62 Openvas Jobs - Page 3

We’re looking for a proactive DevOps Engineer with strong hands-on experience in managing CI/CD pipelines, cloud infrastructure (preferably AWS), containerized environments (Docker/Kubernetes), and system administration. The ideal candidate will be well-versed in monitoring, scripting, security best practices, and working in agile environments. This role demands someone who can not only build and maintain robust infrastructure but also collaborate across teams and support production environments. What You’ll Be Doing Undertake ongoing management, maintenance and administration activity of remote server(s) for clients. Attend, manage and rectify technical support queries belonging to active managed hosting services contracts. Work on performance tuning, package pulling/installation, updates patch management, network and server management issues. Managing helpdesk/tickets and technical support operations for all clients along with planning of scheduled maintenance where ever required. Learn new technologies and convert them into customer solutions. Achieve successful onboarding of new clients onto the hosting infrastructure. Streamline deployment processes with automation to faster and secure deployment Diagnosing, troubleshooting, and rectification of various system resources, software components, or other network infrastructure related problems. Manage dedicated & virtual servers environment onboarding setups and assist applications deployments as-well-as migration. Mentoring Network and IT team on various aspects and maintaining ongoing assistance for all vital priorities. Constantly improve security practices, deployment and automation methodologies Maintain Health check report of IT-Infrastructure, Break-down reports and other analytics as required by management. Accountable for compliance of ISO and other security standards What We’d Love To See CI/CD Tools: GitLab CI, Jenkins, GitHub Actions Infrastructure as Code (IaC): Terraform, CloudFormation Containers: Docker, Kubernetes (EKS, AKS, or GKE preferred) Cloud Platforms: AWS (EC2, RDS, S3, IAM, CloudWatch, ALB) Linux/Unix System Administration & Shell Scripting Monitoring & Logging: Site24x7, Prometheus, Grafana, New Relic, CloudWatch Scripting: Bash, Python (or similar scripting language) Source Control: Git (GitHub/GitLab/Bitbucket) DevSecOps tools (OWASP, OpenVAS, Trivy) Understanding of system uptime, backup strategies, and rollback processes It’d Be Great If You Had Any Certification related DevOps is a plus Experience with GCP or Azure platforms Prior exposure to client communication, especially over calls Ability to coordinate across multiple teams for resolving infrastructure issues Familiar with DevSecOps: secure CI/CD, scanning, secrets management, and infra hardening Deep understanding of high-availability infrastructure setups and disaster recovery strategies Hands-on with performance optimization and cost-efficient architecture on cloud platforms Show more Show less

We’re looking for a proactive DevOps Engineer with strong hands-on experience in managing CI/CD pipelines, cloud infrastructure (preferably AWS), containerized environments (Docker/Kubernetes), and system administration. The ideal candidate will be well-versed in monitoring, scripting, security best practices, and working in agile environments. This role demands someone who can not only build and maintain robust infrastructure but also collaborate across teams and support production environments. What You’ll Be Doing Undertake ongoing management, maintenance and administration activity of remote server(s) for clients. Attend, manage and rectify technical support queries belonging to active managed hosting services contracts. Work on performance tuning, package pulling/installation, updates patch management, network and server management issues. Managing helpdesk/tickets and technical support operations for all clients along with planning of scheduled maintenance where ever required. Learn new technologies and convert them into customer solutions. Achieve successful onboarding of new clients onto the hosting infrastructure. Streamline deployment processes with automation to faster and secure deployment Diagnosing, troubleshooting, and rectification of various system resources, software components, or other network infrastructure related problems. Manage dedicated & virtual servers environment onboarding setups and assist applications deployments as-well-as migration. Mentoring Network and IT team on various aspects and maintaining ongoing assistance