85 Oscp Jobs - Page 2

Greetings from Peoplefy Infosolutions !!! We are hiring for one of our reputed MNC client based in Pune . We are looking for candidates with 3 + years of experience in below skills - Primary skills : Ethical Hacking Penetration Testing Software development Cyber forensics or threat hunting Application security Secure coding Burp suite Interested candidates for above position kindly share your CVs on vaishnavi.pi@peoplefy.com with below details - Experience : CTC : Expected CTC : Notice Period : Location :

Web and Network PT Consultant Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Plan and execute network penetration testing and Red teaming assessments to simulate real-world attack scenarios. Perform manual network and application penetration tests on internal network, Active Directory environment, web applications. Perform social engineering assessment to assess the security awareness and physical security controls of the organization. Ability to independently research for new vulnerabilities in systems and software and modify and customize tools, known exploits, POCs and scripts to meet operational requirement. Research and stay up-to-date with the latest attack techniques, tools, and emerging threats. Present technical reports to clients, explaining the outcomes of the testing and providing detailed insights and recommendations. Collaborate effectively with cross-functional teams, including developers, IT operations, and business stakeholders to integrate security best practices seamlessly into project workflows. Provide mentorship and guidance to junior security staff and foster a culture of proactive security awareness within the organization. This role is for you if you have the below We are seeking an experienced and highly skilled Consultant with over 5+ years of working experience in the field of cybersecurity, including network penetration testing, vulnerability assessment, Active directory testing, phishing assessment and web application penetration testing. The ideal candidate will possess a strong working knowledge of Network protocols, performing OSINT to identify publicly available information and testing and exploiting Microsoft services like Windows Servers, Active directory, Certificate Services. Mandatory technical & functional skills Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs,internal and external networks, and mobile applications 5+ years of professional experience in cybersecurity, with a focus on Network penetration testing and Red teaming. Strong understanding of Network protocols, web applications, cryptography various operating systems and security technologies. Strong understanding of exploitation of Microsoft platform used in enterprise environment such as windows Servers, Active Directory Certificate Service, Azure, etc. • Experience in one or more of the following a plus: Web application penetration testing, mobile application penetration testing application architecture and business logic analysis. Relevant certifications, such as GWAPT, OSCP, OSEP, CRTP, CRTO OSWA, are strongly preferred.

Location: Mumbai (Candidates should be born and brought up in Mumbai) Experience: 5-7 years Notice Period: Immediate to 30 days ________________________________________ We are seeking a Pen tester (Penetration Testing) to join our cybersecurity team. The ideal candidate will have proven experience in penetration testing, vulnerability assessment, and offensive security operations. Key Responsibilities: Conduct penetration testing on web applications, ERP, SAP systems, and infrastructure assets. Draft business risk-oriented reports and assist teams in mitigating identified vulnerabilities. Contribute to the creation and implementation of security tools to secure the Saint-Gobain environment. Participate in Red Team and Purple Team exercises. Define and implement quality and performance metrics for the cybersecurity roadmap. Qualifications: Educational Background: Bachelors degree in Computer Science or Information Security; relevant certifications (e.g., OSCP, CRTP, CompTIA Security+) are a plus. Technical Expertise: Hands-on experience in web application and API penetration testing tools. Knowledge Areas: o Strong understanding of OWASP Top 10 or SANS Top 25. o Familiarity with malware, TCP/UDP packets, IDS/IPS, web proxies, SIEM, DNS security, and firewalls. o Basic knowledge of ERP and SAP systems. o Mobile and thick client application penetration testing. Skills: Scripting experience (e.g., Python, Bash, Powershell, C#) for automation. Participation in CTF challenges (Hack the Box, Root Me, TryHackMe) is a plus.

