195 Oscp Jobs

Key Responsibilities: Conduct comprehensive application security assessments, focusing on the OWASP Top 10 for web and mobile applications. Utilize vulnerability assessment tools to identify and analyze security risks within applications and systems. Collaborate with development teams to integrate security practices into the software development lifecycle (SDLC). Provide recommendations and guidance for remediating vulnerabilities and improving application security posture. Monitor security alerts and take appropriate action to mitigate potential threats. Assist in developing and implementing security policies, procedures, and best practices. Stay up-to-date with the latest security trends, tools, and technologies to ensure the organizations security measures remain adequate and relevant. Communicate technical security issues and solutions effectively to both technical and non-technical stakeholders. Qualifications: 2-5 years of experience in application security, focusing on identifying and mitigating security vulnerabilities. Strong knowledge of OWASP's Top 10 security risks for web and mobile applications. Familiarity with vulnerability assessment tools like Nessus, Burp Suite, Fortify, etc. Prior programming experience (e.g., Python, Java, JavaScript, etc.) is an added advantage and will be highly beneficial. Excellent problem-solving skills and attention to detail. Strong communication skills, with the ability to explain complex security issues clearly and concisely. Ability to work independently and as part of a team in a fast-paced environment. Relevant certifications (such as CEH, OSCP, CISSP) are a plus but not required. Knowledge of CSPM and DSPM Mandatory Key SkillsSecOps,Security Testing,OWASP,Java,JavaScript,CEH,OSCP,CISSP,Nessus*,Burp Suite*,Python*

Role Overview: You will be part of the cybersecurity team at Plante Moran, assisting in performing testing and reviews for multiple client projects. Your role will involve tasks such as penetration testing, vulnerability assessments, social engineering assessments, and technical security configuration reviews. You will be responsible for preparing reports, communicating observations and discrepancies internally, and collaborating with other team members to coordinate client projects. Key Responsibilities: - Assist the US cybersecurity team in performing testing or reviews for multiple client projects which may include: - Penetration testing (e.g. external or internal network, web application, mobile etc.) - Vulnerability assessments - Social engineering assessments (e.g. phishing) - Other technical security configuration reviews (e.g. Microsoft 365, firewall, routers, etc.) - Prepare the reports as per the designated templates and provide regular internal communication on observations and discrepancies. - Work closely with other engagement team members to coordinate client projects Qualifications Required: - Freshers or 0-2 years experience in Penetration testing, Vulnerability assessments, Technical Security Assessments, and at least one to two years of Cybersecurity or Information Security experience. - Bachelor of Science (B.Sc.) Computer Science / Information Technology / BE or B. Tech Computer Science / Information Technology / Electronics / Electronics Telecommunications. - Certification preferred: CEH, GPEN, OSCP, GWAPT or any other recognized Security certifications - Good communication and presentation. Must be fluent in English, written and verbal. - Knowledge of General Computer Controls. - Must be proficient with MS Office (Word, PowerPoint, and Excel), knowledge including Excel functions, and formatting capabilities for reporting. - The candidate will be required to work in the office (onsite job) - The candidate must have the ability to travel on occasion to clients in India and to the United States. - The candidate should be open to work in the afternoon shift (i.e., from 11 pm to 8 pm). - Contributes to team effort by accomplishing related results as needed. - Well-developed project management and stakeholder relationship management skills - Strong analytical and problem-solving skills - Outstanding time management and organization skills - Superior attention to detail and conscientious quality of work product - Professional demeanor with superior verbal and written communication skills - Potential of 25% overnight travel Additional Company Details: Plante Moran is committed to maintaining a diverse workplace where each individual feels accepted and valued. The company believes in recognizing and celebrating human differences to create a workplace where all staff members have the opportunity to succeed. Plante Moran is an Equal Opportunity Employer and maintains a drug-free workplace. The company follows a Workplace for Your Day model, promoting flexibility and balance while valuing face-to-face interactions for individual and collective development.,

* Mentor and guide training resources across Kerala, ensuring effective knowledge transfer. * Deliver comprehensive training on RedTeam courses, including but not limited to ADCD, CPT, CICSA, CSA, CCSA, CRTA, CEH, P+, S+, CYSA+, CHFI, etc.

Job Summary: The Cybersecurity Engineer focuses on vulnerability assessments and penetration testing (VAPT), identifying risks and developing strategies to secure critical systems. Key Responsibilities: Conduct penetration testing on IT infrastructure and applications. Identify and exploit vulnerabilities in systems and applications. Collaborate with development teams to remediate security issues. Experience on vulnerability assessments to identify and address system weaknesses and potential risks. Maintain up-to-date knowledge of emerging cybersecurity threats and tools. Qualifications: Bachelors degree in Computer Science, IT, or related field. 5+ years of experience in cybersecurity with a focus on VAPT. Certifications: OSCP, CEH, or equivalent. Experience with penetration testing tools such as Burp Suite and Metasploit Note – Immediate Joiners will be preferred.

