85 Oscp Jobs

As a Security Consultant, you play a pivotal role as a key advisor for IBM's clients. Your primary responsibility is to analyze business requirements and leverage your expertise to design and implement optimal security solutions tailored to meet the unique needs of our clients. Your technical skills will be crucial in finding the delicate balance between enabling and securing our client's organization, utilizing cognitive solutions that have contributed to making IBM the fastest-growing enterprise security business globally. - Develop a deep technical understanding of IBM Public Cloud offerings and infrastructure - Plan and perform red team exercises against various cloud offerings - Plan and perform full stack security tests against various system(s) and application(s) independently as well as within a team - Engage in security monitoring and visibility improvement activities across the IBM Public Cloud organization - Thoroughly document techniques, tactics, and proof of concepts used during security testing and red team exercises - Communicate with various business and technology leaders to interpret identified vulnerabilities and assist in the development and planning for risk mitigation plans - Research and continuously improve skills in attacker tools, methods, and techniques - Lead by example for the greater red team in professionalism, communication, and technical expertise Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Demonstrates strong understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Demonstrates strong ability to communicate highly technical aspects to Executives and IT staffs, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) Possess one or more of the following credentialsOSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 3+ years of demonstrating experience in system or application administration role(s) Preferred technical and professional experience 5+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Ability to communicate highly technical aspects to Executives and IT staff, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Expertise in developing exploits and customized attack tooling and approaches Demonstratedsecurity research leading to bug bounty and CVE awards Deep understanding of serverless services, containerization and other cloud technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) CGood to have one of these certsCRTP, CEH, OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 5+ years of demonstrating experience in system or application administration role(s)

Project description Security is a global organization within Group Technology Infrastructure and Security Engineering. Our services focus on preventing and detecting cyber threats and securing our IT systems. We provide consolidated and reliable security services that implement secure design principles and create best-fit solutions. You will be working in the Cyber Technology service team, providing security products and services for the Cyber Hygiene space - specifically for Infrastructure Scanning and vulnerability assessment. We provide consolidated and reliable security hygiene controls to our clients using the latest technology. As a Cyber Security Engineer, you will play a vital role in creating Infrastructure Scanning and Security Remediation capabilities, determining required IT business solutions, and assisting in implementing them. We offer flexibility in the workplace and equal opportunities to all our team members. Responsibilities Sound cloud security knowledge, specialized in Azure. Hands on experience on cloud security tools like Wiz.io. Evaluate & assess vulnerabilities/ threats published on internet's cyber space and analysis the relevance to organization. Emergency vulnerability management process. Analysis Zero days, vulnerabilities exploited in the wild to safeguard organization IT landscape. Collaborate with technology, platform, and security teams to mitigate the emerging threats. Conduct assessment on security advisories and support vulnerability advisory process. Maintain & improve existing severity risk rating mechanism and provide sustainable ways for risk mitigation. Skills Must have Ideally up to eight years of hands-on experience with vulnerability scanning tools. Certifications like CEH, OSCP etc will be additional advantage. Good knowledge of CVE's, EPSS, vulnerabilities and exploits. Proven experience in vulnerability management and in depth understanding of vulnerability management lifecycle. Potentially, experience with other security processes e.g. vulnerability scanning or configuration management Prioritisation of complex technical tasks Good at communicating and documenting technical information (MS Teams, Confluence, Gitlab) Skills to collaborate & manage technology partners and other security counterparts. Technical communication and documentation skills Nice to have N/A Other Languages EnglishC1 Advanced Seniority Senior

Sound cloud security knowledge, specialized in Azure. Hands on experience on cloud security tools like Wiz.io. Evaluate & assess vulnerabilities/ threats published on internets cyber space and analysis the relevance to organization. Emergency vulnerability management process. Analysis Zero days, vulnerabilities exploited in the wild to safeguard organization IT landscape. Collaborate with technology, platform, and security teams to mitigate the emerging threats. Conduct assessment on security advisories and support vulnerability advisory process. Maintain & improve existing severity risk rating mechanism and provide sustainable ways for risk mitigation. Skills Must have Ideally up to eight years of hands-on experience with vulnerability scanning tools. Certifications like CEH, OSCP etc will be additional advantage. Good knowledge of CVEs, EPSS, vulnerabilities and exploits. Proven experience in vulnerability management and in depth understanding of vulnerability management lifecycle. Potentially, experience with other security processes e.g. vulnerability scanning or configuration management Prioritisation of complex technical tasks Good at communicating and documenting technical information (MS Teams, Confluence, Gitlab) Skills to collaborate & manage technology partners and other security counterparts. Technical communication and documentation skills Nice to have N/A Other Languages English: C1 Advanced Seniority Senior Refer a Friend Positive work environments and stellar reputations attract and retain top talent. Find out why Luxoft stands apart from the rest. Recommend a friend Related jobs View all vacancies Pune, India Req. VR-114914 Cybersecurity BCM Industry 06/06/2025 Req. VR-114914 Apply for Cyber Security Systems Engineer in Pune *

