures, as well as supporting and executing projects related to vulnerability management and patching. You should be able to independently manage assigned tasks and projects with minimal supervision. In terms of technical experience, you should have strong administration, management, and troubleshooting expertise in Linux operating systems such as RHEL, Ubuntu, and CentOS. Hands-on experience with Linux patch management tools like Spacewalk, Red Hat Satellite, Ansible, or SUSE Manager is essential. You should also possess proven knowledge in vulnerability remediation, security hardening, and compliance enforcement, along with experience using vulnerability scanning tools like Tenable Nessus, Qualys, or OpenVAS. Proficiency in using package management tools such as YUM, DNF, APT, and Zypper is required, as well as familiarity with automation tools like Ansible, Chef, or Puppet for streamlined patch deployment. Exposure to containerized environments and best security practices for Docker and Kubernetes is desirable, along with knowledge of virtualization and cloud platforms including AWS, Azure, or Google Cloud Platform (GCP). In terms of professional attributes, you should have strong communication skills to convey technical issues clearly to business stakeholders. Effective presentation skills for delivering vulnerability and patching status updates are also important. You should have excellent multitasking ability, with experience managing large-scale and concurrent patching projects. Overall, this role requires expertise in Linux, Patching, and Vulnerability management, specifically with tools like Tenable, Nessus, Qualys, or OpenVAS.,

Role Summary The application security program is designed to ensure that any software developed or acquired meets stringent standards while enabling rapid innovation to meet customers ever? changing needs. The Application Security Engineer is responsible for providing application security services including secure coding techniques, security testing support and guidance for software development : Integrating security tools, standards, and processes into the product life cycle (PLC) Perform regular vulnerability assessment and penetration testing for Infrastructure, web applications, web services, mobile apps Supporting the incident response and architecture review processes whenever application security expertise is needed Identify, analyse and assess technical and organisational cybersecurity vulnerabilities Identify attack vectors, uncover and demonstrate exploitation of technical cybersecurity vulnerabilities Test systems and operations compliance with regulatory standards Select and develop appropriate penetration testing techniques Organise test plans and procedures for penetration testing Establish procedures for penetration testing result analysis and reporting Document and report penetration testing results to stakeholders Deploy penetration testing tools and test programs Managing annual penetration testing services, including both expert consulting and managed service Providing manual penetration testing and standards gap analysis services to internal business and technology partners Managing application framework and perimeter security improvement projects. Supporting vendor due diligence assessments to ensure 3rd party software meets Lebara security standards Producing metrics reporting the state of application security programs and performance of development teams against & EXPERIENCE : Familiarity and ability to explain common security flaws and ways to address them (e.g., OWASP Top 10, Sans 25) Basic development or scripting experience and skills. JavaScript, React, Node, .Net and/or Java are preferred A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols) Familiarity with some common security libraries and tools (e.g., static analysis tools, proxying / penetration testing tools) Knowledge of the SSDLC process and its components. Knowledge in SOA (service-oriented architecture), Rest API technology and the API Gateway concept Knowledge of one of the three leading cloud services : Azure, GCP or AWS Experience in pen testing IaaS, SaaS, PaaS services, Container servers Experience in pen testing cloud services such as AWS, Azure Should have experience in vulnerability risk scoring system EPSS, CVSS etc. Experience in using opensource vulnerability intelligence to predict Must be proficient with security configuration standards such as CIS benchmark, NIST etc. Experience in maintaining external attack surface security posture Should have experience with attack path management Should have experience in Red Teaming exercises Should have experience in defense evasion, lateral movements, and privilege escalations techniques Very good knowledge in MITRE ATT&CK Framework & TTPS Very good knowledge in Windows operating system Very good knowledge in Linux servers Experience in pentest tools such as Kali Linux, Nmap NSE, Bloodhound, Metasploit, Password Crackers, Mimi Katz etc. Experience in vulnerability's scanner such as Rapid7 InsightVM, Tenable.io, Burp Suite, OpenVAS, NMAP NSE etc. Very good knowledge in scripting languages such as bash, python, PowerShell etc. Experience in application technology security testing (white box, black box and code review) Understanding of Apache web server and Unix server operating systems Knowledge of standard SDLC practices Ideally a relevant certification such as CISSP, CEH, OSCP, or CSSLP (ref:hirist.tech)

Job Overview: We are looking for a talented and experienced Application Security Engineer to join our team. The ideal candidate will have a strong understanding of application security standards, tools, and methodologies and will be responsible for conducting security assessments, penetration testing, and vulnerability analysis for web and mobile applications. This role requires hands-on experience with both automated and manual testing tools, familiarity with security mechanisms, and a commitment to improving the overall security posture of the organization. Key Responsibilities: • Conduct security assessments for both web and mobile applications. • Perform vulnerability assessments and penetration tests using tools such as Burp Suite Pro, AppScan, Veracode, Fortify, WebInspect, Acunetix, etc. • Leverage mobile application testing tools like Drozer, Xposed, MobSF, SSLTrustKiller, Frida, apktool, dex2jar, jadx, and IDA for iOS and Android applications. • Conduct thorough testing of APIs to identify security flaws. • Utilize OWASP and SANS standards to guide security practices. • Stay up to date with the latest security testing tools, techniques, and ethical hacking methodologies. • Compile and present risk-based findings to stakeholders, providing detailed reports and suggesting appropriate mitigations. • Provide expertise on penetration testing methodologies, including black box, grey box, and white box testing. • Demonstrate proficiency with common penetration testing tools such as nmap, Wireshark, Kali Linux, Metasploit, OpenVAS, OWSAP ZAP, Accunetix, Nikto, Nessus, and sqlmap. • Assist development teams with implementing penetration tests as part of the Secure Software Development Life Cycle (Secure SDLC). • Create and refine security checklists tailored to organizational needs. • Ensure continuous security improvement by making suggestions for system and process enhancements. • Experience working with SaaS, IaaS, and PaaS environments, helping integrate and optimize security technologies and processes. Skills and Qualifications: • Proficiency with OWASP Top 10 and SANS security standards. • Strong experience in using security assessment tools, including both static (SAST) and dynamic (DAST) application security testing tools. • Hands-on experience with mobile application security testing and mobile-specific vulnerabilities. • Proficient with web technologies such as J2EE, XML, JSON, SOAP, REST, and AJAX. • Basic programming knowledge in Java, JavaScript, and SQL. • Familiarity with encryption, authentication, and authorization techniques for secure software development. • Experience in automating security testing using scripting languages like Python, Bash, or Java. • Knowledge of network security and vulnerability assessment practices. • Experience in Secure Code Review and identifying vulnerabilities in the source code. • Strong understanding of various security techniques and risk assessment processes. Certifications: • Certified Ethical Hacker (CEH) or equivalent certifications related to application security. Desired Competencies: • OWASP, Burp Suite, Web Application Security, Acunetix, Vulnerability Assessment, Network Security, Mobile Application Security. • Proficient in Secure Code Review, Python, Bash, Java, and Automation scripting.