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Notice Period: Immediate/0-15 Days Joiners Only Job Description: We are seeking a highly experienced VP to lead and enhance our cybersecurity audit and assurance programs. The ideal candidate will have extensive experience in conducting and managing penetration testing, red teaming, social engineering assessments, secure code reviews, and full-scale IT and cybersecurity assessments. This leadership role involves overseeing security audits, and strengthening our clients overall security posture. Key Responsibilities: Lead cybersecurity audits and assurance programs across IT systems, applications, and infrastructure for our clients. Oversee penetration testing, red teaming, and social engineering assessments, ensuring effective security testing strategies. Manage secure code reviews and application security assessments to identify and remediate vulnerabilities. Collaborate with SOC teams, vulnerability management teams, and security engineers to enhance threat detection and mitigation. Evaluate third-party security risks and conduct supplier security assessments. Provide executive-level reports on security assurance findings, risks, and mitigation strategies. Ensure compliance with global security standards and frameworks. Mentor and develop a team of cybersecurity auditors, penetration testers, and security analysts. Qualifications and Skills: 15-20 years of experience in cybersecurity audits, security assessments, and assurance programs. Deep expertise in penetration testing, red teaming, social engineering tactics, and secure coding. Strong knowledge of security frameworks such as OWASP, SANS, CIS, NIST 800-53, ISO 27001, SOC 2, and PCI DSS. Experience with security testing tools (Burp Suite, Metasploit, Kali Linux, etc.). Ability to engage with executive leadership and present security risks effectively. Certifications preferred: CISSP, CISA, OSCP, CEH, CRTP, or equivalent.

Job Title: Manager Application Security Company Name: Info Edge India Ltd Job Description: As the Manager Application Security, you will be responsible for leading the application security initiatives within Info Edge India Ltd. You will work closely with development teams to ensure that security is integrated into the software development lifecycle. The role involves assessing potential vulnerabilities in applications, implementing security best practices, and ensuring compliance with security standards. You will also be responsible for conducting security assessments, managing security incidents, and providing guidance on secure coding practices. Additionally, you will collaborate with cross-functional teams to promote a culture of security awareness throughout the organization. Key Responsibilities: - Lead application security assessments and conduct security reviews of applications. - Develop and implement application security policies, standards, and guidelines. - Collaborate with development teams to integrate security into the software development lifecycle. - Conduct threat modeling and vulnerability assessments to identify security risks. - Provide training and support to developers on secure coding practices. - Monitor security trends and stay updated on emerging threats and vulnerabilities. - Respond to security incidents and coordinate incident response efforts. - Prepare reports and presentations for management on application security metrics and status. Skills and Tools Required: - Strong understanding of application security principles and best practices. - Experience with application security testing tools, such as static and dynamic analysis tools. - Familiarity with secure coding practices and frameworks (e.g., OWASP Top Ten). - Knowledge of security standards and compliance frameworks (e.g., ISO 27001, NIST). - Proficiency in one or more programming languages (e.g., Java, Python, C#). - Experience in conducting threat modeling and risk assessment. - Strong analytical skills and attention to detail. - Excellent communication and interpersonal skills to work collaboratively with various teams. - Certifications in application security (e.g., Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP)) are a plus.