Here's an updated version of the job description, incorporating your specified details: Staff Product Security Engineer (Embedded & IoT) Work Flexibility: Hybrid Work Mode: Hybrid Location: Bengaluru Work Flexibility Definitions: Remote Role allows you to work the majority to 100% of time from an alternate workplace. These roles could have travel expectations, and you must work within the country of the job requisition location. Field-based – You can expect to regularly work a majority to 100% of time at customer facilities and has a set territory or expectation to travel within a set boundary. Almost all sales roles would likely be qualified as field-based. Onsite – Role is 100% located at a company facility. Some ad hoc flexibility may be available depending on role, level, and job requirements. Manufacturing roles and any role that requires physical presence at the office would qualify under this category. Hybrid – You can expect to regularly work in both an alternate workplace and a company facility. Roles that are partially remote or co-located would qualify as hybrid, and the expectation to be on site would be defined and agreed upon by your manager/supervisor. What you will do: Provide technical leadership and guidance to a team of Web, Embedded, and IoT Security engineers. Execute and oversee Penetration Testing and Vulnerability Assessment activities for Embedded Systems and IoT devices. Leverage DevSecOps to embed security testing ( SAST, DAST, Host Scanning, ATO Scanning, SBOM Generation ) into all phases of the Software Development Life Cycle (SDLC). Develop/review technical documentation (procedures/work instructions/guidance documents) for technical services. Develop and maintain comprehensive test plans, methodologies, and tools for security testing. Conduct in-depth analysis of security vulnerabilities and propose mitigation strategies. Collaborate with cross-functional teams to design and implement secure Embedded and IoT solutions. Lead the Software Bill of Materials (SBOM) Management program , ensuring accurate identification and documentation of software components and dependencies. Drive continuous improvement initiatives related to Embedded and IoT security, testing, and vulnerability management. What you need: Required Qualifications: Bachelor's or Master’s in Computer Science Engineering or a related field. 4 to 10 years of experience in product security, with a strong focus on embedded systems and IoT . Experience with threat modeling, risk assessment , and security architecture reviews for Embedded Systems and IoT solutions. Proficiency in C, C++, and Python programming languages. Familiarity with relevant security standards and frameworks such as OWASP, NIST Cybersecurity Framework , and ISO 27001 . Solid understanding of software development lifecycles and methodologies, particularly in the Embedded Systems and IoT context. Preferred Qualifications: Proficiency in using security testing tools such as Burp Suite, Wireshark, Nessus, and Metasploit , and experience applying DevSecOps principles. Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby, or Python. Understanding of Cloud-based environments like Azure and AWS . At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams. Additional Details: Travel Percentage: 10% Mode of Interview: Face-to-Face

As an Application Security Specialist,youll play a vital role in building secure systems from the ground up. Workingclosely with engineering, compliance, and DevOps teams, you will ensure ourapplications meet rigorous security and regulatory standards across globaljurisdictions. Your Impact on the Mission: Integrate security into the Software Development Lifecycle (SDLC) , embedding security controls at every phase. Conduct threat modeling , secure code reviews , and penetration testing for internal and third-party applications. Collaborate with development teams to address security issues across CI/CD pipelines (DevSecOps). Manage and mitigate application-level risks in line with security frameworks and regulatory requirements. Support compliance efforts for GDPR , NIS2 , PCI-DSS , and DORA by applying security controls and maintaining evidence. Drive secure practices in the software supply chain , improving defenses against attacks like those seen in SolarWinds. Business Impact Reduces application security vulnerabilities across internal and customer-facing systems. Helps ensure Noventiqs compliance with global cybersecurity regulations. Lowers production defects and remediation costs through early detection. Strengthens resilience ofcloud-native and third-party platforms. What Youll Bring to The Table About You: 5 years in Application Security, including secure development, testing, and DevSecOps. Solid understanding of OWASP Top 10 , SAST/DAST , threat modeling , and common attack vectors. Familiarity with CI/CD environments (e.g., GitLab, GitHub Actions, Azure DevOps). Hands-on experience with tools such as Burp Suite , OWASP ZAP , SonarQube , Checkmarx , or similar. Preferred Certifications Industry-recognized certifications are a plus, including: OSCP , GWAPT, CISSP, or CSSLP Bonus for Azure Security Engineer (AZ-500) or Certified DevSecOps Professional Frameworks Compliance Working knowledge of: OWASP , CIS Controls v8, ISO/IEC 27001 GDPR , NIS2 Directive, PCI-DSS, DORA Regulation

Role Overview We are seeking a highly capable and visionary Technical Manager Cybersecurity Solutions to lead the planning, execution, and delivery of advanced security programs across our enterprise. This role demands deep technical expertise, strategic thinking, and the ability to lead cross-functional teams to secure complex IT environments. Key Responsibilities Drive the design, implementation, and lifecycle management of advanced cybersecurity tools and platforms. Lead end-to-end delivery for key technologies including: Data Discovery & Classification File Upload Security Attack Surface Management (ASM) Breach and Attack Simulation (BAS) and Red Teaming Decoy/Honeypot Solutions Secure Data Backup & Ransomware Protection Oversee the deployment and optimization of Phishing Simulation, MDM, AD Security, and NAC. Provide technical leadership and mentorship to security engineering and L3 teams. Collaborate with GRC, IT Ops, and Risk teams to align security initiatives with compliance standards. Evaluate vendor solutions and manage third-party security integrations. Represent the security function in internal and external audits, assessments, and executive briefings. Required Skills & Experience 8+ years of experience in cybersecurity, including leadership of technical teams. Proven expertise in deploying and managing enterprise-grade security solutions (as listed above). Strong understanding of regulatory frameworks (ISO 27001, NIST, GDPR, etc.). Experience in red teaming, threat simulation, or adversary emulation is a strong plus. Exceptional communication, project management, and stakeholder engagement skills. Bachelors or Master's degree in Computer Science, Information Security, or related field. Relevant certifications (e.g., CISSP, CISM, OSCP) preferred.