for all vital priorities. Constantly improve security practices, deployment and automation methodologies Maintain Health check report of IT-Infrastructure, Break-down reports and other analytics as required by management. Accountable for compliance of ISO and other security standards What We’d Love To See CI/CD Tools: GitLab CI, Jenkins, GitHub Actions Infrastructure as Code (IaC): Terraform, CloudFormation Containers: Docker, Kubernetes (EKS, AKS, or GKE preferred) Cloud Platforms: AWS (EC2, RDS, S3, IAM, CloudWatch, ALB) Linux/Unix System Administration & Shell Scripting Monitoring & Logging: Site24x7, Prometheus, Grafana, New Relic, CloudWatch Scripting: Bash, Python (or similar scripting language) Source Control: Git (GitHub/GitLab/Bitbucket) DevSecOps tools (OWASP, OpenVAS, Trivy) Understanding of system uptime, backup strategies, and rollback processes It’d Be Great If You Had Any Certification related DevOps is a plus Experience with GCP or Azure platforms Prior exposure to client communication, especially over calls Ability to coordinate across multiple teams for resolving infrastructure issues Familiar with DevSecOps: secure CI/CD, scanning, secrets management, and infra hardening Deep understanding of high-availability infrastructure setups and disaster recovery strategies Hands-on with performance optimization and cost-efficient architecture on cloud platforms

Hi All, Greetings from Shivsys Softwares Pvt Ltd We are hiring for Product Security Engineer Role: Product Security Engineer Experience: 3+ Years Location: Noida Job Description: Security Specialist in areas of Security Vulnerability Assessment & Penetration Testing. Responsible for periodic assessment and implementation of remediation with the help of node owners. Job Key Tasks & Responsibilities: · Experience in developing trailored Vulnerability Assessment Profiles in collaboration with clients, outlining assessment scope, methodologies, risk assessment criteria, and reporting structures. · Have created and configured custom scan policies for vulnerability scanners, ensuring accurate, tailored scans to meet organizational needs and risk tolerance. · Configure scan policies for full network scans, application scans, compliance checks, and sensitive data exposure detection. · Performed both authenticated and unauthenticated scans across telecom networks and cloud environments (VNF, CNF). Troubleshooting and debugging scans. · Performed automated and manual scans against the CIS Benchmarks (e.g., CIS AWS Foundations, CIS Linux, CIS Windows) to ensure compliance with industry best practices. · Performed comprehensive risk triage by analyzing vulnerability reports, verifying false positives, and assigning accurate severity levels to vulnerabilities based on CVSS matrix. · Evaluate the impact of vulnerabilities and prioritize vulnerabilities based on CVSS scoring and considering exploitability in telecom environments (e.g., SS7, Diameter, GTP, VoIP, IoT, 5G). · Perform cloud-specific vulnerability assessments for containers and orchestration platforms (Docker, Kubernetes). · Provide remediation recommendations based on scan findings, including patching, work arounds, configuration hardening, and compensating controls. · Worked on remediation of non-compliant configurations and security issues based on CIS recommendations. · Experience in threat intelligence gathering to identify known exploits and determine the current exploitation risk of vulnerabilities (e.g., availability of exploit POC, exploit in wild). · Experience of working in ticketing tools i.e. ServiceNow, Jira. · Proficiency in Linux, Windows, and cloud security hardening. · Knowledge security frameworks and standards (e.g., NIST, ISO 27001, CIS) Experience & Certification: · Minimum 3+ years of relevant experience in a combination of security and operations technology jobs · Vulnerability Scanning tools: Nessus, Qualys, OpenVAS · Cloud Scanning Tools: Redhat ACS, Anchore, Trivy · Ticketing Systems: Jira, ServiceNow, Remedy Telecom Expertise: Telecom architecture(2G,3G,4G,5G), Nokia Nodes and functionalities You can also drop your CV at karan.prajapati@shivsys.com Show more Show less

