120 Oscp Jobs

Qualcomm India Private Limited is seeking a dedicated individual to join the Information Technology Group as part of the Cyber Security Engineering team. As a member of this team, you will play a crucial role in supporting 24x7 operations, which may involve working night and weekend shifts on a rotational basis to meet the organization's business requirements. Your primary responsibilities will include monitoring and triaging security events received by the SOC/CDC from various sources such as social engineering attacks, malware, DDoS, data exfiltration, ransomware, among others. You will be expected to follow standard operating procedures to triage events for the first 20 minutes, engaging Tier2 for further assistance as needed. Utilizing Orchestration tool workflows and knowledge base, you will analyze security event and incident data, update the Ticketing system promptly, and communicate with stakeholders to provide recommendations on mitigation and prevention techniques. In this role, you will work closely with Tier3 teams, escalate security events in a timely manner, stay updated on new Use Cases and process changes, and actively participate in brown bag sessions. The ideal candidate should possess a good understanding of current and emerging security threats and technologies, along with strong proficiency in security event investigations and excellent written and verbal communication skills in English. Prior experience in 24x7 SOC or CDC operations is preferred, along with a Bachelor's or Master's degree in Computer Sciences or Cyber Security. Qualifications for this position include 3-5 years of experience working with a SIEM tool, a solid background in security incident response and system operations, and certifications such as CEH, Security+, OSCP, or other industry-relevant cyber-security certifications. Knowledge of ITIL V3.0 is considered a plus. Minimum qualifications consist of a Bachelor's degree in Engineering, Information Systems, Computer Science, or a related field along with 2+ years of cybersecurity-relevant work experience. Alternatively, a High school diploma or equivalent with 4+ years of relevant work experience is also acceptable. If you are an individual with a disability requiring accommodations during the application/hiring process, please contact Qualcomm at disability-accommodations@qualcomm.com. Qualcomm is dedicated to providing a supportive and accessible process for all individuals. As an equal opportunity employer, Qualcomm expects all employees to adhere to applicable policies and procedures, including those related to the protection of confidential information. Staffing and recruiting agencies are advised not to submit profiles, applications, or resumes through Qualcomm's Careers Site, as unsolicited submissions will not be considered. For more information about this exciting opportunity, please reach out to Qualcomm Careers.,

Knowledge of scripting languages (Perl, Python, HTML, Java, Shell). Hands-on experience in dynamic analysis, container testing, fuzzing, OWASP top 10 and vulnerability scanning if have any certificate ( CEH, ethical hacking

Conduct comprehensive penetration testing of networks, web applications, mobile applications, and other systems to identify security vulnerabilities. Perform vulnerability assessments and provide detailed recommendations for remediation. Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP, MITRE ATT&CK etc. Strong knowledge of common security vulnerabilities, attack vectors, threat modelling and exploitation techniques. Proficiency in using penetration testing tools and frameworks such as Nessus, Burp Suite, Nmap, and other ethical hacking tools. Strong understanding of network protocols, network and application security architectures, and common vulnerabilities (e.g., OWASP Top Ten). Prepare detailed reports of findings, including risk analysis and recommended mitigations, and present these findings to stakeholders. Stay current with emerging security threats, vulnerabilities, and technology trends, and apply this knowledge to improve our security posture. Understanding of component/system architectures in IT and OT environments. Understanding and evaluation of security testing methods. Knowledge of typical industrial protocols (e.g., Modbus, Profinet, OPC, DNP3.0, CAN) Excellent communication skills, with the ability to clearly articulate technical findings and recommendations to both technical and non-technical audiences Source code review for control flow and security flaws IEC 62443 Standard plus at least one of: ISO/IEC 27001 IEC 61508 NIST CSF IEC 61162-460:2024 Proficient in developing VAPT documentation and methodologies specifically aligned with IEC 61162-460:2024 for maritime navigation and radiocommunication equipment cybersecurity. Automotive Vehicle Testing Support Skilled in providing cybersecurity testing support for automotive vehicles , including VAPT of ECUs and in-vehicle networks , threat modeling , and ensuring compliance with industry standards like ISO/SAE 21434. Roles and Responsibilities Min. one professional certification such as Certified Ethical Hacker (CEH), ISA/IEC 62443, OSCP or certified Penetration Tester preferred. Min 2–5 years of experience performing security testing on Industrial control system components like IOT devices, PLCs, SCADA, IIOT devices etc. Familiarity with operating systems (Windows, Linux) and their security features. Excellent problem-solving skills and the ability to think critically to identify and address security issues. Strong verbal and written communication skills, with the ability to document and present technical information to both technical and non-technical audiences. Perform and report on penetration testing of systems, including cloud, NIST 800-53 CA-8 security control and using methodologies that may include, NIST SP 800-115, IEC 62243, PTES, and Information Systems Security Assessment Framework (ISSAF). Develop and maintain up-to-date knowledge of security testing tools and techniques. Contribute to the development and maintenance of security testing methodologies and procedures. Team Collaboration and Training Collaborate with other members of the security team to develop and maintain security policies, procedures, and standards