Company Overview: Outsourced is a leading ISO certified India & Philippines offshore outsourcing company that provides dedicated remote staff to some of the world's leading international companies. Outsourced is recognized as one of the Best Places to Work and has achieved Great Place to Work Certification. We are committed to providing a positive and supportive work environment where all staff can thrive. As an Outsourced staff member, you will enjoy a fun and friendly working environment, competitive salaries, opportunities for growth and development, work-life balance, and the chance to share your passion with a team of over 1000 talented professionals. About the Role: Conduct web app, external, and internal penetration tests for global clients. Deliver high-quality reports and communicate findings to stakeholders. Work autonomously in a client-facing role with minimal supervision. Work Setup Location: Onsite - Bangalore Core hours: ~10 AM7 PM IST (but we're flexible) Key Responsibilities: Conduct full-scope penetration tests : Web apps (modern JS frameworks, APIs, microservices) External/internal networks (pivoting, privilege escalation) Cloud environments (AWS/Azure/GCP misconfigurations) Develop custom exploits for unique vulnerabilities (not just CVEs) Reverse engineer black-box systems when documentation is limited Client & Reporting: Translate technical findings into executive-level risk briefings Deliver actionable reports (we hate template spam) Guide clients through remediation validation Team Contribution: Mentor junior team members (optional but encouraged) Contribute to internal tool development (if interested) Participate in quarterly research sprints (choose your focus area) Requirements: OSCP-certified (must have current certification) 3-5 years of hands-on pen testing experience (not just vulnerability scanning) Can walk us through your methodology for: Web app testing (Burp Suite, custom exploits) Internal network pivoting Cloud environment testing (AWS/Azure/GCP) Communication chops – you'll be explaining XSS to CTOs Nice-to-Haves (Tell Us If You Have These): OSCE/OSEP/CREST certifications Cloud security certs (AWS/Azure/GCP) Published CVEs/blog posts/research Experience with red team operations What we Offer Health Insurance: We provide medical coverage up to 20 lakh per annum, which covers you, your spouse, and a set of parents. This is available after one month of successful engagement. Professional Development: You'll have access to a monthly upskill allowance of 5000 for continued education and certifications to support your career growth. Leave Policy: Vacation Leave (VL): 10 days per year, available after probation. You can carry over or encash up to 5 unused days. Casual Leave (CL): 8 days per year for personal needs or emergencies, available from day one. Sick Leave: 12 days per year, available after probation. Flexible Work Hours Outsourced Benefits such as Paternity Leave, Maternity Leave, etc.

OSCP Certification is needed. Need to have solid hands-on experience with at least 3 of these , and a basic understanding of the rest -- Mac and/or Windows Thick Client Web Application & API & AI Mobile (Android and/or iOS) & IoT Infrastructure/Systems Network/Firewalls/Switches Competencies - 5+ years of penetration testing or related security experience. Network penetration testing and manipulation of network infrastructure. Web, mobile, and/or desktop application assessments. Social engineering assessments (email, phone, or physical). Automation or scripting using Perl, Python, Ruby, or similar languages. Exploit development or modifying shellcode and existing exploit tools. Application development in C#, ASP.NET, Objective C, or Java (J2EE). Reverse engineering malware, data obfuscation, or cryptographic systems. Regulatory penetration testing, particularly focusing on FTC and PCI compliance standards. Source code review for control flow and security vulnerabilities. Strong knowledge of operating systems and network protocols. Proficiency with tools such as Burp Suite, Checkmarx, Snyk, Wireshark, Fiddler, and Wiz. Ethical approach to security and business operations. Fluency in written and spoken English (B2 level or higher). Familiarity with Kali Linux and security frameworks like MITRE ATT&CK. Desire to continuously learn new techniques and attack vectors. Preferred Skills: Experience with wireless, web application, and network security testing tools. Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels. Basic understanding of AI and machine learning security, including adversarial attacks, model poisoning and secure deployment of AI systems. Working knowledge of Unix/Linux/Mac/Windows operating systems, including scripting in Bash and Powershell. Experience with security controls in AWS, GCP, and Azure cloud environments. Understanding of security principles like defense-in-depth and security architectures. Experience in guiding and mentoring junior team members, with a focus on developing technical skills and expertise. Industry certifications like OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CEH or equivalent are highly desirable.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You ll find an environment that inspires and empowers you to thrive both personally and professionally. There s no one like you and that s why there s nowhere like RSM. Bachelor or Master degree in computer science with a minimum of 8 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Two or more years of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Experience with discovering, utilizing, and possibly writing exploits for such vulnerabilities as buffer and stack overflows Familiar with the logistics of security testing such as acquiring authorization for testing, reporting, risk analysis of findings, data handling, and legal considerations Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals (CISSP ); Certified Information Systems Auditor (CISA ); Certified Information Security Manager (CISM ) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Perform analysis and testing to verify the strengths and weaknesses of client IT environments utilizing commercial and open source security testing tools Perform Internet penetration testing (blackbox/ greybox / whitebox testing) and network architecture reviews (manual/ automated) Perform other security testing tasks such as wireless penetration testing, social engineering campaigns (email, web, phone, physical, etc.), mobile application testing, embedded device testing, and similar activities meant to identify critical weaknesses within client environments Assist with the development of remediation recommendations for identified findings Identify and clearly articulate (written and verbal) findings to senior management and clients Help identify improvement opportunities for assigned clients Supervise and provide engagement management for other staff working on assigned engagements Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, and senior management in the U.S. on a daily basis Key Skills to Accelerate Career Maintains a high degree of quality and client relationship on multiple clients at the same time Positively engages, motivates and influences team members Identifies client needs/requirements and initiates discussion to expand services through a solid understanding of the firm s service capabilities and offerings Subscribes to and actively read industry publications and share relevant information with clients as considered applicable