About The Opportunity Cybersecurity / Ethical Hacking Internship (Remote, Unpaid) A fast-growing organization operating in the Information Security & Networking sector, delivering managed security, penetration testing, and secure network design to enterprise and mid-market customers. We seek curious, hands-on interns to join a remote SOC and engineering team focused on real-world security monitoring, incident response, and vulnerability remediation across cloud and on-prem environments. Role & Responsibilities Monitor security telemetry and alerts in SIEM platforms; triage, validate, and escalate incidents following defined playbooks. Perform vulnerability scans and basic penetration testing on assigned systems; document findings and recommend remediation steps. Investigate suspicious activity using log analysis, packet captures, and host forensics; produce clear incident summaries and timelines. Develop automation scripts (Python/Bash) to enrich alerts, reduce false positives, and streamline repetitive SOC tasks. Support secure configuration reviews for cloud and network assets; assist in implementing basic hardening recommendations. Collaborate with senior engineers on threat hunting, signature tuning, and knowledge-base updates to raise detection coverage. Skills & Qualifications Must-Have Enrolled in or recent graduate of a degree/diploma in Computer Science, Information Security, Cyber Security or related field. Strong Linux command-line comfort and basic Windows troubleshooting skills. Practical experience with at least one scripting language (Python/Bash/PowerShell) for automation. Familiarity with networking fundamentals (TCP/IP, DNS, ports) and common security tools (Nmap, Wireshark). Good written and verbal communication; able to produce concise incident reports and remediation guidance. Preferred Hands-on exposure to SIEMs (Splunk/Elastic/QRadar) or logging stacks and alert tuning. Knowledge of vulnerability scanners (Nessus/OpenVAS) or basic pentesting lab experience (OWASP, Kali). Familiarity with cloud security concepts (AWS/Azure) and common hardening patterns. Benefits & Culture Highlights 100% remote internship open to candidates based in India with flexible working hours. Mentorship from experienced security engineers, regular hands-on learning, and exposure to client-grade environments. Certificate of completion, letter of recommendation for high performers, and potential conversion to a full-time role. Full time opportunity is also open after internship. Internship Details Type: Internship (Unpaid, learning-focused) Mode: Remote (Work from Anywhere) Duration: 4–5 months (flexible) Openings: 10 Perks: Certificate of Completion, Letter of Recommendation (LOR), Mentorship, Full-time opportunities for top performers. This role is ideal for proactive learners seeking practical SOC and security-engineering experience. If you enjoy investigating incidents, automating workflows, and building defensive controls, apply with your resume and a short note describing a security project or lab exercise you completed. Note: This is a unpaid internship.Skills: cybersecurity,ethical hacking,penetration testing,vulnerability assessment,network security,soc,python,security,incident response,cloud security,bash,cloud,remediation,vulnerability,automation,completion,cyber,shell scripting,wireshark,burp suite,kali linux,nessus,openvas,siem,splunk,elastic,qradar,information security,aws,azure,gcp,firewalls,ids/ips,soar,owasp top ten,risk assessment,security audits,malware analysis

Location: Bangalore, Karnataka Department: Engineering Posted: 7/23/2025 Location Name: IN1013 / IN69 (IN - Bangalore Bellandur 1316) Wage: Depends on Experience Annual Position Type: Salary Full Time Join our team and help shape the future of connectivity indoors and outdoors. Together, let's push the boundaries of technology and advance sustainable networks worldwide. How You'll Help Us Connect The World We are seeking a skilled and experienced Platform and Network Security Expert to lead and enhance security measures across the infrastructure of our DAS and RAN products, while also operationalizing and upholding security measures and policies defined by Andrew's security team. This role focuses on securing 4G/5G components and their management systems, ensuring compliance with telecom security standards, as well as the security requirements from operators and customers. It also involves detecting vulnerabilities and working closely with operators, vendors, and internal SW and HW development teams. As a Principal System Security Engineer, you will be responsible for the security aspects of the RAN and DAS products as part of the ICN business unit of Andrew. You Will Make An Impact By Designing and defining security policies and requirements for RAN and DAS systems Architect secure environments across Linux/Windows systems, Kubernetes, and container platforms. Implement least privilege access, strong authentication, and patch management. Performing risk assessments, threat modeling, and vulnerability analysis on RAN elements and AWS cloud hosting. Preparing responses to customer security requirements and questionnaires. Collaborating with engineering teams to ensure security is embedded in network design and deployment. Monitoring for and responding to security incidents involving RAN equipment and interfaces. Validating the security of vendor software/hardware and ensuring adherence to 3GPP, NIST, and GSMA standards. Defining and enforcing security configurations (e.g., secure boot, firmware validation, secure signaling). Engaging in penetration and other security testing, evaluating and prioritizing security vulnerabilities. Engaging with security test houses and evaluating their test plans and test reports. Working with internal and external stakeholders on compliance audits and regulatory requirements (e.g., O-RAN, RED, NESAS, NCSC, GDPR). Developing tools/scripts to automate RAN security monitoring, cloud infrastructures, vulnerability management, system audits, security baselining and reporting. Staying up-to-date with emerging threats and mitigation strategies specific to telecom infrastructure. Implementing and maintaining security policies and configurations for AWS cloud infrastructure in alignment with Andrew's security team directives and governance frameworks Applying and operationalizing the policies, standards, and controls designed by the central security team and ensuring alignment across product security implementations. Required Qualifications For Consideration Bachelor's or Master's degree in Telecommunications, Computer Science, Cybersecurity/Information security or related field. 