🔐 Hiring Now: Senior SOC Analyst (SIEM | Threat Hunting | Incident Response) 📍 Location: Manesar, Haryana (Onsite | Government Sector Client) 📅 Join by: Immediate to Max 1 Month 🏢 Company: VVNT SEQUOR LLP, Noida 🛡️ About the Role VVNT SEQUOR is urgently hiring a Senior SOC Analyst with 8 –10 years of hands-on experience in SIEM, threat hunting, incident response , and L3/L4 security operations . This is a critical individual contributor role supporting a Government sector client at Manesar, where your cybersecurity expertise will help defend against real-world threats in a high-stakes environment. You’ll work with leading SIEM/EDR/SOAR platforms, conduct forensic investigations, and take the lead on proactive threat detection, containment, and post-incident analysis. 🧰 Key Responsibilities 🔍 Threat Monitoring & SIEM Operations Lead 24x7 SOC operations, monitoring alerts via ArcSight, Splunk, ELK Create and optimize correlation rules , use cases, and detection dashboards Leverage MITRE ATT&CK framework and threat intel feeds for advanced threat hunting 🚨 Incident Response & Forensics Coordinate incident lifecycle management and forensic investigations using CHFI techniques Analyze logs, memory dumps, and endpoint telemetry (EDRs like CrowdStrike, SentinelOne ) Conduct Root Cause Analysis (RCA) and post-incident reviews 🛡️ Vulnerability & Infrastructure Security Perform VAPT using Nessus, Qualys, OpenVAS, Metasploit, Burp Suite Manage security appliances – Firewalls (Palo Alto, FortiGate), WAF, IDS/IPS, Anti-DDoS Support compliance activities for ISO 27001, NIST CSF 🧠 Automation & Knowledge Sharing Integrate SOAR platforms and automate response playbooks (Python, PowerShell scripting) Lead security awareness programs (e.g., KnowBe4) and mentor junior SOC analysts 🧩 Who We’re Looking For 8–10 years in SOC & Security Operations with L3/L4 experience Deep working knowledge of SIEM, EDR, SOAR, forensic tools, threat modeling Strong skills in incident detection, investigation, containment, and RCA documentation Ability to handle escalations independently , acting as a technical leader on shift 🏆 Bonus Skills (Nice to Have) Certifications: CEH, CHFI, GCFA, GCIA, Security+, Splunk Certified Analyst Experience with Tripwire SCM, AWS GuardDuty, Azure Sentinel, TIPs Exposure to OT/ICS security , Red/Blue teaming, Purple teaming drills 📚 Tech Stack & Keywords (for AI & Job Portal Optimization) SOC Analyst | Threat Hunting | Incident Response | SIEM ArcSight Splunk | CHFI | CrowdStrike SentinelOne | SOAR | EDR | MITRE ATT&CK | L3/L4 Security Support | VAPT | Nessus Qualys | Firewall FortiGate PaloAlto | Burp Suite | RCA | ISO 27001 | NIST CSF | Python PowerShell Scripting | Government Sector Cybersecurity 🎯 Why Join VVNT SEQUOR? ✅ Lead mission-critical SOC operations for a Government Sector client ✅ Exposure to real-world threats and next-gen cyber tools ✅ Subsidized Cab + Lunch at client site ✅ Work in a fast-paced, hands-on, innovation-driven environment 📬 Apply Now 📩 Email: chaitali@vvntsequor.in parveen.arora@vvntsequor.in 📱 WhatsApp: +91-9891810196 +91-8802801739 📌 Please include : Updated Resume Last Drawn Salary Expected CTC Notice Period (Only Immediate or ≤1 Month) 📌 #SeniorSOCAnalyst #CybersecurityJobs #SIEM #ThreatHunting #IncidentResponse #L3L4Support #GovernmentCybersecurity #EDR #SplunkJobs #ArcSight #HiringNow #SecurityOperations Show more Show less

About the job Company Name: Helix Tech INC Job Title : Cyber Security / Networking Technical Expert Company Website: https://helixtechinc.com/ Location: Ahmedabad, Gujarat Shift: US Shift (Night Shift) Working Days: 5 Days working (Monday to Friday) Work From Office Only Requirements: Prepare the Candidates to crack Interviews with fortune 500 companies, help to improve their technical skills and mentor them, also evaluate them to identify areas for improvement. Conduct training and development assessment of candidates for different tools and technologies with real-time projects. Develops training and development programs and objectives. Obtains and /or develops effective training materials utilising a variety of media. Coordinate with candidates to provide the skills and knowledge in different tools and technologies. Create Plans, organise, and facilitate training for candidate development and training sessions. Required Skills: Bachelor’s degree in computer science, software engineering, or a similar field. Advanced knowledge of Cybersecurity technologies 3+ years of work experience in the above-mentioned area Experience in IT Project Management is a plus Knowledge of network technologies (Network, Firewall architecture) and Server operating systems Networking Protocols: TCP/IP, IPv4, VPN, HTTP, DNS, LAN/WAN, OSPF, BGP Security Tools: Nmap, Snort, TCPDUMP, Nessus, Wireshark, Core Impact, OpenVAS, HIDS/HIPS, SIEM, Active Directory, IDS, IPS, DNS, DHCP, Splunk, Burp suite, OWASP, SIM Tools, Vulnerability Scanning Job Types: Full-time, Permanent, Fresher, Internship Pay: ₹18,086.00 - ₹32,727.29 per month Benefits: Internet reimbursement Paid sick time Schedule: Fixed shift Monday to Friday Night shift US shift Supplemental Pay: Overtime pay Performance bonus Quarterly bonus Work Location: In person