At CGM, the leading provider of software solutions in the healthcare sector, we are looking for a skilled Ethical Hacker (m/f/d) to join our growing cybersecurity team. We believe in innovation, teamwork, and the power of technology to drive change. With our vision that "No one should suffer or die because at some point medical information was missing", we aim to create a culture that contributes positively to the future of our healthcare system. You are a proactive problem-solver with a passion for cybersecurity and the desire to make a real difference! Join us on this exciting journey! Your contribution: Conduct penetration testing on applications, networks, and systems to identify vulnerabilities and provide actionable recommendations for improvement. Simulate real-world attacks and collaborate with IT and security teams to develop effective remediation strategies. Prepare detailed reports of findings, including risk assessments, and conduct security awareness training for staff to promote a culture of cybersecurity. Stay updated on the latest security threats and participate in incident response activities and forensic analysis in the event of a security breach. Maintain compliance with security policies, legal regulations, and industry best practices to ensure a robust cybersecurity framework.\ What you bring: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, along with proven experience as an ethical hacker (m/f/d) or penetration tester (m/f/d) (HackerOne or Integrity Score preferred) Relevant certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information System Security Professional (CISSP) Proficiency in security testing tools (e.g. Metasploit, Wireshark, Burp Suite, Nmap) and strong knowledge of networking protocols, operating systems, and web applications. Experience with thick client penetration testing, along with programming or scripting skills (e.g. Python, Java, Bash) as an advantage Willingness to train and obtain certification in cloud penetration testing, combined with excellent analytical, problem-solving, and communication skills (German and English) to convey technical information to non-technical audiences What you can expect: Mobile Work: Work flexibly two days a week remotely and three days on-site. Attractive locations: Our offices feature fully equipped workspaces completed by regular events, including summer gatherings and Christmas parties. Health: We value health highly. Our in-house cafeteria offers a selection of delicious and healthy meals every day. Personal Development: Our in-house academy and portfolio of external partners support your professional growth. Diversity is part of CGM! We welcome your application regardless of disability, gender, nationality, ethnic and social origin, religion, age or sexual orientation and identity. Convinced? Apply now with your comprehensive documents (including your certificates, salary expectations, and earliest possible start date).

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Skills: Vulnerability Assessment,Penetration Testing,Manual Penetration Testing using OWASP checklists,Static/dynamic testing of mobile applications,OWASP Top 10 Roles and Responsibility: Roles and responsibility: Perform Web Application Security Assessment, API Security Assessment, Mobile Application Security Assessment & Thick Client Security Assessment. Report Preparation etc. Thanks and Regards, Ankita Ghosh

As part of our offensive security team, youll work with cutting-edge tools, innovative techniques, and an experienced team to challenge the status quo and strengthen the digital landscape. Key Responsibilities - Execute full-scope Red Team engagements, including phishing, social engineering, and network penetration. Simulate advanced hacking techniques and replicate adversary tactics to uncover security weaknesses. Work closely with Blue Teams in Purple Team exercises to enhance detection and response capabilities. Develop, extend, or modify exploits, shellcode, or tools to simulate sophisticated attacks. Perform reverse engineering of malware (advantageous but not mandatory). Write clear and actionable reports outlining vulnerabilities, exploitation techniques, and remediation strategies. Stay updated on the latest cyber threats, attack methods, and emerging technologies. Required Skills & Experience - Deep understanding and extensive experience in penetration testing methodologies and tools. Strong technical knowledge of various technologies and the ability to quickly learn and adapt to new ones. A passion for learning new technologies and breaking them apart is essential. Expertise in Active Directory attacks and defenses. Proficiency with tools such as Metasploit, Cobalt Strike, BloodHound, and similar offensive security frameworks. Knowledge of hacking methods and frameworks like MITRE ATT&CK. Strong scripting skills (Python, PowerShell, Bash) and experience in manual exploitation techniques. Certifications such as OSCP, OSEP, CRTO, or equivalent are highly valued. What We Offer Competitive salary and benefits package. Exciting projects that challenge your skills and creativity. A collaborative environment where you’ll learn and grow alongside top talent. Access to cutting-edge tools and resources to stay ahead in the cybersecurity field. Opportunities to shape the future of offensive security and contribute to meaningful projects. Location Onsite/Workfrom Office. In special case Remote Why Join SecureLayer7? At SecureLayer7, you’re not just an employee—you’re part of a team that thrives on solving tough challenges, exploring the unknown, and making an impact. If you’re excited about breaking systems to make them stronger and securing the future of technology, we’d love to have you onboard.

Following are the details: ANZEN Technologies Private Limited stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. Job Summary: We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies. Key Responsibilities: Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews. Perform manual security assessments for web applications, APIs, and client-server applications. Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration. Develop and execute custom attack payloads using tools and scripts. Assess physical security controls and implement social engineering assessments when required. Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell. Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit. Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements. Execute full-scope Red Team engagements, including phishing, social engineering, and network penetration. Simulate advanced hacking techniques and replicate adversary tactics to uncover security weaknesses. Develop, extend, or modify exploits, shellcode, or tools to simulate sophisticated attacks. Perform reverse engineering of malware (advantageous but not mandatory). Write clear and actionable reports outlining vulnerabilities, exploitation techniques, and remediation strategies. Stay updated on the latest cyber threats, attack methods, and emerging technologies. Qualification: BE/B. Tech/ MCA/ M. Sc. (IT/Computers) Skills : Excellent communication and collaboration skills. Red Teaming, VAPT, Application Security (Web/Mobile/API), Red Teaming and Application Security domains. Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM. Experience with vulnerability scanning tools such as Burp Suite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc. Basic ability to write automation scripts (Bash or Python). Understanding of threat modelling and secure coding practices. Strong understanding of TTPs, threat modelling, and secure coding practices. Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques. Preferred Certificates : OSCP, CRTP, eWPTX, Security+, CREST, CRTO Job Location : Mumbai/Navi Mumbai Job Mode : Work from Office Need an immediate Joiner who may join by 15th June, 2025