At EY, you will have the opportunity to shape your future with confidence by joining a globally connected powerhouse of diverse teams. As part of our highly successful Cyber Security team, we are currently seeking Security Architects with varying levels of experience. Whether you are considering a career change now or in the future, we invite you to connect with us and explore this exciting opportunity to contribute to building a better working world. As a Security Architect at EY, you will play a crucial role in leading the implementation of security solutions for our clients. You will work alongside an international team of specialists to address complex information security needs and enhance our clients" business resilience. Your responsibilities will include designing security solutions, developing security policies and guidelines, evaluating existing security controls, and collaborating with stakeholders to ensure effective security measures are in place. To excel in this role, you must possess expert-level knowledge in technical IT security domains such as infrastructure, networks, databases, security monitoring, and cloud security. Additionally, you should have experience in assessing solution architectures for security issues, managing multiple stakeholders, and implementing security vulnerability remediation strategies. Industry certifications such as CISSP, CISA, CISM, and experience in areas like Cyber Threat Management, Identity & Access Management, and Data Protection will be advantageous. To qualify for this role, you should have 8-10 years of professional experience in cyber security consulting, strong project management skills, and advanced communication abilities. While technical skills are essential, we value candidates who demonstrate strong interpersonal skills, relationship-building capabilities, and a commitment to delivering excellence in client service. Joining EY offers you the opportunity to work on inspiring projects, receive support and coaching from engaging colleagues, and develop new skills to progress your career. You will be part of a diverse and interdisciplinary environment that promotes knowledge exchange and emphasizes high quality in all endeavors. At EY, you will have the freedom and flexibility to shape your role in a way that suits you best, supported by a culture that values individual growth and personal development. If you are looking to be part of a market-leading team of professionals, collaborate with leading businesses globally, and contribute to building a better working world, we invite you to explore the exciting opportunities available at EY.,

As part of its mission to detect and monitor vulnerabilities of all Safran' systems exposed over the Internet, the cybersecurity team of the Digital and Information System Department needs to reinforce its vulnerability assessment team. The objective of the job is to detect vulnerabilities affecting Safran's assets exposed on the internet in order to reduce the attack surface . By using a scalable means of continuously monitoring, you will identify risky elements and define efficient remedial action. Role & responsibilities Assets Discovery: - Use ASM platform to discover and continuously monitor Safran's technical assets exposed on the Internet. - Follow the evolution of these assets over time - Complete inventory of Safran's internet assets Vulnerability assessment: - Detect Vulnerabilities and policy violations - Evaluate supplier risk and assess the security of acquired companies. - Identify critical vulnerabilities in assets that cyber attackers could exploit - Investigate and recommend appropriate corrective actions - Detect false positive using tools or manual methods - Directly report to operational team when a vulnerability is detected - Review escalated cases until closure Vulnerability reporting: - Ensure an appropriate reporting - Prepare meetings and draw reports - Monthly meetings with different stakeholders (with operational teams, CISO, cybersecurity team) Preferred candidate profile Cortex Xpanse - Attack Surface Management platform. SecurityScorecard - Security Ratings & Cybersecurity Risk platform