Looking for a skilled & experienced freelance VA&PT Specialists to perform our VA&PT tasks. Candidate should have minimum 4 years of experience in VAPT roles and should capable to perform VA&PT Tasks independently, and can able to generate VAPT &, CAP reports. Independent VAPT consultants, or a small team of fascinating VAPT experts can apply as a single team. Key Responsibilities • Conduct Vulnerability Assessments using tools like Nessus, Qualys, OpenVAS • Perform Penetration Testing on web applications, networks, APIs, and mobile platforms • Simulate real-world attacks to uncover security gaps and provide actionable recommendations • Prepare detailed technical reports and executive summaries of findings • Collaborate with development, infrastructure, and security teams to address vulnerabilities • Stay updated on emerging threats, vulnerabilities, and attack techniques • Support compliance audits and security assessments (e.g., ISO 27001, PCI-DSS) Skill Set & Requirements • Minimum 4 years of hands-on experience in Red Teaming and VA&PT activities • Ability to independently handle on-call tasks, conduct VA&PT, and deliver comprehensive reports • Deep understanding of network protocols, web technologies, and operating systems • Proficient with tools like Burp Suite, Metasploit, Nmap, Wireshark, Nikto, etc. • Strong knowledge of OWASP Top 10, MITRE ATT&CK, and CVE databases How to Apply Send your CV to careers@isstechnologies.in with Job Code: CVPT4-0625 in the subject line. Show more Show less

Hi All, We are hiring for Product Security Engineer Greetings from Shivsys Softwares Pvt Ltd Role: Product Security Engineer Experience: 3+ Years Location: Noida Job Description: Security Specialist in areas of Security Vulnerability Assessment & Penetration Testing. Responsible for periodic assessment and implementation of remediation with the help of node owners. Job Key Tasks & Responsibilities: · Experience in developing tailored Vulnerability Assessment Profiles in collaboration with clients, outlining assessment scope, methodologies, risk assessment criteria, and reporting structures. · Have created and configured custom scan policies for vulnerability scanners, ensuring accurate, tailored scans to meet organizational needs and risk tolerance. · Configure scan policies for full network scans, application scans, compliance checks, and sensitive data exposure detection. · Performed both authenticated and unauthenticated scans across telecom networks and cloud environments (VNF, CNF). Troubleshooting and debugging scans. · Performed automated and manual scans against the CIS Benchmarks (e.g., CIS AWS Foundations, CIS Linux, CIS Windows) to ensure compliance with industry best practices. · Performed comprehensive risk triage by analyzing vulnerability reports, verifying false positives, and assigning accurate severity levels to vulnerabilities based on CVSS matrix. · Evaluate the impact of vulnerabilities and prioritize vulnerabilities based on CVSS scoring and considering exploitability in telecom environments (e.g., SS7, Diameter, GTP, VoIP, IoT, 5G). · Perform cloud-specific vulnerability assessments for containers and orchestration platforms (Docker, Kubernetes). · Provide remediation recommendations based on scan findings, including patching, workarounds, configuration hardening, and compensating controls. · Worked on remediation of non-compliant configurations and security issues based on CIS recommendations. · Experience in threat intelligence gathering to identify known exploits and determine the current exploitation risk of vulnerabilities (e.g., availability of exploit POC, exploit in wild). · Experience of working in ticketing tools i.e. ServiceNow, Jira. · Proficiency in Linux, Windows, and cloud security hardening. · Knowledge security frameworks and standards (e.g., NIST, ISO 27001, CIS) Experience & Certification: · Minimum 3+ years of relevant experience in a combination of security and operations technology jobs · Vulnerability Scanning tools: Nessus, Qualys, OpenVAS · Cloud Scanning Tools: Redhat ACS, Anchor, Trivy · Ticketing Systems: Jira, ServiceNow, Remedy Telecom Expertise: Telecom architecture(2G,3G,4G,5G), Nokia Nodes and functionalities You can also share your CV at karan.prajapati@shivsys.com Show more Show less