Conduct VAPT on apps, networks, cloud & APIs Simulate real-world attacks & report risks Validate findings & prioritize vulnerabilities Provide remediation guidance & re-testing Enhance VAPT methods & stay updated on threats

We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure youre set up for success, you will bring the following skillset & experience: 3+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

Face to Face drive for Application Security engineer in Bangalore and share resume to ankita.patari@happiestminds.com Please find below job details Primary Skills(Mandatory skills) Manual Penetration Testing Web Application Security Mobile Application Security Secure code review API Testing Experience range 4-8 Years Please carry updated resume for he the F2F interview Date & Time : 12th September 2025, Friday @ 10:30 AM Venue details Happiest Minds Technologies Limited SMILES 1, SJR Equinox, Sy.No.47/8, Doddathogur Village, Begur Hobli, Electronics City Phase 1, Hosur Road, Bengaluru 560 100 Regards, Ankita

Technical capability: We are seeking a talented and highly motivated Cybersecurity Engineer to join our Information Security team. The ideal candidate will possess strong communication skills, hold relevant security certifications, and have proven expertise in penetration testing and implementing robust cybersecurity solutions. This role involves protecting our organizations systems, networks, and data against evolving security threats while ensuring compliance with industry standards. Role & Responsibilities: Design, implement, and maintain security solutions to safeguard the organizations infrastructure, applications, and data. Perform comprehensive penetration testing of networks, applications, and systems to identify vulnerabilities and assess risk exposure. Monitor and analyze security events and incidents using Security Information and Event Management (SIEM) tools. Conduct vulnerability assessments and work with teams to remediate identified risks. Collaborate with cross-functional teams to integrate security best practices into system architecture and application development. Respond to security incidents, perform root cause analysis, and recommend corrective actions. Manage security tools and technologies. Support compliance initiatives, ensuring adherence to regulatory requirements like GDPR, HIPAA, or PCI-DSS. Provide security awareness training to employees to foster a strong culture of cybersecurity. Stay updated on emerging threats, vulnerabilities, and security technologies to ensure proactive protection measures. Preferences and qualifications: Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field (or equivalent experience). Proven experience in cybersecurity engineering or related roles, with a focus on penetration testing (PT). Strong verbal and written communication skills, with the ability to explain technical concepts to non-technical stakeholders. Relevant security certifications such as CISSP, CISM, CEH, OSCP, CompTIA Security+, or equivalent. Proficiency in penetration testing tools such as Metasploit, Burp Suite, Nessus, Kali Linux, or similar. Hands-on experience with security technologies, including firewalls, SIEM, IDS/IPS, endpoint protection, and DLP solutions. Knowledge of cloud security practices across platforms like AWS, Azure, or GCP. Familiarity with scripting or automation tools (e.g., Python, PowerShell) for improving security processes. Solid understanding of network protocols, system architecture, and security principles. Experience with incident response and forensic analysis. Familiarity with zero-trust architectures and advanced authentication methods.