Job Summary This role encompasses a broad range of security responsibilities, including advanced offensive security operations, application security reviews, secure code reviews, and implementation of the Secure Software Development Lifecycle (SSDLC). The successful candidate will simulate sophisticated attacks, conduct secure code reviews, and contribute to the development of security tools. Responsibilities also include ensuring cloud security and Kubernetes security. The ideal candidate will possess the ability to conduct offensive security operations and apply their expertise to application security. They will perform threat modeling exercises with an attacker's mindset, leveraging their experience in bug bounty programs and red teaming simulations. The candidate will implement mitigations at the code level and support the Blue Team in improving detection capabilities using SIEM tools. This role requires a unique blend of skills and knowledge across multiple security domains. Job Requirements • Conduct Red Team exercises, simulating APTs in cloud, container, and AD environments. • Develop and execute adversary simulations based on the MITRE ATT&CK framework, focusing on assume breach scenarios. • Simulate attacks on software supply chains and CI/CD pipelines. • Perform in-depth penetration testing (both black-box and white-box) for web applications, APIs, and networks. • Conduct secure code reviews in collaboration with development teams to identify, exploit and implement mitigations on code level. • Integrate security tools and practices into the CI/CD pipeline, emphasizing DevSecOps methodologies. • Conduct threat modeling, design, and architectural reviews to identify potential security risks in the software development lifecycle. • Provide security guidance to development teams, assisting in risk mitigation and secure development practices. • Collaborate with the Blue Team to improve detection capabilities and test defensive measures. • Utilize SIEM tools for incident detection and response, providing insights to enhance monitoring and alerting mechanisms. • Develop and maintain custom security tools and frameworks to automate security testing and monitoring. • Stay informed about emerging threats, attack techniques, and security technologies. Education • Bachelor’s degree in computer science, information security, or a related field (or equivalent experience). • At least 4+ years of experience in offensive security and Application security. • Proven experience in offensive security, with a strong understanding of attack vectors and techniques. • Relevant certifications such as OSWE, OSCP, CRTO, or similar. • Significant contributions to security through Bug bounty programs, CVEs or recognized security research. • Recognized public acknowledgments in security research. • Experience with scripting or programming languages like Python, Go, or Ruby for developing custom attack tools/exploits. • Familiarity with CI/CD tools such as GitHub Actions, Jenkins, or TeamCity. • Knowledge of security practices of cloud computing platforms like AWS, Azure, GCP, as well as k8s.

Support asset development, process establishment. Conducting application security assessments (web, mobile, web service, Infra etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and/or code review tools such as HCL AppScan/HP Fortify or CMx. We expect candidate to have experience doing similar assessments, candidate can be trained on any proprietary assessment methodology. Mandatory: 5+ years of strong Application Security experience in S-SDLC Code Review, Vulnerability Assessment, Penetration Testing. Web Service/API security testing Hands on experience into Mobile application Security Android/iOS - reverse engineering/memory analysis etc. Security tool experience - HCLAppScan/CheckMarx/Fortify/Veracode/Burp Suite Good exposure on penetration testing. Good to have one of the given certifications - OSCP/GPEN/GWAPT/CSSLP etc. Independent global client handling AppSec delivery exposure. >=2 years. Excellent interpersonal skill.

Cloud Security Architecture : - Asses, help in design and development of AWS, Azure and AWS security architectures for protecting PII/PCI data deployed into different types of cloud and cloud/hybrid systems. - Improve the security around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). - Work part of Cyber team for Enterprise Security for other Technology teams and Vendors within the organisation for all matters related to cloud security. - Implement NIST framework on cloud-native architectures to mitigate the risk to Organisation PII, PCI data and with appropriate security controls present. - SSDLC Embed Security practices in development and implementation of the overall enterprise cloud architecture to ensure Secure Software Development Lifecycle. - Enhance/redesign existing cyber standards in partnership with Engineering, Infrastructure Services, and Application Development. - Act as the ambassador and senior technical representative to Lead initiatives designed to share knowledge across Security Platforms and/or Technology teams, identify, recommend, coordinate and deliver timely knowledge to support teams regarding technologies, processes or tools. - Ensures the effective translation of the security architecture is implemented into the solutions. - Assist to evaluate all the new initiatives/solutions (including Cloud) with the design recommendations and work with project managers and architects during implementation. - SAP GRC / AC 12 experience is good to have. New Technology & Risks : - Evaluate and recommend tools and solutions to enhance the security posture of the Enterprise. - Maintain contact with vendors regarding security system updates and technical support of security products. - Perform cost-benefit and risk analysisAnalyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks. Measures of Success : - Product/services are cyber compliant and risk reduced to minimal or zero. - Successful implementation/ adoption of any new solution, technology or framework. - Timely and inbudget delivery of security projects specifications within time and budget. Technical Skills / Experience / Certifications : - CCSP certification is mandatory, Any among like TOGAF, SABSA, OSCP or python certification is preferred. - Knowledge of enterprise IT Systems, infrastructure and security technologies. - Knowledge of Information Security Standards like ISO 27001, PCI-DSS, NIST CSF, CSA framework etc. - Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc. - Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.) preferred. - Experience architecting solutions within Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), VMware NSX, Oracle etc. - Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes such as secure software development, Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments. - Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies. - Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies. - SAP GRC / AC 12 experience is good to have.