ECI is the leading global provider of managed services, cybersecurity, and business transformation for mid-market financial services organizations across the globe. From its unmatched range of services, ECI provides stability, security and improved business performance, freeing clients from technology concerns and enabling them to focus on running their businesses. More than 1,000 customers worldwide with over $3 trillion of assets under management put their trust in ECI. At ECI, we believe success is driven by passion and purpose. Our passion for technology is only surpassed by our commitment to empowering our employees around the world . The Opportunity: ECI has an exciting opportunity for a Senior Systems Escalation Engineer , who specializes in PowerShell scripting, Linux Bash scripting, and server/workstation troubleshooting. The ideal candidate will also take a proactive approach in addressing vulnerabilities across Windows and Linux environments, crafting and implementing remediation plans to ensure system security. This is an onsite role. What you will do: Key Responsibilities: Scripting and Automation: Develop, maintain, and optimize PowerShell scripts for Windows environments and Bash scripts for Linux systems to automate administrative and operational tasks. Troubleshooting: Diagnosing and resolve complex issues related to server and workstation patching, ensuring minimal downtime and quick recovery. Provide advanced-level technical support for both Windows and Linux systems. Vulnerability Management: Perform vulnerability assessments across Windows and Linux platforms to identify security risks. Create and implement vulnerability remediation plans to address identified risks promptly and effectively. Collaborate with IT and security teams to track remediation progress and ensure compliance with organizational policies. Patch Management: Analyze, test, and deploy patches for servers and workstations, addressing both functional and security requirements. Establish best practices for patching processes to reduce system vulnerabilities and enhance performance. Documentation: Prepare detailed documentation, including scripts, troubleshooting guides, vulnerability reports, and remediation action plans. Who you are: 7+ years of relevant experience in scripting, troubleshooting, and vulnerability remediation. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent work experience). Strong experience in PowerShell and Bash scripting for automation and troubleshooting purposes. In-depth knowledge of Windows and Linux systems, including server and workstation environments. Expertise in vulnerability assessment methodologies and tools (e.g., Nessus, Qualys, OpenVAS). Experience with patch management tools and techniques in enterprise environments. Ability to analyze system logs and provide actionable insights for remediation. Bonus points if you have: Excellent communication skills to work with cross-functional teams and present findings to stakeholders. ECI’s culture is all about connection - connection with our clients, our technology and most importantly with each other. In addition to working with an amazing team around the world, ECI also offers a competitive compensation package and so much more! If you believe you would be a great fit and are ready for your best job ever, we would like to hear from you! Love Your Job, Share Your Technology Passion, Create Your Future Here! Show more Show less

Job Title: Senior SOC Analyst (SIEM, Threat Hunting & Incident Response) Department: Cybersecurity & IT Risk Management Reports To: CISO / Director – Cybersecurity & GRC Location: Manesar, Haryana (On-site at Client Location) Employer: VVNT SEQUOR, Noida Summary: VVNT SEQUOR is hiring a Senior SOC Analyst to strengthen the cybersecurity posture of a leading client in Manesar, Haryana. This is a full-time on-site role requiring deep hands-on expertise in threat detection, incident response, SIEM management, and vulnerability assessments. As a senior member of the Security Operations Center (SOC), you will lead advanced threat-hunting efforts, optimize detection logic, and ensure rapid response to cybersecurity events. Your key responsibilities will include: Leading 24x7 SOC operations , threat monitoring, triage, and escalations using tools like ArcSight, Splunk, and ELK . Creating and fine-tuning correlation rules , dashboards, and playbooks to enhance detection capabilities. Executing proactive threat hunting using MITRE ATT&CK , EDR telemetry, threat intel feeds, and custom threat models. Coordinating and leading