10+ years of experience in the Telecommunications and Cellular industry with at least 5 years of experience in telecom network security, especially in RAN and DAS products Security. Expertise in mobile network security principles, PKI, TLS, IPSec, and Zero touch provisioning. Experience with base station software (e.g., O-RAN, vRAN) and vendor-specific RAN solutions. Knowledge of O-RAN architecture and Open RAN Security groups. Knowledge of cloud infrastructure and cloud security. Familiarity with security frameworks like 3GPP SA3, GSMA FS.33/FS.37, and NESAS/SCAS, NIST, CIS Benchmarks, etc. Proficiency in security testing tools (e.g., Nessus, OpenVAS, Burp Suite, or telecom-specific security scanners). Knowledge of Linux security, secure coding practices, and scripting (Python, Bash). Strong communication and cross-functional collaboration skills, especially in interfacing with centralized security teams and development stakeholders. You Will Excite Us If You Have certifications such as CISSP, CEH, GICSP, or vendor-specific security certifications. Have experience with AI/ML-based threat detection in telecom networks. Have knowledge of 3GPP standards, especially for 4G/5G RAN architecture and interfaces (e.g., X2, S1, NG, F1). Have hands-on experience with telco cloud environments (e.g., Kubernetes, OpenStack, CNFs). Why ANDREW? Explore exciting career opportunities at ANDREW, part of the Amphenol family. With a legacy of over 85 years in wireless innovation, we empower mobile operators and enterprises with cutting-edge solutions. ANDREW, an Amphenol company, is proud of our reputation as an excellent employer. Our focus is to provide the highest level of support and responsiveness to both our employees and our customers, the world's largest technology companies. ANDREW offers the opportunity for career growth within a global organization. We believe that our company is unique in that every employee, regardless of his or her position, has the ability to positively impact the business. ANDREW is an "Equal Opportunity Employer" - Minority/Female/Disabled/Veteran/Sexual Orientation/Gender Identity/National Origin. For additional company information, please visit our website at https://www.andrew.com.

ECI is the leading global provider of managed services, cybersecurity, and business transformation for mid-market financial services organizations across the globe. From its unmatched range of services, ECI provides stability, security and improved business performance, freeing clients from technology concerns and enabling them to focus on running their businesses. More than 1,000 customers worldwide with over $3 trillion of assets under management put their trust in ECI. At ECI, we believe success is driven by passion and purpose. Our passion for technology is only surpassed by our commitment to empowering our employees around the world . The Opportunity: ECI has an exciting opportunity for a Network Compliance & Assurance Technical Lead , who is responsible to overseeing and ensuring the security, compliance, and integrity of our enterprise network infrastructure. The ideal candidate will have deep expertise in network vulnerability assessments, compliance assurance, and governance frameworks. This role involves leading a team of engineers to identify, mitigate, and monitor risks while ensuring adherence to industry standards and regulatory requirements. This is an onsite role. What you will do: Leadership & Collaboration Lead and mentor a team of compliance and network security engineers, fostering a culture of excellence and continuous learning. Collaborate with IT leadership, security teams, and compliance officers to establish and maintain a secure and compliant network infrastructure. Develop and communicate compliance strategies and progress reports to stakeholders and executive leadership. Network Vulnerability Management Conduct regular vulnerability assessments, penetration testing, and risk analyses on network infrastructure. Oversee the remediation of identified vulnerabilities, ensuring timely resolution to maintain compliance with organizational and regulatory requirements. Utilize tools such as Nessus, Qualys, and OpenVAS to continuously monitor network security posture. Compliance Assurance Implement and enforce compliance with regulatory frameworks such as PCI-DSS, HIPAA, GDPR, SOX, and NIST. Develop and maintain network security policies, standards, and procedures, ensuring alignment with industry best practices. Conduct audits to validate compliance with internal policies and external regulations and prepare detailed compliance reports. Serve as the primary point of contact for internal and external audits related to network security and compliance. Security Architecture & Best Practices Design and implement secure network architectures to mitigate risks and ensure data confidentiality, integrity, and availability. Define and enforce access controls, including role-based access and least privilege principles. Collaborate with network design teams to ensure security is integrated into all network implementations. Automation & Monitoring Automate compliance checks and vulnerability scans using scripting tools such as Python or Ansible. Implement continuous monitoring solutions to ensure real-time compliance and security visibility. Analyze and interpret monitoring data to proactively address potential compliance issues. Documentation & Training Create and maintain detailed documentation, including network security policies, vulnerability remediation plans, and audit reports. Train staff on network security and compliance best practices, fostering awareness and reducing risks. Who you are: Bachelor’s degree in Computer Science, Information Security, or a related field. Minimum of 7 years of experience in network compliance, security, or vulnerability management roles. Proven leadership experience in a technical or compliance-focused role. Expertise in vulnerability management tools (Nessus, Qualys, OpenVAS) and network security frameworks. Strong knowledge of regulatory compliance standards, such as PCI-DSS, HIPAA, GDPR, SOX, and NIST. Proficiency in designing secure network architectures and implementing access control systems. Hands-on experience with firewall technologies, intrusion detection/prevention systems, and secure VPNs. Familiarity with SIEM platforms (Splunk, QRadar, etc.) for threat monitoring and compliance reporting. Experience with scripting languages (Python, Bash) and automation tools (Ansible, Terraform). Bonus points if you have: Experience with cloud security and compliance in AWS, Azure, or Google Cloud environments. Familiarity with Zero Trust principles and implementation. Certifications such as CISSP, CISM, CRISC, CEH, or CISA are highly desirable. Passionate about leading compliance efforts, mitigating network vulnerabilities, and ensuring regulatory adherence in a complex network environment. Strong leadership and mentoring skills. Effective communication and collaboration skills with technical and non-technical stakeholders. Ability to thrive in a dynamic and fast-paced environment. ECI’s culture is all about connection – connection with our clients, our technology and most importantly with each other. In addition to working with an amazing team around the world, ECI also offers a competitive compensation package and so much more! If you believe you would be a great fit and are ready for your best job ever, we would like to hear from you! Love Your Job, Share Your Technology Passion, Create Your Future Here!