Designation: Cybersecurity Trainer Job Purpose & Role: To design, develop, and deliver advanced training programs in secure coding, reverse engineering, and malware analysis . Technical knowledge and hands-on experience in secure coding, system-level programming, and threat analysis is highly preferred. A. Knowledge Proven experience as a trainer or instructor in cybersecurity. Expertise in Assembly language, C/C++, and secure system programming. Proficiency in reverse engineering tools such as IDA Pro, Ghidra, and Process Explorer. Solid understanding of PE file formats, static and dynamic code analysis techniques. Experience with Python scripting for automation and cybersecurity use cases. B. Functional Skills Develop and deliver training modules in: Computer Architecture and Assembly Language Secure Coding Practices Reverse Engineering and Malware Analysis Advanced C++ Development Python for Security Automation (optional/elective) Conduct assessment and certification exams to evaluate participant learning outcomes. C. Attributes Dynamic, energetic, team player, thrives among strong colleagues. Ability to work in fast paced evolving environment . Be willing and able to exercise judgment and take risks. Accept criticism and constructive feedback , while being extremely adaptable and flexible. Reflection of an impeccable persona in walk-talk while dealing with academia High spiritual quotient (Social quotient -SQ, Intelligence quotient - IQ, Emotional Quotient - EQ) D. Qualification & Years of Experience Certifications such as GREM, OSCE, OSCP, or CEI (Certified EC-Council Instructor). ME/M.Tech and BE/B.Tech in Computer Science /Information Technology Cybersecurity or related field reputed university & Institute of eminence. PhD Degree in the relevant field of subject is desirable. Industry and Global Experience is desirable. E. Salary as per norms F. Location: Greater Noida, Delhi/NCR G. Apply for the position by sending your CV at careers@glbitm.ac.in H. Visit our website’s career page at www.glbitm.ac.in

Key Responsibilities: Conduct threat modeling, code reviews, and security assessments of applications and products. Perform vulnerability analysis and collaborate with development teams to remediate issues. Integrate security tools (SAST, DAST, SCA) into CI/CD pipelines. Develop and enforce security policies, guidelines, and standards. Conduct risk assessments for new features, technologies, and vendors. Stay updated on emerging threats, vulnerabilities, and industry best practices. Support incident response efforts and post-mortem analysis when required. Required Skills & Qualifications: 48 years of experience in cybersecurity or product/application security. Strong understanding of OWASP Top 10, secure coding principles, and SDLC. Hands-on experience with static and dynamic analysis tools (e.g., Checkmarx, Veracode, Burp Suite). Familiarity with cloud platforms (AWS, Azure, or GCP) and securing cloud-native applications. Experience with scripting (Python, Bash, etc.) for automation and tooling. Good understanding of authentication/authorization protocols (OAuth, SAML, etc.). Bachelor’s degree in Computer Science, Information Security, or related field. Nice-to-Have (Preferred): Certifications like CEH, OSCP, CISSP, or AWS Security Specialty. Experience with containers and Kubernetes security. Knowledge of threat modeling frameworks (e.g., STRIDE, MITRE ATT&CK). Exposure to DevSecOps practices.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Red Teaming Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will oversee the strategic planning and execution of red team operations to emulate real-world threats and uncover security weaknesses across the organization. Your typical day will involve planning, scoping and conducting red team operations, including social engineering, network exploitation, and post-exploitation activities along with leading a team of offensive security experts, and aligning red team efforts with business risk priorities. You will work closely with incident response, and threat intelligence teams to identify detection gaps and provide actionable insights, ensuring the organization remains prepared against evolving threats, while fostering a culture of continuous learning and adversary-aware defense. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Plan, scope, and execute red team exercises simulating real-world attack scenarios.- Perform threat modeling and adversary emulation exercises based on MITRE ATT&CK framework.- Conduct internal and external penetration tests, including physical security and social engineering engagements.- Design and deliver phishing campaigns and other social engineering attacks to test human security posture.- Establish and manage command-and-control (C2) infrastructures using tools like Cobalt Strike.- Perform post-exploitation tasks including lateral movement, Active Directory (AD) exploitation, privilege escalation, and data exfiltration.- Identify gaps in detection and response capabilities and provide detailed reports and remediation recommendations.