As a Security Testing professional at Lexmark India, you will be part of a dynamic team dedicated to ensuring the security of our software products. You will have the opportunity to utilize your technical expertise to conduct web application security assessments and penetration tests. Your role will involve assessing applications for various security issues such as Authentication, Authorization, User management, Session management, Data validation, and common attacks like SQL injection, Cross-site scripting, and Command injection. Additionally, you will evaluate the security aspects of Web Services design and implementation, focusing on confidentiality, integrity, trust relationships, and authentication using security standards like XML signatures, XML encryption, SAML, and WS-Security. Your responsibilities will extend to thick client assessment, writing formal security assessment reports, and participating in client conference calls for data gathering and technical issue advisory. To excel in this role, you should possess hands-on experience with tools like Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Openssl, Mallory, Wireshark, and have familiarity with mobile application development and assessment for platforms such as iOS, Android, and Windows. Knowledge of web application development languages like C#, Java, PHP, ASP.NET, scripting languages like Python, JavaScript, Ruby, SQL, and reviewing code in languages such as C, C++, Java, PHP, C#, ASP.NET, Go is essential. Moreover, expertise in automated source code analysis tools like Acunetix, Appscan, and certifications such as OSCP or CEH will be advantageous. Proficiency in version control software like git and Subversion, along with a demonstration of Lexmark core values including Innovation, Excellence, Agility, Integrity, Community, and Respect, will further enhance your suitability for this role. If you are a self-starter with a strong aptitude, analytical skills, and a passion for technology, and have 3 to 5 years of application security testing experience, then we encourage you to apply for this exciting opportunity with Lexmark India. Join us in our mission to deliver first-class products and solutions to our global customers. Apply now and showcase your innovative spirit with a renowned technology leader.,

Greetings potential candidate, We are looking for a Security Assessment & Compliance Specialist with 3-6 years of experience to join our team at Netsach, a Cyber Security Company based in Dubai. As a Security Threat Assessment & Compliance Specialist, you will be responsible for conducting testing on bank installations using focused threat-based methodologies to identify vulnerabilities, enhance Cyber readiness, and ensure security controls and system configurations adhere to compliance standards. Your role will involve collecting open source intelligence on threats, developing Cyber assessment plans, assessing The bank group installations & controls, and providing insight on IT technology assets. Key Responsibilities: - Conduct testing on bank installations using threat-based methodologies - Identify, expose, and exploit vulnerabilities to enhance Cyber readiness - Review security controls and system configurations to ensure compliance - Collect open source intelligence on threats and vulnerabilities - Develop Cyber assessment plans and conduct assessment tests - Ensure threat controls and systems are appropriately configured - Identify and track IT risks and remediate gaps through operational activities - Provide threat activity reporting and insight on IT technology assets - Manage ad-hoc review and reporting requests from stakeholders Requirements: - Bachelor's or Master's degree in Computer Science, Mathematics, or related field - Master's Degree in Business Management or equivalent - Certifications such as CISSP, OSCP, OSCE, CREST, GPEN, SANS GWAPT - 3-5 years of experience in technical Cyber security - Proficiency in Bash scripting, Perl, Python, and Machine Learning frameworks - Experience with malware scanning tools and mobile digitization platforms - Familiarity with threat modeling frameworks such as STRIDE, PASTA, and VAST - Knowledge of Cloud, DBMS, Containerization Technologies, and Microservices/API architecture - Strong technical background covering heterogeneous technologies and multiple security domains - Deep experience in vulnerability assessment, threat evaluation, and mitigation recommendations - Extensive experience with Security scanning solutions like Tenable Security Center, Tripwire, Rapid Scan, Qualys - Ability to integrate open source frameworks and solutions for unified reporting If you meet the above requirements and are passionate about Cybersecurity, we would love to hear from you. Join us in our mission to enhance Cyber readiness and ensure compliance in the banking sector. Thank you, Emily Jha emily@netsach.co.in,

Role & responsibilities Bachelor of Science/Engineering in cyber security, computer science or a related engineering discipline 14+ years of product cyber security engineering and software systems development experience; at least 2 years hands-on experience with penetration testing methodologies and tools. In depth knowledge of IEC 62443 and related cybersecurity standards. In-depth knowledge of requirements captures, cyber security threat modeling and systematic discovery of threats, as part of Secure Development Lifecycle, with broad understanding of potential vulnerabilities at different layers of hierarchical systems Cyber security certifications such as OSCP, GSEC, CEH Knowledge of state-of-the-art security analysis tools and various product cyber security safeguards. These include threat modeling, source code analysis, dynamic analysis, penetration testing and audit/compliance tools Excellent written and verbal communication and presentation skills. Adept at communicating with globally disperse cross functional teams. (Preferred) Strong knowledge in various cryptographic systems and requirements for authentication, authorization and encryption for various types of systems (Preferred) Intimate knowledge and experience with incident response management and risk assessment