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Associate Vulnerability Assessment Specialist is an entry level role, responsible for assisting in identifying, assessing, and mitigating vulnerabilities within the company's systems and infrastructure. This role works closely with more senior team members within the vulnerability management team to conduct assessments, analyze findings, and recommend remediation actions. Key responsibilities: Conducts vulnerability scans using automated tools and assist in manual assessments to identify vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and determine the severity and potential impact of identified vulnerabilities. Assists in evaluating the potential risks associated with identified vulnerabilities. Analyzes the context, potential attack vectors, and business impact to prioritize vulnerabilities based on risk severity and exploitability. Collaborates with system owners, administrators, and IT teams to provide guidance on vulnerability remediation. Recommends mitigation measures, configuration changes, and patches to address identified vulnerabilities. Tracks and verifies the closure of remediation actions. Assists in preparing vulnerability assessment reports, documenting assessment findings, and recommending risk mitigation strategies. Maintains accurate records of vulnerability assessments, tracking progress, and maintaining vulnerability databases. Utilizes vulnerability assessment tools and technologies to conduct scans, analyze results, and assist in identifying emerging threats. Stays updated with the latest vulnerabilities, exploits, and security trends to enhance assessment methodologies. Works closely with cross-functional teams, including IT operations, development teams, and security stakeholders, to communicate vulnerability findings, mitigation strategies, and remediation progress. Provides guidance and assistance to ensure a coordinated response to vulnerabilities. Participates in security awareness programs and provide training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene to promote a culture of security awareness. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Identifies areas for improvement and recommend solutions to enhance efficiency and effectiveness in vulnerability management practices. Performs any other task as required. To thrive in this role, you need to have: Familiarity with vulnerability assessment methodologies, tools, and industry best practices. Basic understanding of networking concepts, operating systems, and common software vulnerabilities. Knowledge of vulnerability scanning tools such as Nessus, OpenVAS, Qualys, or similar tools. Understanding of risk analysis principles and the ability to assess the business impact of vulnerabilities. Familiarity with vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Good analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend remediation actions. Good communication skills, both written and verbal, to effectively communicate technical concepts to non-technical stakeholders. Ability to collaborate and work effectively in cross-functional teams. Familiarity with security frameworks and standards, such as NIST, ISO 27001, or CIS Controls, is advantageous. Academic qualifications and certifications: Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications, such as Certified Ethical Hacker (CEH), CompTIA Security+, or GIAC Certified Penetration Tester (GPEN), are beneficial but not required. Required experience: Entry level of relevant experience in information security or related roles, with a focus on conducting vulnerability assessments and driving remediation efforts. Entry level of demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, penetration testing, or code review. Workplace type : Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Vulnerability Assessment Specialist is a seasoned subject matter expert, responsible for conducting advanced vulnerability assessments, identifying vulnerabilities, and provides expert recommendations to mitigate security risks to ensure the security and integrity of the organization's systems and infrastructure. This role requires collaboration with cross-functional teams, and they lead/perform vulnerability assessments, analyze findings, and provide recommendations to mitigate security risks and contributes to the improvement of vulnerability management practices. Key responsibilities: Conducts vulnerability assessments using automated scanning tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and prioritizes vulnerabilities based on severity, impact, and exploitability. Assesses the potential risks associated with identified vulnerabilities. Analyzes the business impact, likelihood of exploitation, and potential attack vectors to prioritize remediation efforts based on risk severity. Provides detailed remediation recommendations to system owners, administrators, and IT teams. Collaborates to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Utilizes vulnerability scanning tools such as Nessus, OpenVAS, Qualys, or similar tools to conduct scans, configure scan policies, and fine-tune scan parameters for accurate and comprehensive assessments. Prepares vulnerability assessment reports, documenting assessment findings, risk analysis, and recommended actions. Communicates assessment results to stakeholders, including technical and non-technical audiences, in a clear and concise manner. Collaborates with cross-functional teams, including IT operations, development teams, and security stakeholders, to ensure effective communication, coordination, and alignment on vulnerability management efforts. Communicates technical concepts and recommendations to non-technical stakeholders. Participates in security awareness programs and provides training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene. Promotes a culture of security awareness within the organization. Collaborates with incident response teams to identify and address vulnerabilities associated with security incidents. Provides support during incident response efforts and contribute to post-incident analysis and remediation. Stays updated with the latest security trends, emerging vulnerabilities, and industry best practices. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Shares knowledge and provides guidance to improve vulnerability management practices. Performs any other related task as required. To thrive in this role, you need to have: Seasoned understanding of vulnerability assessment methodologies, tools, and industry best practices. Seasoned understanding of networking concepts, operating systems, and common software vulnerabilities. Solid proficiency in using vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Seasoned knowledge of risk analysis principles and the ability to assess the business impact of vulnerabilities. Solid knowledge of vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Strong analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend effective remediation actions. Excellent written and verbal communication skills to prepare vulnerability assessment reports and effectively communicate technical information to diverse stakeholders. Excellent collaboration and teamwork skills to work effectively with cross-functional teams and stakeholders. Seasoned familiarity with security frameworks, standards, and regulatory compliance requirements. Academic qualifications and certifications: Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or GIAC Certified Vulnerability Assessor (GCVA) are beneficial. Required experience: Seasoned demonstrated experience in information security or related roles, with a focus on conducting vulnerability assessments and providing remediation recommendations. Seasoned demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, penetration