- Collaborate with Blue Team and Incident Response to enhance organizational defense.- Continuously research emerging threats, TTPs, and contribute to the development of new testing methodologies.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills.- Monitor and evaluate the effectiveness of security measures and recommend improvements. Professional & Technical Skills: - Deep understanding of red team tactics, techniques, and procedures (TTPs) align with MITRE ATT&CK framework.- Proven experience in conducting end-to-end red team engagements across different environments (on-prem, cloud, hybrid).- Proficient with red team tools such as Cobalt Strike, Mythic, Metasploit, Bloodhound, Sharp hound, PowerShell Empire, Impacket- Expertise in EDR/AV evasion techniques, custom payload development, and OPSEC-aware operations.- Skilled in Active Directory attacks, Kerberoasting, Pass-the-Hash/Ticket, and Golden/Silver ticket attacks.- Proficient in hardware-based and physical attack techniques including Rubber Ducky payload deployment, planting rogue devices such as LAN Turtle, Raspberry Pi, NAC bypass. Executing Wi-Fi attacks like Evil Twin attacks, and RFID cloning for physical access simulation and red team engagements.- Strong knowledge of data exfiltration methods and covert communication channels.- Experience with phishing toolkits and infrastructure for social engineering campaigns.- Familiarity with scripting and automation using PowerShell, Python, or Bash.- Comfortable working under strict ethical and legal boundaries, with a strong focus on operational safety. Additional Information:- The candidate should have minimum 7.5 years of experience in Red Teaming.- Certifications- OSCP, OSEP, CRTP, CRTE, CRTO.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Red Teaming Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will oversee the strategic planning and execution of red team operations to emulate real-world threats and uncover security weaknesses across the organization. Your typical day will involve planning, scoping and conducting red team operations, including social engineering, network exploitation, and post-exploitation activities along with leading a team of offensive security experts, and aligning red team efforts with business risk priorities. You will work closely with incident response, and threat intelligence teams to identify detection gaps and provide actionable insights, ensuring the organization remains prepared against evolving threats, while fostering a culture of continuous learning and adversary-aware defense. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Plan, scope, and execute red team exercises simulating real-world attack scenarios.- Perform threat modeling and adversary emulation exercises based on MITRE ATT&CK framework.- Conduct internal and external penetration tests, including physical security and social engineering engagements.- Design and deliver phishing campaigns and other social engineering attacks to test human security posture.- Establish and manage command-and-control (C2) infrastructures using tools like Cobalt Strike.- Perform post-exploitation tasks including lateral movement, Active Directory (AD) exploitation, privilege escalation, and data exfiltration.- Identify gaps in detection and response capabilities and provide detailed reports and remediation recommendations.- Collaborate with Blue Team and Incident Response to enhance organizational defense.- Continuously research emerging threats, TTPs, and contribute to the development of new testing methodologies.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills.- Monitor and evaluate the effectiveness of security measures and recommend improvements. Professional & Technical Skills: - Deep understanding of red team tactics, techniques, and procedures (TTPs) align with MITRE ATT&CK framework.- Proven experience in conducting end-to-end red team engagements across different environments (on-prem, cloud, hybrid).- Proficient with red team tools such as Cobalt Strike, Mythic, Metasploit, Bloodhound, Sharp hound, PowerShell Empire, Impacket- Expertise in EDR/AV evasion techniques, custom payload development, and OPSEC-aware operations.- Skilled in Active Directory attacks, Kerberoasting, Pass-the-Hash/Ticket, and Golden/Silver ticket attacks.- Proficient in hardware-based and physical attack techniques including Rubber Ducky payload deployment, planting rogue devices such as LAN Turtle, Raspberry Pi, NAC bypass. Executing Wi-Fi attacks like Evil Twin attacks, and RFID cloning for physical access simulation and red team engagements.- Strong knowledge of data exfiltration methods and covert communication channels.- Experience with phishing toolkits and infrastructure for social engineering campaigns.- Familiarity with scripting and automation using PowerShell, Python, or Bash.- Comfortable working under strict ethical and legal boundaries, with a strong focus on operational safety. Additional Information:- The candidate should have minimum 7.5 years of experience in Red Teaming.- Certifications- OSCP, OSEP, CRTP, CRTE, CRTO.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