incident response , performing forensic investigations using CHFI methodologies , memory analysis, and endpoint data. Performing and overseeing Vulnerability Assessment & Penetration Testing (VAPT) using Nessus, Qualys, OpenVAS, Metasploit , and Burp Suite . Managing EDR and SOAR platforms , integrating automated responses and threat intelligence feeds. Administering and securing firewalls (FortiGate, Palo Alto), WAFs, IDS/IPS, and Anti-DDoS infrastructure. Maintaining compliance with ISO 27001, NIST CSF, and internal security baselines , conducting regular audits and patch validations. Documenting Root Cause Analyses (RCA) , incident timelines, and post-incident review reports. Leading security awareness programs (e.g., KnowBe4) and mentoring junior analysts. We are looking for someone with: Bachelor's degree in Cybersecurity, Information Security, or related field. 7–9 years of SOC and cybersecurity operations experience. Strong knowledge of SIEMs (e.g., ArcSight, Splunk), EDRs (CrowdStrike, SentinelOne) , and log correlation techniques . Proven skills in threat analysis, IOC handling, malware analysis , and incident lifecycle management . Working experience with security automation (SOAR) and scripting (e.g., Python, PowerShell) for response actions. Solid understanding of MITRE ATT&CK, NIST 800-61, OWASP Top 10 , and compliance mandates . Proven experience in writing technical incident reports, security playbooks, and conducting RCA. Bonus points for: Certifications like CEH, CHFI, Security+, GCIA, GCFA, Splunk Certified Analyst, PCNSE . Experience with Tripwire SCM, KnowBe4 , or cloud-native security tools (AWS GuardDuty, Azure Sentinel). Exposure to OT/ICS security , manufacturing, or automotive environments. Familiarity with Purple Teaming, Red Team/Blue Team drills , and Threat Intelligence Platforms (TIPs) . Why join VVNT SEQUOR? Lead and influence real-time SOC strategies for a mission-critical enterprise. Gain hands-on experience with top-tier cybersecurity technologies and threat landscapes. Subsidized Cab and Lunch facilities at client site. Work in a client-focused, innovation-driven cybersecurity environment. To Apply: Please submit your resume along with the cover letter to chaitali@vvntsequor.in or parveen.arora@vvntsequor.in Also, you can connect over WhatsApp +91-9891810196 or +91-8802801739 IMPORTANT: Do mention clearly to Job Role that you are applying for along with your Last Salary Drawn information as well as your Earliest Joining Date in your covering letter or email. Show more Show less

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Vulnerability Assessment Specialist is a seasoned subject matter expert, responsible for conducting advanced vulnerability assessments, identifying vulnerabilities, and provides expert recommendations to mitigate security risks to ensure the security and integrity of the organization's systems and infrastructure. This role requires collaboration with cross-functional teams, and they lead/perform vulnerability assessments, analyze findings, and provide recommendations to mitigate security risks and contributes to the improvement of vulnerability management practices. What You'll Be Doing Key Responsibilities: Conducts vulnerability assessments using automated scanning tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Conducts penetration tests using automated tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and prioritizes vulnerabilities based on severity, impact, and exploitability. Assesses the potential risks associated with identified vulnerabilities. Analyzes the business impact, likelihood of exploitation, and potential attack vectors to prioritize remediation efforts based on risk severity. Provides detailed remediation recommendations to system owners, administrators, and IT teams. Collaborates to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Utilizes vulnerability scanning tools such as Nessus, OpenVAS, Qualys, or similar tools to conduct scans, configure scan policies, and fine-tune scan parameters for accurate and comprehensive assessments. Utilizes penetration testing tools such as Metasploit, Burp Suite, and similar tools to conduct tests, configure test policies, and fine-tune test parameters for accurate and comprehensive assessments. Prepares vulnerability assessment reports, documenting assessment findings, risk analysis, and recommended actions. Communicates assessment results to stakeholders, including technical and non-technical audiences, in a clear and concise manner. Collaborates with cross-functional