ANZEN Technologies Private Limited. stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. Position : Analyst - GRC Key Responsibilities: * Track and ensure adequate and timely resolution to all audit and risk assessment findings or issues relating to information security, and never miss a deadline. * Effectively and appropriately communicate audit engagement reports and recommendations to client management and resolve any client concerns or questions. * Ensure 100% certification success rate on ISMS projects. * Grow into a role with increasing responsibility. * Significant experience leading information security audits with a preference for IS0 27001 and SOC 2 audits or assessments. * Experience in leading or knowledge with implementations. * Experience authoring policies and procedures. * Significant experience working as a consultant working in a consulting firm * Significant knowledge of ISO 27001/2 and its derivatives (e.g., HITRUST, Shared Assessment) as much of our consulting and collaboration is around an ISO 27001 Information Security Management System. * Solid knowledge of the NIST 800-171/FISMA framework and is derivatives (e.g., Fed RAMP, CMS Information Security Program) as many of our clients serve government customers. * Enough Information Technology and Information Security experience to contextualize and make their recommendations relevant and valuable. * Experience and knowledge with Governance, Risk Management and Compliance. * Experience with the myriad of regulatory compliance frameworks our client base is subject to (e.g., HIPAA, PII, PCI-DSS, SOX, STARS, NERC-CIP). * Certifications that demonstrate to our clients our commitment to excellence in our craft (e.g., ISO 27001 Lead Implementer, CISA, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP). * Familiarity with related standards (e.g., SSAE-16 SOC1, SOC2, ISO-22301, ISO-9001). Qualifications & Certifications : Graduated from IT Stream Experience: Candidate with 1 to 2 Years of experience. Excellent communication and interpersonal skills. Technical proficency is must Ability to work in a fast-paced environment Preferred Skills & Location Experience in Cybersecurity, IT Industry from Navi Mumbai Office Address : ANZEN Technologies Private Limited Akshar Business Park, H - 3025, 3rd Floor, Plot No. 3, Sector-25, Vashi, Navi Mumbai 400703 https://anzentech.com Immediate Joiner may apply for this position

Hiring for Sr. Penetration Tester(OSCP/CRTP/CRTO/PNPT Certified--Mandatory) @ UV Cyber Solutions -- (Cyber Towers, Hyderabad Work from Office) It is important to note that this position does not accept applications without OSCP or CRTP or CRTO or PNPT Experience: 3 yrs to 10 Yrs Email : vijaya.thirukolluri@uvcyber.com Mode of Work: Work from Office Interview mode: Face to Face (First round will schedule Virtual round post that need to come F2F interview in Hyderabad, Without F2F interview don't consider them) Notice Period: Looking for who can join in 0 to 15 days Address: UV Cyber solutions, 3rd floor, Quadrant 3, Cyber towers, Hitech City Rd, HITEC City, Hyderabad, Telangana 500081 Certifications : Either of one is Mandatory PNPT CPTS eCPPT OSCP CRTO CRTP Job Description: We are seeking a motivated and detail-oriented individual to join our cybersecurity team as a Red Team Member. In this role, you will assist in conducting security assessments, penetration testing, and vulnerability analyses to identify and mitigate potential security threats. You will work under the guidance of experienced team members, gaining hands-on experience in ethical hacking. Key Skills Penetration Testing: Proficiency in advanced penetration testing methodologies and tools, capable of identifying and exploiting complex vulnerabilities. Red Team Operations: Experience in conducting full-scope Red Team engagements including elements of evasion, obfuscation, social engineering, and other stealth techniques. Up to simulating advanced persistent threats (APTs). Purple Team Operations: Ability to collaborate with Blue Team members to improve detection and response capabilities. Scripting and Programming: Strong proficiency in multiple scripting and programming languages. Networking: Deep understanding of network protocols, firewalls, and advanced network security principles. Operating Systems: Extensive knowledge of Windows, Linux, and macOS operating systems. Technical Writing: Ability to produce high-quality technical documentation and reports for technical and executive audiences. Key Responsibilities: Lead and execute simulated cyber-attacks to evaluate the effectiveness of security controls. Engage in Red Teaming, Purple Team exercises, and some advanced penetration testing, including diverse types (e.g., network, AD, web app, API, cloud, IoT, WIFI, hardware, physical, social engineering, reverse engineering). Develop and refine testing methodologies and tools in collaboration with the Red and Blue teams. Document findings, prepare detailed reports, and present results to stakeholders. Stay current with the latest security trends, threats, and technology developments. Participate in team meetings, training sessions, and continuous learning opportunities. Qualifications: Bachelors or Masters degree in Computer Science, IT, Cybersecurity, AI, or a related technical field (preferred but not required). Relevant certifications (one or more): OSCP, OSCE, PNPT, BSCP, etc., or practical hands-on certifications. Alternatively, be ranked at least as Pro Hacker on HackTheBox.