As a Deputy Manager in VAPT & Governance at our Consulting firm in Navi Mumbai, you will be responsible for leading and managing VAPT projects for our BFS clients. Your role will involve scoping, executing, reporting, and tracking remediation of these projects. Additionally, you will deliver technical and governance-driven security assessments across various environments such as infrastructure, applications, cloud, and network. Your expertise in security governance frameworks, controls, and compliance (including RBI, ISO 27001, NIST, etc.) will be crucial in this role. You will play a key part in reviewing and developing security policies, procedures, and risk assessment frameworks. Collaborating with cross-functional teams and managing client relationships will be essential to ensure successful project outcomes. Timely reporting and communication of critical findings to stakeholders will also be part of your responsibilities. Moreover, you will have the opportunity to mentor junior team members and contribute to the development of our practice. To excel in this role, you should hold a Bachelors or Masters degree in IT, Cybersecurity, or a related field. Possessing relevant certifications such as OSCP, CEH, CISA, or CISSP would be advantageous. Your extensive consulting experience in the Banking and Financial Services industry, along with strong hands-on knowledge of VAPT tools and methodologies, will be highly valued. A deep understanding of governance, risk, and compliance specific to the BFSI sector is essential. Excellent presentation, reporting, and client communication skills are also necessary for success in this position.,

Senior SOC Eng to lead incident response, threat detection & automation initiatives for Rocket EMS's globl security operatn. SIEM/SOAR optimization, advanced threat hunting & direct response to cyberattacks across endpoints, cloud & identity systems.

Dear Candidate, Greetings from Northern Trust! Northern Trust is currently having an exciting vacancy of Associate, Cyber Security position for our Pune location. Your profile seems to be matching the requirement. Please find below the company and job details for your reference Company Details: Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889. Northern Trust is proud to provide innovative financial services and guidance to the worlds most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the worlds most sophisticated clients using leading technology and exceptional service. Job Role: Associate, Cyber Security Job Location: Pune Experience: 4 to 8 years Skills: Security operations, Offensive Security, ServiceNow, OSCP Job Description: Role/ Department: The Purple Team Analyst will work as part of the wider Global Threat Management team in the continuous development of the cyber operations program. The purple team will work very closely with The Global Threat Management Team. The Global Threat Management Team is responsible for vulnerability management, threat technology management and security monitoring. The key responsibilities of the role include: Working with the wider technology teams to improve technology hygiene and reduce the attack surface. Design and run exercise campaigns based on industry specific threat intelligence and vulnerabilities. Provide continuous learning and training opportunities for the Global Threat Management team as a result of continuous exercise campaigns. Act as an integral driver of the cyber operations development programme, benchmarking results against industry standard frameworks including MITRE and NIST. Configure and safely utilize attack tools, tactics, and procedures against a simulation lap. Develop scripts, tools, or methodologies to enhance purple teaming capabilities. Help to execute the Purple Team strategy to further enhance the security posture of the firm. Effectively communicate findings and strategy to stakeholders including technical staff, executive leadership. Skills/ Qualifications: Relevant experience in information security and adversary simulation. Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques and procedures used by cyber adversaries, specifically those targeting the financial services sector. Experience in large scale information technology implementations and operations preferred. Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN. Proficient in exploitation and post exploitation frameworks such as Cobalt Strike, Metasploit Framework, Empire. Proficient in one or more of the following scripting languages (Python, PowerShell, Bash, Ruby) Advanced knowledge of Windows Operating System architecture and internals. Strong knowledge of core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses, and filesystems. If you are interested to pursue this opportunity further, kindly respond back with your resume and details at the earliest. Regards, Northern Trust Talent Acquisition Team

As a Vulnerability Analyst I at our company, you will be part of the Vulnerability Management team, which consists of skilled professionals dedicated to conducting security testing of Mastercard applications and networks. Your role involves hands-on application security testing, collaborating with a diverse team, and ensuring all security tests are conducted within the established framework. Your responsibilities will include conducting security tests on web and mobile applications, using appropriate test cases and tools, providing guidance to development teams on identified vulnerabilities, and implementing improvements in the security testing domain. You will also coordinate with application development teams, work with a global team, and ensure a seamless testing and reporting experience. To excel in this role, you should have a proven track record in application security testing, possess strong communication and collaboration skills, and demonstrate problem-solving abilities. It is essential to be familiar with the full scope of Secure Software Development Life Cycle (S-SDLC) and hold certifications such as OSCP or SANS GMOB, ESCA, or equivalent. Experience in Cloud-based application testing or Bug Bounty programs will be advantageous. As part of our corporate security responsibility, you are expected to adhere to Mastercard's security policies, maintain the confidentiality and integrity of accessed information, report any security violations, and participate in mandatory security trainings. Join us in our mission to create a sustainable world that unlocks endless possibilities across the globe.,

Conduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabilities. Stay Updated: Keeping abreast of the latest security threats, vulnerabilities, and industry best practices. Test Various Application Types: Performing security assessments on web applications, mobile applications, APIs (REST, SOAP, XML, JSON), and potentially cloud-based services. Understand Security Standards and Frameworks: Familiarity with OWASP, NIST, ISO 27001, PCI DSS, and other relevant standards is crucial. Use Security Testing Tools: Proficiency in tools like Burp Suite, OWASP ZAP, Nmap, Nessus, AppScan, Acunetix, Veracode, CheckMarx, etc. Responsibilities: The responsibilities cover the full range of testing work, from websites, mobile apps, and infrastructure testing to social engineering. In this role, the candidate is expected to: test software and hosted platforms, to identify vulnerabilities Carry out penetration testing of web applications, mobile applications, and internal infrastructure analyze code to assess its level of security and to find specific vulnerabilities Manage the security testing process perform complex simulated attacks on networks or systems Stay updated with the latest threats/vulnerabilities produce written technical reports along with an executive summary to a professional standard Research potential vulnerabilities formally brief clients and colleagues Understanding the role of AIML in cybersecurity Qualification: Minimum 3 to 5 years hands-on experience in SAST, DAST, VAPT Certifications like CEH, CompTIA Security+, and OSCP will be considered and added advantages. Familiarity with SAST, DAST, and IAST tools Understanding of Red/Blue teaming and threat hunting

Penetration Tester Role: The Penetration Tester, will provide broad and in depth knowledge to conduct offensive cyber operations across the organization globally. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective and response controls across the global technology landscape. You will use your expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques. Penetration Testing Duties and Responsibilities: Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired, wireless networks, and mobile applications/devices, Cloud(Azure, AWS, Google Etc) apps and softwares. Set up environment and maintain required tools needed for the team. Lead and manage Penetration Testing team and Supporting vendors to get qualitative deliveries to our customer. Develop and maintain security testing plans Able to automate penetration and other security testing on networks, systems and applications. Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk. Produce actionable, threat-based, reports on security testing results Act as a source of direction, training, and guidance for less experienced staff Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation Communicate security issues to a wide variety of internal and external customers to include technical teams, executives, risk groups, vendors and regulators Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests. Foster and maintain relationships with key stakeholders and business partners Certificates: Must Have Offensive Security Certified Professional (OSCP) Good to have CREST Registered Penetration Tester (CRT) Certified Ethical Hacker (CEH) Certification GIAC Certified Penetration Tester (GPEN) Penetration Testing Expert Requirements and Qualification: Previous working experience as a Penetration Testing Expert for 5 - 7 year BE in Computer Information Systems, Management Information Systems, or similar relevant field In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) Must know about standard Industry security Practices (OWASP, SANS, etc), Knowledgeable about industry Security guidelines and compliance such as ISO27001, SOC2, HIPPA etc. Hands on experience with testing frameworks such as the PTES and OWASP. Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud Critical thinker and problem solver Excellent organizational and time management skills Must Have Offensive Security Certified Professional (OSCP)

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-5 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Your Role and Responsibilities ConductVulnerability Assessment & Penetration Testing (VAPT) for web applications, APIs, and networks. Analyze and identify security vulnerabilities, ensuring alignment withOWASP Top 10 andsecure coding best practices. Provide security requirement analysis for applications. Offerrisk mitigation planning, vulnerability remediation recommendations, compliance guidance, and metrics reporting. Plan and coordinateNetwork & Application Security testing. Utilize security testing tools such asBurp Suite, Kali-Linux, AppScan, Nessus. Generate and share reports with customers usingMS Office tools. Collaborate with teams to enhance security implementations and provide best practice recommendations. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3-4 years of demonstrating experience in planning and executing VA & penetration tests exercises against web applications, APIs, Network. Minimum 3+ years of experience in Network and Application Security Proficient in Secure coding best practices and OWASP TOP 10 vulnerabilities Experience in security requirements analysis for application Experience in security requirement implementation recommendations & guidance Prior experience in Network & Application Security Test planning & coordination Experience in Application risk mitigation planning, Vulnerabilities remediation recommendation & guidance, Compliance & Metrics reporting Preferred technical and professional experience Industry certifications such asCEH/OSCP or equivalent preferred. Familiarity withsecurity standards (OWASP, SANS, ISO).