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Red Teaming Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will oversee the strategic planning and execution of red team operations to emulate real-world threats and uncover security weaknesses across the organization. Your typical day will involve planning, scoping and conducting red team operations, including social engineering, network exploitation, and post-exploitation activities along with leading a team of offensive security experts, and aligning red team efforts with business risk priorities. You will work closely with incident response, and threat intelligence teams to identify detection gaps and provide actionable insights, ensuring the organization remains prepared against evolving threats, while fostering a culture of continuous learning and adversary-aware defense. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Plan, scope, and execute red team exercises simulating real-world attack scenarios.- Perform threat modeling and adversary emulation exercises based on MITRE ATT&CK framework.- Conduct internal and external penetration tests, including physical security and social engineering engagements.- Design and deliver phishing campaigns and other social engineering attacks to test human security posture.- Establish and manage command-and-control (C2) infrastructures using tools like Cobalt Strike.- Perform post-exploitation tasks including lateral movement, Active Directory (AD) exploitation, privilege escalation, and data exfiltration.- Identify gaps in detection and response capabilities and provide detailed reports and remediation recommendations.- Collaborate with Blue Team and Incident Response to enhance organizational defense.- Continuously research emerging threats, TTPs, and contribute to the development of new testing methodologies.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills.- Monitor and evaluate the effectiveness of security measures and recommend improvements. Professional & Technical Skills: - Deep understanding of red team tactics, techniques, and procedures (TTPs) align with MITRE ATT&CK framework.- Proven experience in conducting end-to-end red team engagements across different environments (on-prem, cloud, hybrid).- Proficient with red team tools such as Cobalt Strike, Mythic, Metasploit, Bloodhound, Sharp hound, PowerShell Empire, Impacket- Expertise in EDR/AV evasion techniques, custom payload development, and OPSEC-aware operations.- Skilled in Active Directory attacks, Kerberoasting, Pass-the-Hash/Ticket, and Golden/Silver ticket attacks.- Proficient in hardware-based and physical attack techniques including Rubber Ducky payload deployment, planting rogue devices such as LAN Turtle, Raspberry Pi, NAC bypass. Executing Wi-Fi attacks like Evil Twin attacks, and RFID cloning for physical access simulation and red team engagements.- Strong knowledge of data exfiltration methods and covert communication channels.- Experience with phishing toolkits and infrastructure for social engineering campaigns.- Familiarity with scripting and automation using PowerShell, Python, or Bash.- Comfortable working under strict ethical and legal boundaries, with a strong focus on operational safety. Additional Information:- The candidate should have minimum 7.5 years of experience in Red Teaming.- Certifications- OSCP, OSEP, CRTP, CRTE, CRTO.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Bachelor s degree in computer science or software engineering, electrical engineering, or equivalent experience 2.5+ years demonstrated experience in the information security-VA, PT field Exposure to security testing within the appropriate domain Preferred Qualifications Experience in pentesting Web, Network, Embedded security ( Hardware and Firmware) , Protocol fuzzing, Mobile App, Thick Client,API, Web services, Cloud Fuzzing various Industrial protocols like Modbus (TCP and RTU), BACnet, DNP3 and IT protocols like FTP, Telnet, SSH, HTTP(s), SNMP v1/2/3, NTP, RADIUS, MQTT, DNS. Understanding of application protocols, development, and common attack vectors. Good cybersecurity capabilities and strong software engineering skills Experience with pentest tools and frameworks such as: Burp Suite, IDA Pro, GHidra, Kali, OWASP, Metasploit, Nessus, Nmap, MObSF, Genymotion, Frida, APK Tool Scripting experience in Python, Powershell and Bash preferred. Experience working with other languages such as C, C++, Java, .NET or javascript. Excellent understanding of security by design principles and architecture level security concepts Experience and knowledge of penetration testing methodologies and tools Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities Effective oral and written communication skills Good interpersonal skills Experience in security testing within the appropriate domain Demonstrated project management skills. Good Presentation skills Relevant Security certifications: CEH, OSCP, GPEN Familiarity with reverse engineering tools, debuggers, and dynamic analysis techniques