Security Architect Application Security – SSDLC Education BE/BCA/B-TECH/Bsc.IT or any IT Graduate from authorised university Experience/ Qualifications Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. At least 8 - 15 years of Cyber Security experience with large organization, Bank, or global IT or consulting firm. Strong background of Application Security, Secure Software Development Lifecycle (SSDLC). Experience in Threat Modelling, Application Security Architecture Review, Security Testing- SCA, SAST, DAST. Exposure of security tools integration in DevOps architecture. Exposure of Microservices security and API security. Exposure implementation of evaluation and implementation of Application Security & Testing tools. Troubleshooting and problem-solving ability including analytical thinking and strong attention to details. Good understanding of Application Security Standards like OWASP, SANS, NIST etc. Good understanding of Security by Design and Privacy by Design. Good understanding of compliance requirements for payment and nonpayment applications. Product & platform security assessment exposure is desirable. Understanding of Load Balancer, WAF, CDN, API Gateway, Secrets Management etc. is desired. Exposure of cloud application (SaaS) security solutions is desirable. Good understanding of encryption tools and technologies; SSL, Keys Management, HSM and PKI infrastructure and secrets management. Ability to take assess solution and recommend proactive steps to mitigate Network, OS and Application Layer Security attacks. Responsibilities Subject Matter Expert for Application and Product Security. Understanding business requirements, complexity and solution architecture and estimate scope and effort of SSDLC and Cyber Security. Driving SSDLC for projects from initial stage to development and implementation. Planning, resource allocation and tracking of SSDLC service delivery. Conducting Threat Modelling, Application Architecture Review, SCA, SAST, DAST & IAST Implementation of SCA, SAST, DAST & IAST tools for application security testing. Continual learning and enhancement of skills and processes for service delivery. Provide advice on Secure coding best practices. Conduct Application Security related trainings for team and developers. Managing small team of Application Security & SSDLC. Provide inputs for product and platform security. Assess application, product and platform security as per scope of the engagement. Prepare application risk summary & register and trace for closure. Prepare weekly/monthly service delivery reports and review with BU Lead and VH. Provide service delivery inputs to PMO & other relevant systems. Develop Microservices & API security architecture. Work on DevSecOps integration and automation with DevOps team. Face internal and external audits for the scope of service delivery. Participate in security risk assessments and audits. Build-up and transfer interdisciplinary knowledge. Provide SME advice on security tool capabilities and configuration adjustments when needed to contain security incidents or block future security attacks. Troubleshooting experience with Data security and application troubleshooting. Coordinating with business and understanding their requirements regarding enhancements. Review of effectiveness of controls and preparing Risk dashboards. Participate in continual improvement and benchmarking activities. Contribute to CoE initiatives and other activities delegated by Reporting Manager or Vertical Head. Collaborate with internal and external stakeholders for timely delivery of the assigned engagements/projects. Reviewing the status of the projects and taking corrective/preventive measures as approved. Certifications ISO 27001, CISSP, CISA, CSSLP, CEH, C|ASE, CSSD, GWEB, CMWPT, GPEN, API Security Architect Location Navi Mumbai Employment Type All positions are on fixed term contract on a full-time basis exclusively for ReBIT, initially for a period of five years, extendable by mutual consent

Job Description Role : Offensive Security Location: Mumbai/Hyderabad/Chennai Qualification & Experience M.Tech/B.E. /B.Tech/MCA/BCA/BSC More than 4 years of experience in conducting Red Team and offensive security. Certifications in different Security products, ITIL, CEH, OSCP, OSCE, OSWE, SANS/GIAC etc. would be an added advantage. Job Responsibilities: 3-4 years of experience in Pentest, Red Team, offensive security engagements. Deep understanding of network, web and API security vulnerabilities and mitigation. Good understanding on Active directories and ways of exploitation. In-Depth knowledge of Linux operating system. Ability to model threats and risks for large and complex systems. Good knowledge of IPS/IDS, Firewalls, WAF, Switch and Router. Advance knowledge on Authentication, security protocols, Cryptography etc. Ability to think critically and identify areas of technical and non-technical risk. Ability to write technical reports and communicate technical content to non-technical audiences. Relevant security certification i.e. OSCP, OSCE, OSWE, SANS/GIAC, Published CVEs is an added advantage. Good understanding and experience in offensive security tools and techniques i.e. Metasploit, Burpsuite, Armitage, MITRE ATT&CK Framework. Knowledge in one of the scripting language. Has basic knowledge to write exploits for known vulnerabilities. Interested candidates can share their resume & details at - ankita.parihar_pri@npci.org.in