testing, or code review. Workplace type: Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Associate Vulnerability Assessment Specialist is an entry level role, responsible for assisting in identifying, assessing, and mitigating vulnerabilities within the company's systems and infrastructure. This role works closely with more senior team members within the vulnerability management team to conduct assessments, analyze findings, and recommend remediation actions. Key responsibilities: Conducts vulnerability scans using automated tools and assist in manual assessments to identify vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and determine the severity and potential impact of identified vulnerabilities. Assists in evaluating the potential risks associated with identified vulnerabilities. Analyzes the context, potential attack vectors, and business impact to prioritize vulnerabilities based on risk severity and exploitability. Collaborates with system owners, administrators, and IT teams to provide guidance on vulnerability remediation. Recommends mitigation measures, configuration changes, and patches to address identified vulnerabilities. Tracks and verifies the closure of remediation actions. Assists in preparing vulnerability assessment reports, documenting assessment findings, and recommending risk mitigation strategies. Maintains accurate records of vulnerability assessments, tracking progress, and maintaining vulnerability databases. Utilizes vulnerability assessment tools and technologies to conduct scans, analyze results, and assist in identifying emerging threats. Stays updated with the latest vulnerabilities, exploits, and security trends to enhance assessment methodologies. Works closely with cross-functional teams, including IT operations, development teams, and security stakeholders, to communicate vulnerability findings, mitigation strategies, and remediation progress. Provides guidance and assistance to ensure a coordinated response to vulnerabilities. Participates in security awareness programs and provide training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene to promote a culture of security awareness. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Identifies areas for improvement and recommend solutions to enhance efficiency and effectiveness in vulnerability management practices. Performs any other task as required. To thrive in this role, you need to have: Familiarity with vulnerability assessment methodologies, tools, and industry best practices. Basic understanding of networking concepts, operating systems, and common software vulnerabilities. Knowledge of vulnerability scanning tools such as Nessus, OpenVAS, Qualys, or similar tools. Understanding of risk analysis principles and the ability to assess the business impact of vulnerabilities. Familiarity with vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Good analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend remediation actions. Good communication skills, both written and verbal, to effectively communicate technical concepts to non-technical stakeholders. Ability to collaborate and work effectively in cross-functional teams. Familiarity with security frameworks and standards, such as NIST, ISO 27001, or CIS Controls, is advantageous. Academic qualifications and certifications: Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications, such as Certified Ethical Hacker (CEH), CompTIA Security+, or GIAC Certified Penetration Tester (GPEN), are beneficial but not required. Required experience: Entry level of relevant experience in information security or related roles, with a focus on conducting vulnerability assessments and driving remediation efforts. Entry level of demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, penetration testing, or code review. Workplace type: Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

This position is posted by Jobgether on behalf of SUTHERLAND GLOBAL COLLECTION SERVICES LLC. We are currently looking for a Lead-Infrastructure in India. This role offers the opportunity to lead and enhance an organization's IT infrastructure, focusing on security, vulnerability management, and system optimization. The Lead-Infrastructure professional will be responsible for assessing risks, implementing remediation strategies, and ensuring compliance with industry standards. You will work across multiple platforms, including Linux and Windows systems, and guide teams in applying security best practices. This position is ideal for someone who thrives in a fast-paced, technology-driven environment, enjoys solving complex IT challenges, and is committed to continuous improvement. You will play a critical role in protecting and enhancing organizational technology, driving operational excellence, and enabling secure business growth. Accountabilities Review and interpret vulnerability assessment reports from tools such as Nessus, Qualys, OpenVAS, Nexpose, or Rapid7 Prioritize vulnerabilities using risk assessment frameworks like CVSS and coordinate remediation efforts Implement security best practices, including system hardening, access control management, and patching Apply cybersecurity frameworks such as NIST, CIS Controls, ISO/IEC 27001, and ITIL to guide security initiatives Manage patch deployment processes for applications, operating systems, and network devices Utilize scripting languages (Python, PowerShell, Bash) to automate repetitive tasks such as patching and vulnerability remediation Provide technical guidance across Linux, Windows, and other IT platforms to mitigate vulnerabilities effectively Mentor and collaborate with team members, ensuring continuous skill development and adherence to security standards Requirements Minimum 2 years of experience in infrastructure management or vulnerability remediation Bachelor's degree or equivalent experience in IT, cybersecurity, or related fields Hands-on experience with deployment tools such as Group Policies, Microsoft Intune, and Microsoft Endpoint Configuration Manager (MECM) Knowledge of compliance and regulatory frameworks relevant to IT security Strong understanding of cybersecurity principles, patch management, and system hardening Proficiency in scripting for task automation and vulnerability management Excellent analytical, problem-solving, and communication skills Flexibility to work across different shifts and locations if required High standards of integrity and commitment to continuous improvement Benefits Fully remote or flexible work arrangements depending on team needs Exposure to advanced cybersecurity tools, frameworks, and best practices Opportunity to work on diverse IT platforms and systems Professional development and mentoring opportunities to grow technical expertise Participation in critical infrastructure and security projects impacting organizational operations Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching. When you apply, your profile goes through our AI-powered screening process designed to identify top talent efficiently and fairly. 🔍 Our AI evaluates your CV and LinkedIn profile thoroughly, analyzing your skills, experience, and achievements. 📊 It compares your profile to the job's core requirements and past success factors to determine your match score. 🎯 Based on this analysis, we automatically shortlist the 3 candidates with the highest match to the role. 🧠 When necessary, our human team may perform an additional manual review to ensure no strong profile is missed. The process is transparent, skills-based, and free of bias — focusing solely on your fit for the role. Once the shortlist is completed, we share it directly with the company that owns the job opening. The final decision and next steps (such as interviews or additional assessments) are then made by their internal hiring team. Thank you for your interest!