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : NA Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :AI Red Teaming Expert Adversarial ML, Threat Simulation, and AI Security StrategyWe are seeking a highly experienced and visionary AI Red Teaming Expert 12+ years of experience across cybersecurity and machine learning. This role is ideal for professionals who thrive in dynamic environments and possess a passion for securing cutting-edge AI/ML systems. You will lead red teaming operations, simulate adversarial threats, and guide the organizations AI security posture at strategic and technical levels. The ideal candidate demonstrates deep technical expertise, exceptional leadership, and a keen understanding of adversarial machine learning and risk mitigation frameworks.Roles & Responsibilities:Define and execute the AI red teaming strategy across the organization.Simulate realistic and advanced adversarial attacks against AI/ML systems aligned with business contexts.Review AI/ML system architecture to identify security gaps and advocate for secure design patterns.Establish internal standards and workflows for AI threat modeling, risk assessment, and adversarial testing.Stay ahead of evolving adversarial ML threats and guide the development of defensive strategies.Contribute to secure development practices for model deployment pipelines and lifecycle management.Lead and mentor a specialized team of AI security analysts and red teamers.Represent AI security strategy in executive forums and drive cross-functional alignment.Collaborate with engineering, data science, compliance, and legal stakeholders to integrate security into AI innovation cycles.Drive internal policy-making efforts around responsible and secure AI development practices.Own and lead remediation initiatives, translating findings into actionable improvements across teams.Professional & Technical Skills: Exceptional communication and leadership skills with the ability to convey technical issues to non-technical stakeholders.Proven experience managing high-impact security initiatives and leading diverse teams.Strategic thinker capable of aligning AI security objectives with business goals.Passionate about AI safety, responsible innovation, and emerging threat landscapes.Strong analytical and problem-solving skills in high-pressure environments.Hands-on expertise in red teaming AI/ML systems at scale.Strong understanding of adversarial ML techniques, threat simulation tools, and AI model manipulation tactics.Experience implementing and aligning with frameworks such as OWASP Top 10 for LLMs, ISO 42001, NIST AI RMF.Proficiency in AI/ML pipeline security, model risk evaluation, and secure MLOps practices.Familiarity with deep learning frameworks (e.g., TensorFlow, PyTorch) and their associated vulnerabilities.Demonstrated ability to design, execute, and scale red teaming programs in AI-native environments.- Additional Information:Bachelors or Masters degree in Computer Science, Information Security, Machine Learning, or related field.Recognized certifications such as CEH, OSCP, CISSP, or credentials specific to AI security (e.g., MITRE ATLAS experience) are a plus.- 12+ years of experience spanning cybersecurity, AI/ML, and adversarial testing- This position is based at our Bengaluru office- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Specialist, you will support the implementation and validation of security measures across vehicle systems and embedded platforms. You will assist in penetration testing, contribute to threat analysis activities, and help ensure secure communication and firmware integrity in alignment with automotive cybersecurity standards.Roles & Responsibilities:Assist in the execution of penetration testing activities targeting ECUs, in-vehicle communication networks, and diagnostic services to identify common vulnerabilities and misconfigurations.Support the use of automotive security tools such as CANoe, Wireshark, Scapy, and basic fuzzing frameworks to simulate attacks and gather system responses for analysis.Collect and organize logs, analyze test outputs, and document findings to assist senior security engineers in remediation and tracking of identified issues.Execute validation of standard UDS diagnostic services, including support for testing access controls, session management, and secure diagnostic configurations.Participate in asset identification and support foundational threat modeling efforts, including contributing to risk assessments and mitigation tracking under guidance.Assist in documenting security design considerations and implementation steps in alignment with ISO/SAE 21434 and internal cybersecurity processes.Collaborate with cybersecurity, software, and validation teams to support the integration of security controls across vehicle platforms.Continuously learn and apply core concepts of automotive cybersecurity, including secure communication, ECU hardening, and regulatory standards like WP.29 and ISO 26262.Professional & Technical Skills: 5+ years of experience in embedded systems, automotive engineering, or related fields, with growing specialization in cybersecurity principles and practices.Familiarity with in-vehicle communication protocols including CAN, UDS, and DoIP, with hands-on exposure to using tools such as CANoe, Wireshark, and Scapy for traffic analysis and basic attack simulation.Foundational understanding of penetration testing methodologies, vulnerability identification, and the use of fuzzers to evaluate ECU communication robustness.Exposure to diagnostics security concepts, including secure diagnostic sessions, seed-key mechanisms, and access control layers for UDS services.Basic knowledge of cybersecurity frameworks and risk assessment methodologies such as STRIDE, HEAVENS, and ISO/SAE 21434.Experience contributing to documentation of test results, secure design inputs, and mitigation reports under guidance from senior cybersecurity engineers.Understanding of secure firmware update concepts and cryptographic basics, including symmetric/asymmetric encryption, HSM usage, and key management fundamentals.Experience working in Agile or V-model development environments, collaborating with cross-functional teams including validation, software, and systems engineering.Demonstrated eagerness to learn new cybersecurity tools, standards, and technologies relevant to modern connected vehicle platforms.Strong analytical skills and attention to detail, with the ability to follow structured testing and security validation procedures. Additional Information:3+ years experience implementing and performing Automotive CybersecurityKnowledge of tools like CANoe, Wireshark, or Ghidra.Basic understanding of ISO 21434, seed/key security, OTA updates, and cryptographic modules.This position is based at our Bengaluru officeA 15-year full-time education is requiredGood to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Architect, you will define the end-to-end security architecture and strategy for in-vehicle systems, telematics, and cloud-connected services, ensuring alignment with regulatory requirements and industry best practices. You will also lead penetration testing efforts, document security controls across ECUs and communication interfaces, and guide the implementation of secure system designs across the vehicle ecosystem.Roles & Responsibilities:Define and implement end-to-end cybersecurity architecture for connected vehicles, ECUs, and backend services, ensuring alignment with ISO/SAE 21434, UNECE WP.29, and CSMS requirements.Develop secure communication and firmware update frameworks, supporting over-the-air (OTA) updates and in-vehicle data integrity.Perform threat modeling and risk analysis using industry-standard methodologies such as HEAVENS, STRIDE, and attack trees to identify vulnerabilities across vehicle networks and interfaces.Guide the definition of mitigation strategies and ensure full traceability between threats, assets, and controls throughout the development lifecycle.Plan and lead security validation activities, including advanced penetration testing and fuzzing of vehicle interfaces (CAN, DoIP, Ethernet, Bluetooth, Wi-Fi, Cellular).Create and maintain documentation for test cases, tooling, security controls, and validation outcomes across ECUs and connected modules.Collaborate with cross-functional teams to drive secure design practices in diagnostics, boot process, and firmware integrity verification.Conduct vulnerability assessments using tools such as CANoe, CANalyzer, Wireshark, Ghidra, and custom analysis scripts, and support remediation planning.Lead red team exercises and security reviews in coordination with product security and development teams.Represent cybersecurity in internal audits and regulatory assessments, ensuring alignment with WP.29 R155/R156 and ISO 26262.Work with suppliers and partners to evaluate and integrate security solutions aligned with evolving vehicle cybersecurity requirements.Professional & Technical Skills: Extensive experience (12+ years) in embedded and automotive systems, with over 6 years specializing in automotive cybersecurity strategy, architecture, and threat analysis.Hands-on experience designing and executing penetration testing of automotive systems, including ECUs, ADAS, telematics, infotainment, and V2X components, across in-vehicle networks and external interfaces.Strong knowledge of in-vehicle communication protocols such as CAN, LIN, FlexRay, DoIP, and automotive diagnostic protocols (UDS), as well as wireless technologies including Bluetooth, Wi-Fi, and Cellular.In-depth understanding of secure communication protocols and cryptographic standards, including TLS, MACsec, AES, RSA, ECC, and Public Key Infrastructure (PKI) for automotive applications.Proven experience in designing and implementing Secure Boot, Secure OTA (Over-the-Air) update mechanisms, and ECU firmware authentication using HSMs and trusted execution environments.Demonstrated ability to conduct and lead threat modeling and risk assessments using HEAVENS, STRIDE, attack trees, and DFD methodologies in compliance with ISO/SAE 21434.Familiarity with regulatory and compliance frameworks such as UNECE WP.29 (R155/R156), CSMS, and ISO 26262, and practical experience aligning security activities to these standards.Proficiency in security validation tools and platforms including Canoe, CANalyzer, Wireshark, Ghidra, Scapy, and custom-built tools for binary analysis, fuzzing, and reverse engineering.Experience guiding vulnerability remediation efforts across hardware and software development teams in an Agile or V-model development environment.Strong technical documentation skills and the ability to translate complex cybersecurity concepts into actionable guidance for engineering and compliance teams.Capable of engaging with external vendors, regulatory bodies, and cross-functional stakeholders to align security requirements, audits, and certifications. Additional Information:7+ years experience implementing and performing Automotive CybersecurityThis position is based at our Bengaluru officeA 15-year full time education is requiredGood to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Engineer, you will implement and validate security controls across in-vehicle systems, ensuring protection of ECUs, telematics units, and connected vehicle infrastructure. You will contribute to threat modeling and diagnostics hardening efforts, support penetration testing activities, and document the integration of cybersecurity measures in alignment with regulatory and technical requirements.Roles & Responsibilities:Support the development and implementation of cybersecurity controls across ECUs, telematics systems, and in-vehicle networks in alignment with ISO/SAE 21434 and company CSMS.Participate in security architecture and design reviews, contributing to the definition and validation of security requirements for embedded vehicle systems.Conduct and document threat modeling and risk assessments using methodologies such as HEAVENS, STRIDE, and custom attack graphs.Perform penetration testing and intrusion validation on in-vehicle protocols including CAN, DoIP, and Ethernet, as well as wireless interfaces such as Bluetooth and Wi-Fi.Assist in the execution of fuzz testing and vulnerability analysis using tools like CANoe, Wireshark, Scapy, and Python-based custom scripts.Contribute to the validation of secure boot mechanisms and assist in reverse engineering activities to verify firmware security compliance.Work with software and hardware teams to analyze security issues, identify root causes, and define corrective actions and mitigations.Maintain operational documentation, including test procedures, vulnerability logs, and mitigation tracking in compliance with regulatory requirements.Collaborate with cross-functional teams to integrate secure diagnostics, access control strategies, and key management protocols.Participate in internal assessments and support audit readiness for cybersecurity compliance frameworks such as UNECE WP.29 and ISO 26262.Professional & Technical Skills: Experience supporting in-vehicle cybersecurity programs with 8+ years in embedded or automotive systems development, including 34 years focused on penetration testing, diagnostics security, or secure ECU architecture.Hands-on experience conducting security testing and vulnerability assessments on vehicle communication interfaces such as CAN, DoIP, and Ethernet, as well as wireless protocols including Bluetooth, Wi-Fi, and cellular.Strong working knowledge of UDS diagnostics (ISO 14229), secure diagnostics access control, and protocol fuzzing techniques to uncover vulnerabilities in ECUs and vehicle gateways.Proficiency with security testing tools and platforms such as CANoe, Wireshark, Scapy, Python, and Ghidra for traffic analysis, custom scripting, and reverse engineering.Familiarity with cryptographic principles and practical usage of cryptographic libraries (e.g., OpenSSL, mbedTLS) and hardware security modules (HSM) for secure key storage, boot processes, and firmware authentication.Experience supporting OTA (Over-the-Air) update platforms and ensuring their secure integration using encryption, authentication, and rollback protection mechanisms.Exposure to cybersecurity development in Agile-based or V-model automotive environments, working collaboratively with software, systems, and validation teams.Knowledge of regulatory and compliance standards relevant to automotive cybersecurity, including ISO/SAE 21434, UNECE WP.29 (R155/R156), and functional safety (ISO 26262).Ability to document test cases, generate detailed security analysis reports, and provide engineering teams with clear recommendations and follow-up actions for mitigation.Demonstrated problem-solving skills and the ability to troubleshoot complex issues related to embedded systems security, communication integrity, and control system protection. Additional Information:5+ years experience implementing and performing Automotive CybersecurityExperience with AUTOSAR (Classic/Adaptive), ECU firmware security, or secure telematics units.This position is based at our Bengaluru officeA 15-year full-time education is requiredGood to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education