Description We are seeking a dedicated and skilled Associate Analyst to join our Security Team. This role is ideal for someone passionate about cybersecurity, with a strong foundation in penetration testing and a good grasp of programming languages. The successful candidate will be part of a dynamic team responsible for identifying, assessing, and mitigating security vulnerabilities within our IT infrastructure. Responsibilities Conduct penetration tests and security assessments for network, web-based applications, and operating systems. Work with the cybersecurity team to simulate attacks on systems, networks, and applications to identify and exploit vulnerabilities. Develop custom scripts or tools in Python and C++ to automate testing and exploit vulnerabilities. Analyze and evaluate system vulnerabilities and potential security threats. Provide recommendations and solutions for improving our security posture. Document findings and prepare reports detailing the results and methodologies of tests. Collaborate with other team members to refine security strategies and update the security infrastructure as necessary. Stay updated with the latest security news, techniques, and tools related to penetration testing and ethical hacking. Eligibility Bachelors degree in Computer Science, Information Security, or a related field. 2-3 years of experience in cybersecurity, specifically in penetration testing and red team operations. Strong programming skills in Python and C++. Knowledge of other scripting languages is a plus. Profound understanding of Linux environments and their subsystems. Familiarity with network protocols, encryption techniques, and intrusion detection systems. Excellent problem-solving skills and ability to think like both an attacker and a defender. Strong communication skills and ability to document and explain technical details clearly. Desired Eligibility Certifications such as OSCP, CEH, or related are highly regarded. Experience with other operating systems like Windows or macOS is beneficial. A proactive approach and eagerness to learn new technologies and testing techniques. Benefits: Competitive salary and comprehensive health benefits. Opportunities for professional growth and advancement. Access to the latest tools and technologies. Supportive and collaborative work environment. Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph.

We are looking for someone with 10+ years of experience with Mobile app and Web development and Security engineering experience Role and Responsibilities: As the Senior Information Security for subsidiary , this role would report into the Group CISO. The primary focus of this role is to secure the mobile application and other software assets of subsidary. Work with existing engineering teams on securing the architecture of new features/capabilities and provide design guidance Working knowledge of mobile app security controls such as RASP (Runtime Application Self Protection). Provide Information security requirements as part of the sprint cycle. Develop technical solutions to help mitigate security vulnerabilities. Analyze vulnerabilities reported to exist on NBSL assets and Android/IOS Platform. Perform security code analysis and design reviews. Provide security and secure coding practices training to development team. Conduct research to identify new attack vectors against Android and IOS application. Security architecture review and design guidance. Qualifications: Bachelor's or master's degree in computer science, Information Security, or a related field. Skills: Strong mobile application security engineering background Must have general programming expertise and software or web development experience Proficient in Engineering custom-built Android and iOS apps Experience in authentication and encryption methods, including OAuth and Public Key Infrastructure (PKI) Ability to perform Threat modelling and risk assessment of mobile and web apps 5+ years of Web and Mobile Application Security testing Experience 2+ years of hand-on experience in DevSecOps workflows and CI/CD pipelines Deep familiarity with the OWASP Top 10 and other security concerns for web/mobile applications Good understanding of SAST, DAST, SCA Scanning practices. Scripting and Programming skills (E.g: Python, Perl, Bash, Ruby, PowerShell, react native, etc.) Hands on experience in security tools like, Burp suite, OWASP ZAP, MobSF, Frida, Checkmarx, SonarQube etc. Certifications (any two): CSSLP, eMAPT, CEH, OSWA, OSCP, CPTS, eWPTX, KCSA, GMOB, GWEB (Good to Have: OSWE, CWEE, CISSP, CKS)