teams, including IT operations, development teams, and security stakeholders, to ensure effective communication, coordination, and alignment on vulnerability management efforts. Communicates technical concepts and recommendations to non-technical stakeholders. Participates in security awareness programs and provides training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene. Promotes a culture of security awareness within the organization. Collaborates with incident response teams to identify and address vulnerabilities associated with security incidents. Provides support during incident response efforts and contribute to post-incident analysis and remediation. Stays updated with the latest security trends, emerging vulnerabilities, and industry best practices. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Shares knowledge and provides guidance to improve vulnerability management practices. Shares knowledge and provides guidance to improve penetration testing practices. Contributes to open source security projects and the security community. Performs any other related task as required. Knowledge and Attributes: Seasoned understanding of vulnerability assessment methodologies, tools, and industry best practices. Seasoned understanding of penetration testing methodologies, tools, and industry best practices. Seasoned understanding of networking concepts, operating systems, and common software vulnerabilities. Solid proficiency in using vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Solid proficiency in using penetration testing tools such as Metasploit, Burp Suite, and similar tools. Seasoned knowledge of risk analysis principles and the ability to assess the business impact of vulnerabilities. Solid knowledge of vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Strong analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend effective remediation actions. Excellent written and verbal communication skills to prepare vulnerability assessment reports and effectively communicate technical information to diverse stakeholders. Excellent collaboration and teamwork skills to work effectively with cross-functional teams and stakeholders. Seasoned familiarity with security frameworks, standards, and regulatory compliance requirements. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP) GIAC Penetration Tester (GPEN) or GIAC Certified Vulnerability Assessor (GCVA) are beneficial. Required Experience: Seasoned demonstrated experience in information security or related roles, with a focus on conducting vulnerability assessments and providing remediation recommendations. Seasoned demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, network security assessments, penetration testing, or code review. Experience in bug bounty programs and identifying zero-day vulnerabilities is a plus. Workplace type: Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today. Show more Show less

Role: Product Security Engineer Experience: 3+ Years Location: Noida Job Description: Security Specialist in areas of Security Vulnerability Assessment & Penetration Testing. Responsible for periodic assessment and implementation of remediation with the help of node owners. Job Key Tasks & Responsibilities: · Experience in developing trailored Vulnerability Assessment Profiles in collaboration with clients, outlining assessment scope, methodologies, risk assessment criteria, and reporting structures. · Have created and configured custom scan policies for vulnerability scanners, ensuring accurate, tailored scans to meet organizational needs and risk tolerance. · Configure scan policies for full network scans, application scans, compliance checks, and sensitive data exposure detection. · Performed both authenticated and unauthenticated scans across telecom networks and cloud environments (VNF, CNF). Troubleshooting and debugging scans. · Performed automated and manual scans against the CIS Benchmarks (e.g., CIS AWS Foundations, CIS Linux, CIS Windows) to ensure compliance with industry best practices. · Performed comprehensive risk triage by analyzing vulnerability reports, verifying false positives, and assigning accurate severity levels to vulnerabilities based on CVSS matrix. · Evaluate the impact of vulnerabilities and prioritize vulnerabilities based on CVSS scoring and considering exploitability in telecom environments (e.g., SS7, Diameter, GTP, VoIP, IoT, 5G). · Perform cloud-specific vulnerability assessments for containers and orchestration platforms (Docker, Kubernetes). · Provide remediation recommendations