Position: VAPT Engineer Reporting to: Platform Lead Infrastructure Security Employment Type : Employee - Full Time Work Location: Guwahati Key Focus area : Infrastructure Penetration Tester Employment Type : Employee - Full Time Work Location: Guwahati Key Responsibilities : Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility. Identifying and maintaining Key metrics and SLA on Infrastructure Security. Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems. Thorough experience in configurations reviews against CIS benchmarks and security standards. Ensure all Hardening and Patching activities are conducted and tracked as per defined policies. Create/Update hardening documents and build audit file for automated testing. Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people. Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations. Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings. Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments. Safeguarding information, infrastructures, applications, and business processes against cyber threats. Proactively create, share, and read reports as part of the penetration testing activities. Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation. Qualification and Work Experience Qualification : BE / BTech (Similar Education Background) Work experience : 7-15 Years 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems. Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required. Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans. Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc. The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng. Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications) Preferred: Script writing skills (Python/Ruby/bash/PowerShell). Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS. Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms. Expertise in performing grey box/Black box testing. Experience devising methods to automate testing activities and streamline testing processes. Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises. Competencies /Expertise Required (Functional & Behavioral) Systematic strong analytical thinking and problem-solving skills. Excellent in analytical thinking for translating data into informative visuals and reports. Adaptable to change. Quick Learner Open learn and work on new technologies and products If you're interested, please share below mention details for the same. Preferred Location Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Email ID: ashwini.chakor@ril.com