As a Cybersecurity Defense professional at Kyndryl, you will encompass cybersecurity, incident response, security operations, vulnerability management, and the world of cyber threat hunting and security intelligence analysis all to protect the very heartbeat of organizations their infrastructure. In this role, you won't just monitor; you'll actively engage in the relentless hunt for cyber adversaries. In a world where every click and keystroke could be a potential gateway for attackers, your role will be nothing short of critical as you seek out advanced threats, attackers, and Indicators of Compromise (IOCs). Your expertise in endpoint detection and response (EDR) will be the shield that safeguards individual workstations, laptops, servers, and other devices from cybercrime. Your responsibilities go beyond vigilance. When it comes to network security, you'll utilize Network Detection and Response (NDR) to monitor the ever-flowing currents of network traffic. The incident management process will be used as you respond and manage to cybersecurity incidents. Cybersecurity Defense is all about information. You'll gather, analyze, and interpret data applying your own and external threat intelligence to uncover potential security threats and risks. These insights and your ability to analyze complex attack scenarios will be the foundation of our security strategy helping Kyndryl stay one step ahead of security breaches. In Cybersecurity Defense at Kyndryl, youre not just protecting the present youre shaping the future of digital security. Join us on this cybersecurity venture where your expertise and creativity will have a lasting impact in the world of digital defense. Who You Are Youre good at what you do and possess the required experience to prove it. However, equally as important you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused someone who prioritizes customer success in their work. And finally, youre open and borderless naturally inclusive in how you work with others. Required Skills and Experience 8+ years of experience in a technical role in the areas of Security Operations, Threat Intelligence, Cyber Incident Response, or Penetration Testing/Red Team. Advanced knowledge of operating system internals and security mechanisms. Experience analyzing attacker techniques that leverage email and cloud-service tactics. Skilled working with extremely large data sets, using tools and scripting languages such as: Excel, SQL, Python, Splunk, and PowerBI. Preferred Skills and Experience Knowledge of operating system internals, OS security mitigations & understanding of Security challenges in Windows, Linux, Mac, Android & iOS platforms Knowledge of kill-chain model, ATT&CK framework, and modern penetration testing techniques Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements Knowledge of major cloud and productivity platforms as well as identity systems and related security concerns Experienced with curation of Threat Intelligence Experienced with direct customer communication in a service delivery role Ability to use data to 'tell a story' Experience with reverse engineering, digital forensics (DFIR) or incident response, or machine learning models Experience with system administration in a large enterprise environment including Windows and Linux servers and workstations, network administration, cloud administration Experience with offensive security including tools such as Metasploit, exploit development, Open Source Intelligence Gathering (OSINT), and designing ways to breach enterprise networks Additional advanced technical degrees or cyber security certifications such as CISSP, OSCP, CEH, or GIAC certifications

AM Enterprise is hiring a remote Red Team Security Specialist to simulate cyberattacks, perform penetration tests, and collaborate with Blue Team members to enhance cybersecurity defenses. Requires expertise in penetration testing tools, scripting. Health insurance Annual bonus Office cab/shuttle