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Senior Associate Vulnerability Assessment Specialist is a developing subject matter expert, responsible for conducting vulnerability assessments, analyzing findings, and providing expert recommendations to mitigate security risks within the organization's systems and infrastructure. This role requires collaboration with cross-functional teams, and performs vulnerability assessments, analyzes findings, and provides recommendations to mitigate security risks. Key responsibilities: Conducts vulnerability scans using automated tools and manual techniques to identify vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and determine the severity, exploitability, and potential impact of identified vulnerabilities. Assesses the potential risks associated with identified vulnerabilities. Collaborates with system owners, administrators, and IT teams to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Conducts advanced vulnerability assessments, including application security assessments, penetration testing, and code review, to identify complex vulnerabilities and security weaknesses. Utilizes manual testing techniques and industry-standard methodologies. Utilizes and manages vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Configures and fine-tunes scan policies and parameters to enhance assessment accuracy and coverage. Prepares comprehensive vulnerability assessment reports, documenting assessment findings, risk analysis, and recommended actions. Communicates assessment results to stakeholders, including technical and non-technical audiences, in a clear and concise manner. Participates in security awareness programs and provide training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene. Foster a culture of security awareness within the organization. Participates in incident response efforts related to vulnerabilities, collaborate with cross-functional teams, and contribute to post-incident analysis. Identifies root causes, provide recommendations for improvement, and drive preventive measures. Collaborates with cross-functional teams, including IT operations, development teams, and security stakeholders, to ensure effective communication, collaboration, and alignment on vulnerability management goals. Builds relationships and influence stakeholders to drive remediation efforts. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Stays updated with the latest security trends, emerging vulnerabilities, and industry best practices. Performs any other related task as required. To thrive in this role, you need to have: Understanding of vulnerability assessment methodologies, tools, and industry best practices. Good understanding of networking concepts, operating systems, and common software vulnerabilities. Proficiency in using vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Knowledge of risk analysis principles and the ability to assess the business impact of vulnerabilities. Strong knowledge of vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Strong analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend effective remediation actions. Good written and verbal communication skills to prepare comprehensive reports and communicate technical information to diverse stakeholders. Familiarity with security frameworks, standards, and regulatory compliance requirements. Ability to collaborate and work effectively with stakeholders and cross-functional teams. Academic qualifications and certifications: Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or GIAC Certified Web Application Penetration Tester (GWAPT) are beneficial. Required experience: Moderate level of relevant experience in information security or related roles, with a focus on conducting vulnerability assessments and driving remediation efforts. Moderate level of demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, penetration testing, or code review Workplace type: Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Job Title: SOC & VAPT Analyst (Entry-Level) Location: Indore Experience: 0–1 Years Certification: CEH (Certified Ethical Hacker) – Mandatory Preferred: Local candidates from Indore or nearby regions Job Summary: We are seeking a highly motivated and detail-oriented SOC & VAPT Analyst to join our cybersecurity team. This is an entry-level role ideal for individuals with a passion for cybersecurity, a foundational understanding of ethical hacking, and CEH certification. You will play a crucial role in monitoring security events, analyzing threats, and supporting vulnerability assessment and penetration testing activities. Key Responsibilities:SOC (Security Operations Center) Responsibilities: Monitor security alerts and events from SIEM tools and other monitoring systems. Analyze and triage incidents to determine their severity and impact. Perform initial investigation and threat analysis on potential security incidents. Escalate validated incidents to senior analysts or incident response teams. Document incident details, response steps, and follow-up actions. VAPT (Vulnerability Assessment & Penetration Testing): Assist in performing internal and external vulnerability scans. Support penetration testing under the guidance of senior team members. Identify, analyze, and report vulnerabilities with actionable recommendations. Stay up to date with the latest security threats, vulnerabilities, and mitigation techniques. Required Skills & Qualifications: CEH (Certified Ethical Hacker) certification is mandatory . Basic knowledge of security monitoring tools, firewalls, IDS/IPS, and SIEM solutions. Familiarity with vulnerability scanning tools like Nessus, OpenVAS, etc. Understanding of common attack vectors, exploits, and countermeasures. Strong analytical and problem-solving skills. Good communication and documentation abilities. Educational Qualification: Bachelor's Degree in Computer Science, Information Technology, Cybersecurity, or a related field. Additional Preferences: Localized candidates from Indore or nearby areas are highly preferred . Internships or academic projects in cybersecurity will be an added advantage. Job Type: Full-time Pay: ₹15,000.00 - ₹16,000.00 per month Benefits: Cell phone reimbursement Paid time off Provident Fund Work Location: In person

Job Overview: We are looking for a talented and experienced Application Security Engineer to join our team. The ideal candidate will have a strong understanding of application security standards, tools, and methodologies and will be responsible for conducting security assessments, penetration testing, and vulnerability analysis for web and mobile applications. This role requires hands-on experience with both automated and manual testing tools, familiarity with security mechanisms, and a commitment to improving the overall security posture of the organization. Key Responsibilities: • Conduct security assessments for both web and mobile applications. • Perform vulnerability assessments and penetration tests using tools such as Burp Suite Pro, AppScan, Veracode, Fortify, WebInspect, Acunetix, etc. • Leverage mobile application testing tools like Drozer, Xposed, MobSF, SSLTrustKiller, Frida, apktool, dex2jar, jadx, and IDA for iOS and Android applications. • Conduct thorough testing of APIs to identify security flaws. • Utilize OWASP and SANS standards to guide security practices. • Stay up to date with the latest security testing tools, techniques, and ethical hacking methodologies. • Compile and present risk-based findings to stakeholders, providing detailed reports and suggesting appropriate mitigations. • Provide expertise on penetration testing methodologies, including black box, grey box, and white box testing. • Demonstrate proficiency with common penetration testing tools such as nmap, Wireshark, Kali Linux, Metasploit, OpenVAS, OWSAP ZAP, Accunetix, Nikto, Nessus, and sqlmap. • Assist development teams with implementing penetration tests as part of the Secure Software Development Life Cycle (Secure SDLC). • Create and refine security checklists tailored to organizational needs. • Ensure continuous security improvement by making suggestions for system and process enhancements. • Experience working with SaaS, IaaS, and PaaS environments, helping integrate and optimize security technologies and processes. Skills and Qualifications: • Proficiency with OWASP Top 10 and SANS security standards. • Strong experience in using security assessment tools, including both static (SAST) and dynamic (DAST) application security testing tools. • Hands-on experience with mobile application security testing and mobile-specific vulnerabilities. • Proficient with web technologies such as J2EE, XML, JSON, SOAP, REST, and AJAX. • Basic programming knowledge in Java, JavaScript, and SQL. • Familiarity with encryption, authentication, and authorization techniques for secure software development. • Experience in automating security testing using scripting languages like Python, Bash, or Java. • Knowledge of network security and vulnerability assessment practices. • Experience in Secure Code Review and identifying vulnerabilities in the source code. • Strong understanding of various security techniques and risk assessment processes. Certifications: • Certified Ethical Hacker (CEH) or equivalent certifications related to application security. Desired Competencies: • OWASP, Burp Suite, Web Application Security, Acunetix, Vulnerability Assessment, Network Security, Mobile Application Security. • Proficient in Secure Code Review, Python, Bash, Java, and Automation scripting.