-Develop a deep technical understanding of IBM Public Cloud offerings and infrastructure -Plan and perform red team exercises against various cloud offerings -Plan and perform full stack security tests against various system(s) and application(s) independently as well as within a team -Engage in security monitoring and visibility improvement activities across the IBM Public Cloud organization -Thoroughly document techniques, tactics, and proof of concepts used during security testing and red team exercises -Communicate with various business and technology leaders to interpret identified vulnerabilities and assist in the development and planning for risk mitigation plans -Research and continuously improve skills in attacker tools, methods, and techniques -Lead by example for the greater red team in professionalism, communication, and technical expertise Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Demonstrates strong understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Demonstrates strong ability to communicate highly technical aspects to Executives and IT staffs, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) Possess one or more of the following credentialsOSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 3+ years of demonstrating experience in system or application administration role(s) Preferred technical and professional experience 5+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Ability to communicate highly technical aspects to Executives and IT staff, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Expertise in developing exploits and customized attack tooling and approaches Demonstratedsecurity research leading to bug bounty and CVE awards Deep understanding of serverless services, containerization and other cloud technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) CGood to have one of these certsCRTP, CEH, OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 5+ years of demonstrating experience in system or application administration role(s)

Tata Elxsi is a global design and technology services leader for Automotive, Media, Communications and Healthcare. The Company helps customers reimagine their products and services through design thinking and application of digital technologies such as IoT (Internet of Things), Cloud, Mobility, Virtual Reality, and Artificial Intelligence. Roles and Responsibilities: Overseeing the 24x7x365 Security Operation Centers processes, technology and people who monitor security tools, assess threats, and risks involving client infrastructure and orchestration Lead and manage the Security Operations Center (SOC) team, providing direction, guidance, and support to ensure the team's effectiveness and productivity with In-depth knowledge of security operations, incident response methodologies, and security technologies (SIEM, IDS/IPS, EDR, etc.). Responsible for ensuring that all Managed Service deliverables are produced on time and within strict SLA time frames, while maintaining an innovative growth culture within SOC team. Expected to act as the escalation point for the SOC technical team Managing priorities, providing recommendations and implementing changes to methods/processes. Handle client meetings, point of contact for client requirements, onboard new clients. Manage relationships with our customers in-house operations teams and lead operational interactions/cadence with client management. Provide direction and vision to improve SOCs effectiveness, including motivating people to perform, listening to the team, providing feedback, recognizing strengths, identifying automation opportunities, reducing alert fatigue and providing adequate challenges to staff to maintain innovative growth culture. Oversee the management of our existing Managed Security Operations managed SIEM and EDR solutions, ensuring their optimal performance and effectiveness in detecting and responding to security incidents. Collaborate with the SOC analysts and engineering team to define and implement SIEM rules, alerts, and correlation logic to improve the accuracy and efficiency of threat detection. Develop and implement SOC strategies, policies, and procedures to enhance the organization's security posture and incident response capabilities. Oversee the monitoring and analysis of security events and incidents, ensuring timely detection, investigation, and response to potential threats or vulnerabilities. Taking a proactive role in utilizing Threat Intelligence and Threat Hunting activities, ensuring the SOC is ahead of potential security threats. Establish and maintain relationships with external partners, vendors, and industry peers to stay updated on emerging threats, best practices, and industry trends. Conduct regular assessments and audits of SOC processes, systems, and controls to identify areas for improvement and ensure compliance with regulatory requirements. Develop and deliver comprehensive reports and metrics on SOC performance, including incident trends, response times, and effectiveness. Stay abreast of the evolving cybersecurity landscape, emerging threats, and industry standards, providing recommendations for proactive security measures and continuous improvement of the SOC. Proven expertise in MDR and Managed SIEM, with a strong preference for experience with Leading Market vendors. Strong networking concepts, including an in-depth understanding of TCP/IP protocols, firewall configuration, network segmentation, VPNs, etc. Strong understanding of Threat Intelligence, Threat Hunting, Vulnerability Management, and risk assessment frameworks. Knowledge and hands-on experience of implementation and management of IDS/IPS, Firewall, VPN, and other security products Experience with Opensource Security Information Event Management (SIEM) tools, creating advance co-relation rules, administration of SIEM, system hardening, and Vulnerability Assessment Strong background and expertise on various security technologies including end point security, perimeter security, Advanced threat protection, Security monitoring and security Certifications: CISSP,CISM, CEH, OSCP, or equivalent are highly desirable., ITIL or equivalent

Department: Information Technology Location: Ahmedabad, Gujarat Experience: 10+ Years Education: Bachelors/Masters degree in Computer Science, Cybersecurity, or a related field Certifications Preferred: OSCP, OSCE, OSEP, CRTP, CRTE, GPEN, GXPN, or equivalent Job Summary: We are seeking a highly experienced and skilled Red Team Specialist to join our cybersecurity team. The ideal candidate will lead advanced adversary simulations and penetration testing efforts to evaluate and strengthen the organization’s security posture. This role involves simulating real-world attack scenarios, identifying vulnerabilities, collaborating with Blue Teams, and recommending remediation strategies to enhance threat detection and response capabilities. Key Responsibilities: Adversary Simulation & Attack Execution Conduct full-scale Red Team assessments, emulating advanced persistent threat (APT) tactics, techniques, and procedures (TTPs). Simulate real-world attacks using frameworks and tools like MITRE ATT&CK, Cobalt Strike, Empire, Metasploit, and BloodHound. Exploit vulnerabilities across network infrastructure, cloud platforms, and web applications. Perform lateral movement, privilege escalation, and data exfiltration while evading detection mechanisms. Penetration Testing & Exploitation Perform internal and external penetration testing across enterprise systems. Identify and exploit misconfigurations and security gaps. Assess Active Directory security, including Kerberoasting, NTLM relay, and credential dumping. Develop custom payloads, exploits, and offensive methodologies. Evasion & Anti-Detection Techniques Employ techniques to bypass endpoint detection systems (EDR/XDR), SIEM tools, and behavioral analytics. Test the resilience of Blue Team monitoring capabilities. Implement obfuscation strategies and evasion tactics. Red Team & Blue Team Collaboration Participate in Purple Team exercises to enhance incident detection and response. Collaborate with SOC and threat intelligence teams to refine adversary emulation and response strategies. Contribute to improving incident response playbooks. Reporting & Documentation Document attack chains, vulnerabilities, and testing outcomes in detailed reports. Present technical findings and remediation recommendations to stakeholders. Create post-engagement reports, including MITRE ATT&CK mapping and kill chain analysis. Key Skills & Competencies: Proficient with offensive security tools: Cobalt Strike, Metasploit, Mimikatz, Empire, Covenant Deep understanding of frameworks: MITRE ATT&CK, Cyber Kill Chain, TIBER-EU Advanced expertise in Active Directory attacks , Kerberos exploitation , and lateral movement Strong scripting and automation skills: Python, PowerShell, Bash, C# Hands-on experience with cloud environments (Azure, AWS, GCP) and cloud exploitation Skilled in EDR/XDR evasion and SIEM bypass techniques Proven experience with Red Team / Blue Team collaboration and adversary emulation Analytical mindset with excellent problem-solving and documentation skills