Hiring: Principal Cybersecurity Engineer Medical Devices | Pune, India Looking for an experienced Cybersecurity Engineer (P5 level) with 10-15 years in medical device cybersecurity . Ideal candidates will have expertise in: Secure architecture design & implementation Threat modeling, risk assessment & penetration testing Compliance with FDA, IEC 62304, ISO 14971, IEC 81001-5-1 Secure coding & vulnerability management Strong cross-functional collaboration Location: Pune (Gurgaon profiles can be considered) Core Cybersecurity Expertise: Secure Architecture & Design Experience in designing security controls for connected medical devices. Threat Modeling & Risk Assessment – Identifying vulnerabilities and mitigating risks in medical device environments. Penetration Testing & Vulnerability Management – Hands-on experience with security testing tools and techniques. Secure Coding Practices – Strong knowledge of software security and secure development methodologies. Regulatory Compliance & Standards – Familiarity with FDA, IEC 62304, ISO 14971, IEC 81001-5-1 , and other medical device cybersecurity regulations. Technical & Soft Skills: Cryptography, Authentication & Data Protection – Deep understanding of encryption, access controls, and data security. Network Security – Securing communication channels and mitigating network threats. Cross-functional Collaboration – Working with R&D, regulatory, quality assurance, and clinical teams. Mentoring & Leadership – Guiding junior engineers and shaping cybersecurity strategies. Preferred (But Not Mandatory): Certifications: CISSP, CISA, OSCP (highly desirable). Medical Device Experience: Strong plus for candidates with prior experience in medical device cybersecurity. Preferred: CISSP, CISA, OSCP certifications Ready to make an impact in medical device cybersecurity ? Apply now!

Job Description: Information Security Auditor Location- Andheri or any client Position: Senior Associate Information Security Employment Type: Full-time Company Overview: ANB is a fully integrated and one of the fastest-growing assurance and business advisory firms, with 450 plus employees and a presence in 6 countries. ANB leverages practical experience of many years in multi-disciplinary areas like business risk management, tax advisory, information risk management, assurance, consulting, compliance, regulatory risk, technology, GRC tools, and transaction services. Our clients include top 500 companies, touching every major industry. At ANB, we are a motley crew of inspired innovators, technologists, business designers and project managers, but we are also entrepreneurs who partner in creating new opportunities. Job Summary: We are seeking an experienced VAPT (Vulnerability Assessment and Penetration Testing) Specialist with 4-6 years of experience to join our cybersecurity team. The ideal candidate will have hands-on experience in identifying, assessing, and exploiting security vulnerabilities across networks, systems, and applications. The role requires a strong understanding of penetration testing methodologies, tools, and security best practices. Key Responsibilities: Conduct vulnerability assessments and penetration tests on web applications, networks, infrastructure, and mobile applications to identify security weaknesses. Perform detailed risk analysis and provide actionable remediation steps based on findings. Engage in manual and automated testing using industry-standard tools (e.g., Burp Suite, Nessus, Metasploit, Nmap, Kali Linux, etc.). Document and communicate the results of assessments clearly, including the severity of the vulnerabilities, recommended mitigations, and overall security posture. Stay up-to-date with the latest security threats, vulnerabilities, and tools, ensuring testing methodologies remain current. Conduct risk assessments and security audits to ensure compliance with industry standards (e.g., OWASP Top 10, NIST, CIS). Perform threat modeling to identify potential attack vectors in system architectures and designs. Perform advanced exploitation techniques (buffer overflows, reverse engineering, etc.). Cloud security and penetration testing methodologies for platforms like AWS, Azure, and GCP. Assist in preparing security reports for clients and senior management. Skills & Qualifications: Experience: 4-6 years of hands-on experience in penetration testing, vulnerability assessments, and security auditing. Technical Expertise: Strong knowledge of common web application vulnerabilities (e.g., SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), etc.). Proficiency with penetration testing tools like Burp Suite, OWASP ZAP, Nessus, Nmap, Metasploit, etc. Experience with vulnerability management systems and reporting tools. Familiarity with both manual and automated testing techniques. Strong knowledge of operating systems (Linux, Windows) and networking protocols. Certifications (Preferred): Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH) Any additional certifications in cybersecurity or penetration testing. How to Apply: Interested candidates are invited to submit their resume and cover letter to [Pallavi.kulkarni@anbglobal.com]. Please include "VAPT" in the subject line. Equal Opportunity Employer: ANB is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. For more information about our company and culture, visit https://anbglobal.com/