Job Description We are seeking an experienced and dynamic SOC Manager to lead our security operations team. Strong background in Vulnerability Assessment and Penetration Testing (VAPT) Managing SOC operations/ tools and incident response processes. Required Candidate profile 8+ years of experience in cybersecurity Strong hands-on experience in VAPT Expertise in SIEM tools (e.g., Splunk, QRadar, ArcSight, Sentinel) Strong leadership & stakeholder management skills

Position: VAPT Engineer Reporting to: Platform Lead Infrastructure Security Employment Type : Employee - Full Time Work Location: Guwahati Key Focus area : Infrastructure Penetration Tester Employment Type : Employee - Full Time Work Location: Guwahati Key Responsibilities : Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility. Identifying and maintaining Key metrics and SLA on Infrastructure Security. Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems. Thorough experience in configurations reviews against CIS benchmarks and security standards. Ensure all Hardening and Patching activities are conducted and tracked as per defined policies. Create/Update hardening documents and build audit file for automated testing. Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people. Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations. Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings. Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments. Safeguarding information, infrastructures, applications, and business processes against cyber threats. Proactively create, share, and read reports as part of the penetration testing activities. Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation. Qualification and Work Experience Qualification : BE / BTech (Similar Education Background) Work experience : 7-15 Years 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems. Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required. Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans. Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc. The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng. Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications) Preferred: Script writing skills (Python/Ruby/bash/PowerShell). Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS. Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms. Expertise in performing grey box/Black box testing. Experience devising methods to automate testing activities and streamline testing processes. Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises. Competencies /Expertise Required (Functional & Behavioral) Systematic strong analytical thinking and problem-solving skills. Excellent in analytical thinking for translating data into informative visuals and reports. Adaptable to change. Quick Learner Open learn and work on new technologies and products If you're interested, please share below mention details for the same. Location Preferred location Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Regards, Ashwini Chakor

Conduct training on network security, threat detection, and risk management Expertise in firewalls, encryption, and ethical hacking Strong knowledge of cybersecurity tools and protocols Excellent communication and teaching skills required

We are expanding our global Red Team and are seeking additional testers to be based in London, Frankfurt, Wroclaw, Krakw, Pune, or Navi Mumbai. Your role involves driving security improvements across the bank by simulating real-world cyber-attacks. We are particularly interested in candidates with experience in security testing, preferably with red team experience in a large corporate or consultancy environment. We are looking for individuals who are passionate about cyber security, keeping up to date with threats, vulnerabilities, and techniques, and can translate technical findings into business risk. The role requires an inquisitive mind, ability to think outside the box, and a broad technical skillset. While technical certifications such as CREST, OSCP are advantageous, the ability to write clear reports in business English, project management skills, and personal organizational ability are essential. As a mid-level tester, you will collaborate with talented and experienced testers, with ample opportunities for personal growth and development of your technical skillset. Your responsibilities will include developing red team scenarios, working with blue teams and security monitoring functions, executing red team exercises, liaising with stakeholders, providing detailed reports, and offering technical expertise to the bank. You will be part of the global Cyber Testing & Assurance team within Compliance & Operational Risk Control, working in a hybrid role that supports remote working with some office presence required. Your expertise should include a strong technical background in cyber security, hands-on experience in penetration testing and red team assessments, knowledge of enterprise architectures, operations, and IT control environments, as well as an inquisitive mind for security research. Excellent communication skills in English, the ability to describe technical matters in a business-focused manner, and formal security testing certifications such as CREST, Offensive Security, GIAC are advantageous. UBS is the world's largest and the only truly global wealth manager, operating through four business divisions. We have a presence in major financial centers across more than 50 countries. At UBS, we support flexible working arrangements such as part-time, job-sharing, and hybrid working models. Our purpose-led culture and global infrastructure enable us to connect, collaborate, and work together in agile ways to meet business needs. We value diversity and inclusion, respecting and empowering each individual within our workforce. UBS is an Equal Opportunity Employer that embraces diversity and inclusion. We encourage applications from career returners and offer flexible working arrangements to support a diverse workforce. If you are passionate about cyber security, enjoy challenging work, and seek opportunities for personal and professional growth, we invite you to be part of #teamUBS and make an impact.,

Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure youre set up for success, you will bring the following skillset & experience: 5+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

Cloud Security Architecture : - Asses, help in design and development of AWS, Azure and AWS security architectures for protecting PII/PCI data deployed into different types of cloud and cloud/hybrid systems. - Improve the security around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). - Work part of Cyber team for Enterprise Security for other Technology teams and Vendors within the organisation for all matters related to cloud security. - Implement NIST framework on cloud-native architectures to mitigate the risk to Organisation PII, PCI data and with appropriate security controls present. - SSDLC Embed Security practices in development and implementation of the overall enterprise cloud architecture to ensure Secure Software Development Lifecycle. - Enhance/redesign existing cyber standards in partnership with Engineering, Infrastructure Services, and Application Development. - Act as the ambassador and senior technical representative to Lead initiatives designed to share knowledge across Security Platforms and/or Technology teams, identify, recommend, coordinate and deliver timely knowledge to support teams regarding technologies, processes or tools. - Ensures the effective translation of the security architecture is implemented into the solutions. - Assist to evaluate all the new initiatives/solutions (including Cloud) with the design recommendations and work with project managers and architects during implementation. - SAP GRC / AC 12 experience is good to have. New Technology & Risks : - Evaluate and recommend tools and solutions to enhance the security posture of the Enterprise. - Maintain contact with vendors regarding security system updates and technical support of security products. - Perform cost-benefit and risk analysisAnalyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks. Measures of Success : - Product/services are cyber compliant and risk reduced to minimal or zero. - Successful implementation/ adoption of any new solution, technology or framework. - Timely and inbudget delivery of security projects specifications within time and budget. Technical Skills / Experience / Certifications : - CCSP certification is mandatory, Any among like TOGAF, SABSA, OSCP or python certification is preferred. - Knowledge of enterprise IT Systems, infrastructure and security technologies. - Knowledge of Information Security Standards like ISO 27001, PCI-DSS, NIST CSF, CSA framework etc. - Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc. - Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.) preferred. - Experience architecting solutions within Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), VMware NSX, Oracle etc. - Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes such as secure software development, Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments. - Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies. - Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies. - SAP GRC / AC 12 experience is good to have.

Role & responsibilities Lead engagements from kickoff with product owners through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Minimum 3+ (3-6yrs) years of experience in web and thick client application penetration testing domains. Expertise in using tools such as Nmap, Wireshark, Burp suite, OWASP Zap, Echo Mirage, and OS such as Kali Linux or similar etc. Proficiency in dynamic analysis of thick client applications and reverse engineering to uncover the logic and develop exploits. Strong communication skills and ability to develop detailed PoCs and reports to convey complex technical information to both technical and non-technical stakeholders, train product team and promote security awareness. Stay up to date on the latest exploits and security trends. Preferred candidate profile Candidate must have either of the following certifications from OSCP, OSEP, OSED, SANS GPEN, GXPEN. Knowledge of programming languages such as C, C++, Java, .Net.. Who have practical pen-test certification . Eg OSCP , OSWE , CREST CRT , CTRE Knowledge of Windows and Linux OS along with strong understanding of networking principles. Knowledge of reverse engineering tools, debuggers, and dynamic analysis techniques for thick client applications. Knowledge of OWASP, NIST, MITRE CWE,CVSS etc. Ability to learn and adapt quickly. Knowledge in testing mobile applications (Android and iOS) is not mandatory but good to have. Candidate must have experience in working with Web and Thick Client Applications. Perks and benefits

Cyber Security Consultant Company: Dotsquares Location: Hybrid / Remote / Jaipur Experience Required: 5+ Years Job Type: Full Time Kindly share your CV at jyoti.chawla@dotsquares.com / Call 9799074999 Senior Cyber Security Consultant Responsibilities: Actively participate in security testing of web and mobile applications. Conduct thorough penetration tests on applications, systems, and networks to identify vulnerabilities. Support the internal and/or customer development team in the preparation, formalization, implementation and verification of security requirements following a Security by Design principle. Develop and execute hands-on DevSecOps programs, including penetration testing, automation, static/dynamic code analysis, threat modeling, and developer training. Ability to think like an attacker. Conduct secure design reviews and contribute to threat modeling exercises. Preparing reports at both technical and executive level, providing recommendations to an heterogeneous public. Plan, lead and execute projects, including team management. Stay up-to-date with the latest security trends, vulnerabilities, and industry best practices. Engage in continuous learning and research to improve your skills and contribute to the team's knowledge base. Requirements: Minimum 5+ years of consulting experience in Red Teaming/Pentesting and possesses industry recognised certifications (e.g. CISSP, OSCP, CRT, CREST, CRTP) Experienced and well versed in security testing domains. For example, red teaming, web/network/mobile/cloud/thick client vulnerability assessments and penetration testing. Proven experience in implementing proactive security solutions and integrating security into the software development lifecycle (SDLC). Ability to explain vulnerabilities and weaknesses in OWASP Top 10 and SANS Top 25 to any audience and discuss effective defensive techniques Familiarity with programming languages (e.g., Python, Bash, C#, or JavaScript). Hands-on experience securing cloud infrastructure and familiarity with containerization technologies (Kubernetes, Docker).