based on scan findings, including patching, work arounds, configuration hardening, and compensating controls. · Worked on remediation of non-compliant configurations and security issues based on CIS recommendations. · Experience in threat intelligence gathering to identify known exploits and determine the current exploitation risk of vulnerabilities (e.g., availability of exploit POC, exploit in wild). · Experience of working in ticketing tools i.e. ServiceNow, Jira. · Proficiency in Linux, Windows, and cloud security hardening. · Knowledge security frameworks and standards (e.g., NIST, ISO 27001, CIS) Experience & Certification: · Minimum 3+ years of relevant experience in a combination of security and operations technology jobs · Vulnerability Scanning tools: Nessus, Qualys, OpenVAS · Cloud Scanning Tools: Redhat ACS, Anchore, Trivy · Ticketing Systems: Jira, ServiceNow, Remedy Telecom Expertise: Telecom architecture(2G,3G,4G,5G), Nokia Nodes and functionalities Show more Show less

What you’ll do Typical daily work will consist of planning and performing penetration tests on cloud-based and on-premises infra & applications to identify security weaknesses and loopholes Support the penetration testing lifecycle—from information gathering and vulnerability scanning to manual exploitation and documentation Collaborate closely with the vulnerability management team to validate exploitable vulnerabilities and help prioritize remediation Collaborate with infra owners, developers, business teams to understand applications and infrastructure and provide practical, remediation-focused security advice Help create clear, actionable penetration testing reports including proof-of-concept, risk ratings, and remediation guidance Developing and testing custom exploits to demonstrate vulnerabilities and assess the potential impact on systems Conduct comprehensive cloud penetration tests targeting AWS, Azure, GCP to identify and exploit misconfigurations, insecure interfaces, and vulnerabilities in cloud services and applications Regularly review and enhance penetration testing methodologies and practices to adapt to evolving threats and technologies Participate in internal security knowledge-sharing sessions and team meetings to learn from senior testers and share discoveries What you’ll bring Strong foundational understanding of information security principles Familiarity with tools such as Nmap, Burp Suite, OWASP ZAP, Nikto (Web/App Testing) Nessus, OpenVAS, Kali Linux (Infrastructure Scanning), and Metasploit (for controlled exploit validation) Basic Knowledge of OWASP Top 10 web application vulnerabilities Common infrastructure weaknesses (e.g., SMB, RDP, DNS, FTP, SMTP issues) Authentication and access control issues A deep interest in Cyber Security and a drive to learn about penetration testing skills through hands-on practice, research, and community engagement Comfort working in command-line environments (Linux shells, Windows CMD/PowerShell) for reconnaissance and exploitation. Strong analytical and problem-solving mindset , with the ability to break down complex problems and think creatively Eagerness to learn from real-world engagements and senior team members, with a growth mindset and a proactive approach to developing technical depth and practical experience Familiarity with secure communication protocols (e.g., HTTPS, SSH, VPNs) and how insecure configurations can be exploited Good verbal and written communication skills to clearly explain technical concepts and document findings Passion for cybersecurity, demonstrated through CTF participation, cybersecurity clubs, academic projects , personal labs, or platforms like Hack the Box, TryHackMe, or OverTheWire Good to have skills and abilities Completion of relevant cybersecurity coursework or certifications Basic scripting in Python, Bash, or PowerShell for automating tasks or building internal tools Understanding of web application architecture (client-server model, HTTP protocol, APIs) Awareness of vulnerability disclosure platforms (e.g., CVE database) and responsible reporting practices Basic Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System used for scoring vulnerabilities Academic Qualifications Bachelor’s degree in computer science/management of computer information/Cybersecurity 0-2 years of Penetration Testing / Red-Teaming / Offensive Security Must have Security CertificationsOSCP / CREST / GPEN / HTB-CPTS Security CertificationsCRTP/CARTP, CRTE, CRTO (I & II), OSEP, OSED, GRTP Cloud CertificationsAWS CLP, AWS Security Specialty