Cloud & Compliance Security Specialist (4–6 Years Experience) Job Title: Cloud & Compliance Security Specialist Experience Required: 4–6 Years Location: Noida Job Type: Full-Time Department: Cyber Security Reporting to: Head/CISO Cyber Security. Role Overview: We are seeking a highly experienced and detail-oriented Cloud & Compliance Security Specialist to join our cybersecurity team. The ideal candidate will have a strong background in Governance, Risk, and Compliance (GRC), security technologies, and reporting/documentation. This role demands a strategic thinker with hands-on expertise in securing cloud environments across Various Cloud platforms. Key Responsibilities: 1. Security Technology & Operations – 50% · Design and implement cloud-native security controls and architectures (e.g., IAM, encryption, firewalls, WAFs, SIEM, CSPM, CWPP). · Monitor and respond to cloud security incidents using industry-standard tools and platforms for threat detection and analysis. · Integrate DevSecOps practices into CI/CD pipelines to ensure secure code deployment. · Perform threat modeling, vulnerability assessments, and penetration testing of cloud infrastructure. · Collaborate with DevOps and IT teams to ensure secure configuration and hardening of cloud resources. 2. Governance, Risk & Compliance (GRC) – 35% · Develop, implement, and maintain overall organizational security policies, standards, and procedures including Cloud security aligned with industry frameworks (e.g., ISO 27001, NIST, CIS, CSA). · Conduct risk assessments and cloud security audits to identify gaps and recommend mitigation strategies. · Ensure compliance with regulatory requirements such as DPDP, GDPR, HIPAA, PCI-DSS, and local data protection laws. · Collaborate with internal audit and legal teams to manage third-party risk assessments and vendor security reviews. · Lead security awareness and training programs across the organization. 3. Reporting & Documentation – 15% · Prepare detailed security reports, dashboards, and metrics for executive leadership and stakeholders. · Maintain comprehensive documentation of cloud security architecture, incident response plans, and audit findings. · Track and report on remediation efforts and risk mitigation progress. · Support internal and external audits with accurate and timely documentation. Required Skills & Qualifications: Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. 4–6 years of experience in cybersecurity with at least 4 years in cloud security. Strong knowledge of AWS, Azure, and/or GCP security services. Hands-on experience with security tools: Next Gen Firewalls, SIEM, WAF, CSPM, EDR, etc. Hands-on experience with DevSecOps, container security (Kubernetes, Docker), and Infrastructure as Code (Terraform, CloudFormation). Hands-on experience with various VA/PT tools including open source like OpenVas/OWASP Zap/Veracode/Nessus/Qualys etc. Certifications (Preferred): Cloud Security: CCSP, AWS Security Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer (any one of them) General Security & Compliance: CISA/ISO 27001 Lead Implementer/Auditor (any one of them)

At Arctic Wolf, we are redefining the cybersecurity landscape with our global team of Pack members committed to setting new industry standards. Our achievements speak for themselves, from being recognized in prestigious lists like the Forbes Cloud 100, CNBC Disruptor 50, and winning awards like the CRN Products of the Year. We are proud to be named a Leader in the IDC MarketScape for Worldwide Managed Detection and Response Services and to have earned the Customers" Choice distinction from Gartner Peer Insights. Arctic Wolf is not just leading but also shaping the future of security operations. Our mission is straightforward: End Cyber Risk. We are currently seeking a Security Developer to join us in achieving this goal. About The Role As a Security Developer at Arctic Wolf, you will work as a software developer focusing on enhancing the platforms threat, vulnerability, and configuration risk detection capabilities. Your primary objective will be to contribute to making security better for our clients daily. This role involves collaborating with team members, Product Management, Security Services, and other specialists to enhance the coverage and effectiveness of our Manage solution continuously. Your Responsibilities - Collaborate with team members to enhance coverage, efficiency, and deliver customer-facing and internal services. - Engage in the full software development lifecycle. - Develop well-designed, testable, efficient, and secure code for vulnerability and misconfiguration detection in areas such as Classic Endpoint Vulnerability And Config Management, Cloud Config And Posture Management. - Assist operational teams in resolving unexpected results, receiving feedback, and improving detection efficacy. Skills Requirements - Proficiency in at least one backend programming language like Go, Node.js, or Python. - Strong understanding and practical application of secure development practices. - Security-focused mindset with hands-on experience in operational security or security engineering. - Full understanding and use of DevOps methods and practices. - Familiarity with test-driven development (TDD) and robust testing strategies. - Experience with AWS, Docker, Kubernetes, IaC is an asset. Bonus Considerations For - Experience with 3rd Party Vulnerability Management tools, Cloud-based configuration and Security Posture Management tools, open-source vulnerability and pen-testing platforms. - IT Deployment backgrounds leveraging deployment automation tools like Salt or Ansible. Why Arctic Wolf At Arctic Wolf, we nurture a collaborative and inclusive work environment that values diversity of thought, background, and culture. Our commitment to growth and shaping the future of security operations is complemented by our dedication to customer satisfaction, with a vast customer base and global channel partners. We celebrate unique perspectives through our Pack Unity program and believe in corporate responsibility, giving back to the community. All employees at Arctic Wolf receive competitive compensation and benefits packages, including equity, flexible leave policies, training programs, comprehensive private benefits plan, fertility support, and more. Join us in our mission to End Cyber Risk and contribute to a safer digital world.,