Responsibilities: • Track threats via OSINT tools (Maltego, Shodan) • Monitor SIEM alerts (Wazuh, ELK, Splunk) • Analyze logs & respond to incidents • Detect brand misuse, fake apps/sites • Remote role with growth-based pay

You will be responsible for conducting application security reviews for Web, Mobile (Android and iOS), and API technologies. Your role will involve assessing and identifying potential vulnerabilities in the technology being developed before implementation. You should have expertise in application security testing methodologies such as SAST, DAST, and MAST, with experience in web application, API security, and mobile application security testing according to industry standards like OWASP top 10, SANS top 25, etc. It would be beneficial to have knowledge of programming and scripting languages such as Java, JavaScript, Angular, Spring Boot, Kotlin, and Swift. Familiarity with tools like Burp Suite, Postman, SoapUI, Checkmarx, Netsparker, Nexus IQ, Kryptowire for security testing and analyzing scanned reports is essential. Moreover, a strong understanding of application security tooling and experience in driving automation within the delivery environment is required. You must hold industry-recognized Information Security and Cyber Security qualifications such as CISSP, CISA, OSCP, GIAC GPEN, GIAC GMOB. A deep understanding of security industry trends, major vulnerabilities, and security threat landscape is crucial. Knowledge of Zero Trust security principles and practical implementations is necessary. While a degree is desirable, it is not mandatory. Experience in supporting major programs, security architecture, creating security designs, and displaying positive leadership behaviors related to risk management and mitigation is expected. Proficiency in collaboration tools like SharePoint, Teams, Confluence, and JIRA is advantageous. Hands-on experience in working with DevOps and Agile teams to incorporate security in the software development lifecycle is a key requirement. Additionally, experience in application risk assessment, threat modeling, and working closely with delivery teams for security risk remediation is important. About the Company: Purview is a leading Digital Cloud & Data Engineering company with headquarters in Edinburgh, United Kingdom and a presence in 14 countries including India, Poland, Germany, USA, UAE, Singapore, Australia, among others. The company provides services to Captive Clients and top-tier IT organizations, delivering solutions and resources to clients worldwide. Company Information: Purview Services 3rd Floor, Sonthalia Mind Space Near Westin Hotel, Gafoor Nagar, Hitechcity, Hyderabad Phone: +91 40 48549120 / +91 8790177967 Gyleview House, 3 Redheughs Rigg South Gyle, Edinburgh, EH12 9DQ Phone: +44 7590230910 Email: careers@purviewservices.com Login to Apply!,

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! We are looking for a highly skilled and motivated Lead Security Engineer to join our Vulnerability Detection Signature Research team. In this role, you will take charge of researching, developing, and delivering vulnerability detection signatures for our scanning products. You will oversee and resolve vulnerability scanning and detection issues that impact our customers, leading the sustenance research team to ensure expert handling of customer concerns and managing escalations. Collaboration with cross-functional teams will be key to resolving complex challenges. This position demands a strong technical foundation in vulnerability management, scanning tools, and security best practices, along with proven leadership experience in managing teams and addressing customer-facing escalations. Lead the development, implementation, and continuous improvement of vulnerability detections and scanning processes for customers. Lead and manage customer calls and meetings, ensuring that all issues are clearly understood and effectively addressed. Investigate, analyze, and troubleshoot vulnerability detection issues reported by customers, then modify the code to resolve these problems. Build automation for day-to-day tasks. As a Lead Security Signature Engineer, you will also dedicate time to staying up-to-date with the latest vulnerabilities, attacks, and countermeasures. Coordinate team tasks, assign priorities, and ensure timely resolution of customer issues. Externalize research by writing blog posts, presenting at security conferences, etc. As a Lead Security Signature Engineer, you would also work alongside information security engineers to execute internal projects. Qualifications: - 7+ years of industry experience in network and systems security - Proven experience in leading and mentoring teams in a technical environment - Demonstrated experience with vulnerability scanning tools and vulnerability management processes - In-depth knowledge of protocols such as TCP/IP, HTTP, FTP, SSH and SSL - Strong understanding of common security vulnerabilities (e.g., OWASP Top 10, CVEs, etc.) and their remediation - Experience with scripting languages, including Python and Bash - Experience with network analysis tools, analysis of packet captures - Proficient with regular expressions - Ability to shift priorities as needed and demanded by the customer requirements - System administrator experience on Windows or Unix platforms - Strong understanding of VPN, Firewalls, Intrusion detection systems (IDS) - Proven ability to manage customer escalations and deliver effective solutions under pressure - Excellent written and verbal communication skills Additional Plus Competencies: - Understanding of Lua (preferred), Java - Knowledge of Virtualization software (VMWare, Virtual PC/Virtual Box, XEN, etc) - Experience in cloud security (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes) - Able to handle projects independently - Experience in developing security-related tools/programs - OSCP, CISSP or SANS GIAC certifications,