Job Title: Team lead - VAPT Note: Experience Handling team and multiple projects is mandatory Looking only for candidates who can join within 45 days. Qualifications: BE/B. Tech with specialization in cyber security, MCA, M. Tech / Masters in Information security, or Forensics Analysis Knowledge 2-10 years hands on experience working in VAPT, working for cybersecurity industry. Candidate must have cybersecurity related certifications such as CEH or eJPT or eWPT or CRTP or any other similar certification. Candidates must have hands on experience in red teaming or source code review or cloud configuration review in addition to VAPT Role and Responsibility: Conduct Network/ System Vulnerability Assessments, Penetration Testing using tools to evaluate attack vectors, identify system vulnerabilities, and provide appropriate remediation plans for mitigation of the identified vulnerabilities. Conduct Application vulnerability assessments, Penetration Testing for web applications, identify and report vulnerabilities, provide recommendations, and track closure of identified vulnerabilities. Perform Configuration compliance assessments for Endpoints / Assets /network devices and help maintain the security settings at compliant level with Specific Security Standards. Perform regular monitoring of patch compliance of the assets in the network, Analyze Patch Advisories and provide remediation steps for the stakeholders. Performing comprehensive review and threat adversary modeling for web applications. Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting Conduct and compile findings on new vulnerabilities, new tools for departmental use. Create project deliverables / reports and assist the client with remediations and discussions. Abide by the project timelines and maintain project discipline. Technical Skills Required: Hands-on Experience is performing Network Security Assessment and vulnerability Assessment. Good understanding of OSI layers and fundamental Operating system concepts, security settings for various flavors of Windows and Linux platforms. Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. Familiar working with Publicly available exploits codes. Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Armitage, Maltego, Burp Suite, Paros Proxy Nessus, nexpose, Wireshark, sqlmap etc. Sound knowledge about infrastructure vulnerability scans, identifying security vulnerabilities, weaknesses, threats, and assessing related risks that exists within an IT Infrastructure or business processes. Sound knowledge about Application vulnerability assessments and relevant knowledge of OWASP top 10 vulnerabilities and SANS. Good understanding of firewalls, Switches, and Routers configuration settings and policies, relevant experience in performing rule base reviews and configuration reviews for network devices

Job Title: VAPT Consultant Note: Looking only for candidates who can join within 45 days. Qualifications: • BE/B. Tech with specialization in cyber security, MCA, M. Tech / Masters in Information security, or Forensics Analysis Knowledge • 2-5 years hands on experience working in VAPT, working for cybersecurity industry. • Candidate must have cybersecurity related certifications such as CEH or eJPT or eWPT or CRTP or any other similar certification. • Candidates must have hands on experience in red teaming or source code review or cloud configuration review in addition to VAPT Role and Responsibility: • Conduct Network/ System Vulnerability Assessments, Penetration Testing using tools to evaluate attack vectors, identify system vulnerabilities, and provide appropriate remediation plans for mitigation of the identified vulnerabilities. • Conduct Application vulnerability assessments, Penetration Testing for web applications, identify and report vulnerabilities, provide recommendations, and track closure of identified vulnerabilities. • Perform Configuration compliance assessments for Endpoints / Assets /network devices and help maintain the security settings at compliant level with Specific Security Standards. • Perform regular monitoring of patch compliance of the assets in the network, Analyze Patch Advisories and provide remediation steps for the stakeholders. • Performing comprehensive review and threat adversary modeling for web applications. • Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting • Conduct and compile findings on new vulnerabilities, new tools for departmental use. • Create project deliverables / reports and assist the client with remediations and discussions. • Abide by the project timelines and maintain project discipline. Technical Skills Required: • Hands-on Experience is performing Network Security Assessment and vulnerability Assessment. • Good understanding of OSI layers and fundamental Operating system concepts, security settings for various flavors of Windows and Linux platforms. • Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. • Familiar working with Publicly available exploits codes. • Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Armitage, Maltego, Burp Suite, Paros Proxy Nessus, nexpose, Wireshark, sqlmap etc. • Sound knowledge about infrastructure vulnerability scans, identifying security vulnerabilities, weaknesses, threats, and assessing related risks that exists within an IT Infrastructure or business processes. • Sound knowledge about Application vulnerability assessments and relevant knowledge of OWASP top 10 vulnerabilities and SANS. • Good understanding of firewalls, Switches, and Routers configuration settings and policies, relevant experience in performing rule base reviews and configuration reviews for network devices