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Vulnerability Assessment Specialist is a seasoned subject matter expert, responsible for conducting advanced vulnerability assessments, identifying vulnerabilities, and provides expert recommendations to mitigate security risks to ensure the security and integrity of the organization's systems and infrastructure. This role requires collaboration with cross-functional teams, and they lead/perform vulnerability assessments, analyze findings, and provide recommendations to mitigate security risks and contributes to the improvement of vulnerability management practices. Key responsibilities: Conducts vulnerability assessments using automated scanning tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and prioritizes vulnerabilities based on severity, impact, and exploitability. Assesses the potential risks associated with identified vulnerabilities. Analyzes the business impact, likelihood of exploitation, and potential attack vectors to prioritize remediation efforts based on risk severity. Provides detailed remediation recommendations to system owners, administrators, and IT teams. Collaborates to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Utilizes vulnerability scanning tools such as Nessus, OpenVAS, Qualys, or similar tools to conduct scans, configure scan policies, and fine-tune scan parameters for accurate and comprehensive assessments. Prepares vulnerability assessment reports, documenting assessment findings, risk analysis, and recommended actions. Communicates assessment results to stakeholders, including technical and non-technical audiences, in a clear and concise manner. Collaborates with cross-functional teams, including IT operations, development teams, and security stakeholders, to ensure effective communication, coordination, and alignment on vulnerability management efforts. Communicates technical concepts and recommendations to non-technical stakeholders. Participates in security awareness programs and provides training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene. Promotes a culture of security awareness within the organization. Collaborates with incident response teams to identify and address vulnerabilities associated with security incidents. Provides support during incident response efforts and contribute to post-incident analysis and remediation. Stays updated with the latest security trends, emerging vulnerabilities, and industry best practices. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Shares knowledge and provides guidance to improve vulnerability management practices. Performs any other related task as required. To thrive in this role, you need to have: Seasoned understanding of vulnerability assessment methodologies, tools, and industry best practices. Seasoned understanding of networking concepts, operating systems, and common software vulnerabilities. Solid proficiency in using vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Seasoned knowledge of risk analysis principles and the ability to assess the business impact of vulnerabilities. Solid knowledge of vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Strong analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend effective remediation actions. Excellent written and verbal communication skills to prepare vulnerability assessment reports and effectively communicate technical information to diverse stakeholders. Excellent collaboration and teamwork skills to work effectively with cross-functional teams and stakeholders. Seasoned familiarity with security frameworks, standards, and regulatory compliance requirements. Academic qualifications and certifications: Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or GIAC Certified Vulnerability Assessor (GCVA) are beneficial. Required experience: Seasoned demonstrated experience in information security or related roles, with a focus on conducting vulnerability assessments and providing remediation recommendations. Seasoned demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, penetration testing, or code review. Workplace type : Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

We are seeking a highly skilled and motivated Senior VAPT Consultant to join our growing cybersecurity team. This foundational role is ideal for someone who is passionate about offensive security and eager to contribute to a lean and agile environment. You'll play a critical part in leading and executing penetration tests, shaping internal methodologies, and mentoring junior talent. Key Responsibilities Conduct penetration testing on Web Applications, Networks, Infrastructure, and Cloud environments. Perform Vulnerability Assessments (VA) using tools like Nessus, OpenVAS, etc. Utilize industry-standard tools such as Burp Suite, Nmap, Metasploit, etc. Review and write detailed technical reports, outlining findings, risks (CVSS-based or similar), and actionable remediation guidance. Collaborate with clients to explain findings, articulate risks, and suggest mitigation strategies. Lead small-scale security projects or client engagements, ensuring quality and timely delivery. Mentor junior team members and enforce quality standards. Contribute to the development of tools, methodologies, and frameworks within the security practice Requirements 5-8+ years of professional experience in Information Security, with a strong focus on Vulnerability Assessment and Penetration Testing (VAPT). In-depth, hands-on experience with: Web App, Network, and Infra Pen Testing Cloud Security Testing (Azure/AWS) Familiarity with risk rating methodologies such as CVSS. Strong communication skills with the ability to interface with clients and present findings clearly. Proven ability to work independently in a fast-paced, startup-like environment. Preferred Certifications (Any of the following): OSCP / OSCE / CRTP / eCPPT CEH (with demonstrable hands-on experience) AZ-500 or AWS Security Specialty (for cloud VAPT experience) Growth Opportunities Foundational leadership role in a growing cybersecurity practice Clear path to grow into Practice Head or Principal Consultant Opportunity to shape tools, frameworks, and methodologies from the ground up Nice to Have Experience contributing to open-source or internal security tooling Familiarity with scripting or automation in Python, Bash, or PowerShell

We are hiring a hands-on Penetration Tester to lead and execute end-to-end security assessments across Web, Infrastructure, and Cloud environments. As the technical backbone of our lean and growing VAPT practice, you'll work closely with the Security Lead and directly engage with clients to deliver meaningful, high-impact security outcomes. Key Responsibilities: Perform manual and automated penetration testing across: Web Applications (based on OWASP Top 10) Infrastructure (external/internal IPs, firewall review, patch audits) Cloud Environments (basic Azure/AWS - IAM, Storage, Networking) Identify, exploit, and report on vulnerabilities such as SSRF, RCE, IDOR, LFI, and S3 bucket exposures Use tools such as Burp Suite, Nmap, SQLMap, Nikto, Nessus/OpenVAS Write high-quality, detailed technical reports with: Screenshots for PoCs Remediation guidance Risk severity scoring (preferably CVSSv3) Collaborate with clients to explain findings and provide actionable recommendations Contribute to toolchain improvements and lightweight automation (Python/Bash preferred) Requirements 3-6+ years of hands-on experience in at least 2 of the following areas: Web Application Penetration Testing (OWASP Top 10) Infrastructure VAPT (internal/external, firewall, patch validation) Basic Cloud VAPT (AWS or Azure: IAM, Storage, Networking) Proficiency in: Manual testing techniques, fuzzing, and exploitation Burp Suite (Community or Pro) Tools like Nmap, SQLMap, Nikto, Nessus/OpenVAS Strong understanding of common vulnerabilities and exploitation techniques Preferred Certifications CEH, eJPT, OSCP (or strong portfolio/proof of hands-on skill) AZ-500 or AWS Security Specialty (for cloud security exposure) Good to Have Familiarity with scripting for automation (Python, Bash) Exposure to CVSSv3 for vulnerability scoring Experience with Dradis, Excel-based reporting, or similar tools