Greetings, We are looking for a Security Assessment & Compliance Specialist with 3-6 years of experience to join our team at Netsach, a Cyber Security Company in Dubai. As a Security Threat Assessment & Compliance Specialist, your role will involve conducting testing for bank installations using threat-based methodologies to identify vulnerabilities, improve Cyber readiness, and review security controls and system configurations across IT systems to ensure security posture and compliance. Your responsibilities will include collecting open-source intelligence on threats and vulnerabilities related to the bank's technology stack, participating in event planning stages to develop Cyber assessment plans, ensuring that threat controls and systems are appropriately configured across the Group, identifying and tracking IT risks and gaps for remediation, providing threat activity reporting and insights on IT technology assets, and managing ad-hoc review and reporting requests from stakeholders. The ideal candidate should have a Bachelor's or Master's degree in Computer Science, Mathematics, or equivalent discipline, along with certifications such as CISSP, OSCP, OSCE, CREST, GPEN, SANS GWAPT. You should have 3-5 years of experience in technical Cyber security, proficiency in Bash scripting, Perl, Python, or R, expertise in Machine Learning frameworks and code development, familiarity with malware scanning tools, experience with mobile and digitization platforms, and knowledge of threat modeling frameworks like STRIDE, PASTA, and VAST. Moreover, you should have a strong technical background covering heterogeneous technologies and multiple security domains, deep knowledge of vulnerabilities in banking environments, expertise in threat assessment and mitigation, and experience in evaluating threats based on the latest threat landscape in EMEA & North Africa. Additionally, you should be well-versed in security scanning solutions such as Tenable Security Center, Tripwire, Rapid Scan, Qualys, and be able to integrate open-source frameworks and solutions into the Threat and Vulnerability solution environment for unified reporting. If you are passionate about Cybersecurity and possess the required skills and experience, we would like to hear from you. Thank You, Emily Jha emily@netsach.co.in,

As part of our management consulting team in India, Mumbai, you will play a crucial role in addressing our client's diverse business needs. Whether it's Cybersecurity, Information Technology, or any other area, you will be instrumental in our integrated solution approach aimed at facilitating growth, optimizing resources, and managing costs and risks effectively. At Plante Moran, we take pride in providing consultative services to clients as they navigate challenges and explore new possibilities. Diversity, equity, and inclusion are fundamental values for us, ensuring that every team member has an equal opportunity to thrive in an inclusive environment while embracing their individual identities. Your responsibilities will involve collaborating with the US cybersecurity team to conduct testing and reviews for multiple client projects. This includes tasks such as penetration testing, vulnerability assessments, social engineering assessments, and technical security configuration reviews. You will be required to prepare reports, communicate observations, and coordinate with other team members to ensure smooth project delivery. The ideal candidate for this role should be a fresher or have 0-2 years of experience in Penetration testing, Vulnerability assessments, and Technical Security Assessments, with at least one to two years of background in Cybersecurity or Information Security. A Bachelor's degree in Computer Science, Information Technology, Electronics, or related fields is required. Possessing certifications such as CEH, GPEN, OSCP, GWAPT, or other recognized Security certifications is preferred. Strong communication skills, proficiency in MS Office tools, knowledge of General Computer Controls, and the ability to work in an office environment are essential. Additionally, flexibility to occasionally travel to client locations in India and the United States, work in afternoon shifts, and engage in overnight travel up to 25% of the time is necessary. At Plante Moran, we offer a unique workplace environment characterized by a culture of respect, recognition as one of Fortune Magazine's 100 Best Companies to Work For, and abundant growth opportunities. We are committed to fostering diversity, equity, and inclusion, ensuring that every team member has the chance to excel in a supportive and inclusive setting. If you are looking to make a difference in a dynamic and inclusive work environment, we encourage you to apply now and join our team at Plante Moran.,

As an InfoSec Analyst - Information Security II with 6-9 years of experience, you will be responsible for ensuring the security of our systems and applications. Your role includes conducting application security assessments, penetration testing, research activities, and contributing to the Security Operations Center (SOC) team. To excel in this position, you should possess a Bachelor's degree in Computer Science or a related technical field. You must have a minimum of 2 years of experience in application security, penetration testing, red team activities, or working in a SOC environment. Familiarity with CI/CD processes and tools such as Git, Docker, Jenkins, and release pipelines is essential for this role. Proficiency in using penetration testing tools like Metasploit, Kali Linux, BURP Suite, nmap, and sqlmap is required. Holding certifications such as GCPN, GWEB, GMOB, GWAT, GPEN, CEH, C|ASE .NET, C|ASE Java, or OSCP would be advantageous. In addition, you should have at least 2 years of experience in object-oriented design and full-stack development using languages like Go, Java, C#, or Python. Knowledge of CI/CD processes and tools is a must-have skill for this position. This role is based in Bengaluru and requires immediate availability with a notice period. If you are a proactive and skilled InfoSec Analyst who is passionate about information security, we encourage you to apply for this exciting opportunity.,