Some of your daily responsibilities would be the following: Analyze current asset management workflows and identify areas for automation. Develop and implement automation scripts and tools using programming languages (e.g., Python, PowerShell). Integrate asset management systems with other enterprise applications. Design and develop automation scripts and tools for identity provisioning, de-provisioning, and access management. Integrate identity management systems with other network infrastructure and applications. Create and maintain documentation for automation processes and scripts. Implement security best practices in automation processes. Ensure compliance with regulatory requirements and internal policies Implement automated discovery and inventory processes. Collaborate with internal teams and external auditors on compliance matters. Leverage industry proven tools to identify and reduce Cyber Risks Assist in Crisis Management, Ransomware Recovery and Business Continuity planning. Identify, investigate and resolve global security breaches / incidents Develop and maintain network and infrastructure security reporting dashboards and scorecards used to measure our Cyber Practice. What were looking for... You are passionate about network security and automation as a career. You are self-driven and motivated, with good communication and analytical skills. Youre a sought-after team member that thrives in a dynamic work environment. You will be working with multiple partners from the business groups, so networking and managing effective working relationships should be your top most priority. You have an understanding of industry trends in all areas of Information Security. You'll need to have some of the skills listed below: Bachelors degree or four or more years of work experience. Four or more years of relevant work experience. Four or more years of experience in network / information security, risk and compliance management. Understanding of network fundamentals, switching, routing protocols, load balancers, web proxies, firewalls and software defined networking solutions. Experience in handling enterprise scale server infrastructure & management Knowledge of Cloud infrastructure and technologies Proficiency in scripting languages (e.g., Python, Bash, PowerShell). Experience with network management tools and protocols (e.g., SNMP, Netconf). Knowledge of database management systems (e.g., SQL, NoSQL). Familiarity with API integrations and web services (REST, SOAP). Excellent analytical and problem-solving skills. Ability to manage multiple tasks and priorities in a fast-paced environment Understanding of security fundamentals Confidentiality, Integrity, Availability, access control, Authentication, Authorization, Auditing secure design concepts like Experience working on IT ticketing systems like JIRA, Service Now and ability to partner and collaborate with other teams in the organization Experience with hosting security awareness campaigns, gamification and bug bounty programs will be an added advantage Strong analytical problem solving, communication and interpersonal skills Passion to stay abreast with emerging technologies, network security trends, tools and techniques. Even better if you have one or more of the following: Masters degree in Computer Science / Information Technology Engineering Industry relevant security certifications Security+, OSCP, CEH, CISSP, GIAC, etc Strong expertise in at least one operating system Window or Linux. Cloud relevant certifications CCSP, CCSK

Minimum 3 years’ experience working in a large-scale IT environment with focus on Cyber / Information Security. Areas of expertise should include Pre-Sales support, Service & Solution delivery, part of program management (Transition & Transformation) Required Candidate profile Knowledge in SIEM, SOAR, Threat Hunting, EDR, Deception, NTA, NBAD, UEBA. Handson experience on leading analytical platforms like Splunk, IBM QRadar, Hunters, Sumo Logic, Sentinel. Certification:CISSP

Highest Qualification: Any Full Time Graduate Note: Hands on experience in ISO 27001 Implementation is mandatory for this role Experienced in managing cyber security services like Cyber Risk Compliance consulting. Experience in setting up end to end Cyber Security frameworks, Compliance Standard implementation, including knowledge in testing (VAPT, Web mobiles appsec, secure code review) Should be adept at conducting gap analysis, risk assessments, Impact assessments, governance and strategy development, Have worked with organizations to develop and implement various industry security standards like, IS0 27001, ISO 20000, PCI DSS, SOC2, GDPR, Privacy standards etc... Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Specific Duties and Responsibilities Include: To manage cyber security projects across EMEA region for cyber security services like Cyber security testing cyber consulting Maintaining margins Business development like having presales discussions with various teams Assist in Business development of various security standards Must Have Skills: Excellent communication and presentation skills. Able to effectively interact with various clients/sales teams and manage clients Good to have Skills / Certification: ISO27001:2013 Lead Auditor CISSP, CISA, CISM, ISO22301, OSCP, CEH, SANS, Cloud certifications, Privacy certifications like CIPP/E, CIPM Qualification: BE/ BTech, MCA, MBA with specialization in Information Security

We are looking for a skilled Cyber Testing Senior Associate 1 to join our team in Bengaluru. The ideal candidate will have between 5 and 10 years of experience in cyber testing, with expertise in manual and automated testing. Roles and Responsibility Perform security assessments, including static and dynamic application security testing. Conduct manual penetration testing on web applications, network devices, and other systems. Collaborate with clients in a fast-paced environment across various technology stacks and services. Develop, enhance, and interpret security standards and guidance. Demonstrate and promote security best practices, including secure development and cloud security. Assist with the development of remediation recommendations for identified findings. Identify and clearly articulate (written and verbal) findings to senior management and clients. Help identify improvement opportunities for assigned clients. Stay up-to-date with the latest security trends, technologies, and best practices. Work effectively within a team, fostering collaboration and open communication to deliver successful outcomes. Supervise and provide engagement management for other staff working on assigned engagements. Job Requirements Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent work experience. Expertise in web security, with extensive knowledge of vulnerabilities and the ability to identify and exploit them effectively. Minimum 5 years of experience in code review, application security testing, or web application development. Excellent written and verbal communication skills. Strong scripting skills, such as Python, Ruby, or Perl. Experience with cloud platforms, such as AWS, and knowledge of cloud security best practices. Familiarity with development technologies like Docker, CDK, Terraform, Java, Python, React, GraphQL, Javascript, JSON, REST, etc. Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices. Technical background in application development, networking/system administration, security testing, or related fields. Experience with both static application security testing (SAST) and dynamic application security testing (DAST) using various tools and techniques. Preferred but not required: one or more relevant certifications such as Offensive Security Web Assessor (OSWA), Offensive Security Web Expert (OSWE), Offensive Security Certified Professional (OSCP), Burp Suite Certified Practitioner, or AWS Certified Security Specialist. Additional Info The standard work hours for this role are from 3:30 PM to 11:00 PM IST, aligned with client requirements and deliverables.

Greetings from Peoplefy Infosolutions !!! We are hiring for one of our reputed MNC client based in Pune . We are looking for candidates with 3 + years of experience in below skills - Primary skills : Ethical Hacking Penetration Testing Software development Cyber forensics or threat hunting Application security Secure coding Burp suite Interested candidates for above position kindly share your CVs on chitralekha.so@peoplefy.com with below details - Experience : CTC : Expected CTC : Notice Period : Location :