Notice Period: Immediate/0-15 Days Joiners Only Job Description: We are seeking a highly experienced VP to lead and enhance our cybersecurity audit and assurance programs. The ideal candidate will have extensive experience in conducting and managing penetration testing, red teaming, social engineering assessments, secure code reviews, and full-scale IT and cybersecurity assessments. This leadership role involves overseeing security audits, and strengthening our clients overall security posture. Key Responsibilities: Lead cybersecurity audits and assurance programs across IT systems, applications, and infrastructure for our clients. Oversee penetration testing, red teaming, and social engineering assessments, ensuring effective security testing strategies. Manage secure code reviews and application security assessments to identify and remediate vulnerabilities. Collaborate with SOC teams, vulnerability management teams, and security engineers to enhance threat detection and mitigation. Evaluate third-party security risks and conduct supplier security assessments. Provide executive-level reports on security assurance findings, risks, and mitigation strategies. Ensure compliance with global security standards and frameworks. Mentor and develop a team of cybersecurity auditors, penetration testers, and security analysts. Qualifications and Skills: 15-20 years of experience in cybersecurity audits, security assessments, and assurance programs. Deep expertise in penetration testing, red teaming, social engineering tactics, and secure coding. Strong knowledge of security frameworks such as OWASP, SANS, CIS, NIST 800-53, ISO 27001, SOC 2, and PCI DSS. Experience with security testing tools (Burp Suite, Metasploit, Kali Linux, etc.). Ability to engage with executive leadership and present security risks effectively. Certifications preferred: CISSP, CISA, OSCP, CEH, CRTP, or equivalent.

Job Summary We are looking for an Application Security Analyst with 2-3 years of experience in IT and security to strengthen our security team. The ideal candidate will focus on securing web and mobile applications (Android/iOS) by conducting penetration testing, vulnerability assessments, API security reviews, and ensuring compliance with security best practices . Key Responsibilities Application Security & Penetration Testing Conduct security assessments for web, mobile (Android/iOS), and APIs . Identify, exploit, and remediate OWASP Top 10 vulnerabilities. Perform manual and automated security testing to uncover security risks. Conduct secure code reviews to detect application security flaws. Mobile Security (Android & iOS) Perform static and dynamic analysis of Android/iOS applications. Identify security risks such as insecure data storage, API vulnerabilities, and jailbreak/root detection bypass . Utilize tools like MobSF, Frida, Burp Suite, Objection, Drozer, Jadx, and apktool . Validate applications against OWASP Mobile Top 10 security risks. API Security & Secure Development Perform API penetration testing using Burp Suite, Postman, OWASP ZAP . Identify critical vulnerabilities such as Broken Authentication, Excessive Data Exposure, and IDOR . Collaborate with developers to implement secure coding practices and remediation strategies . Vulnerability Management & Compliance Conduct vulnerability assessments using tools like Nessus, Acunetix, Nexpose, Rapid7, and Qualys . Ensure compliance with ISO 27001, SOC2, GDPR , and other regulatory frameworks. Work closely with development teams to remediate security vulnerabilities . Required Skills & Qualifications Bachelors degree in Computer Science, Information Security, or a related IT field . 2-3 years of experience in IT , with at least 1-2 years focused on Application Security & Penetration Testing . Strong understanding of OWASP Top 10 (Web & Mobile) vulnerabilities. Hands-on experience with security tools such as Burp Suite, MobSF, Frida, Objection, Drozer, Jadx, apktool . Proficiency in secure code review (Java, Swift, Kotlin, JavaScript). Expertise in API Security Testing and secure development best practices. Strong analytical, problem-solving, and communication skills . Preferred Qualifications Security certifications such as OSCP, CEH, eJPT, OSWE, GMOB (preferred). Experience with bug bounty programs or responsible disclosure initiatives. Compensation & Benefits Competitive salary based on experience. Career growth opportunities in Application Security & Ethical Hacking . Health & wellness benefits . Access to continuous learning, certifications, and security training programs . If your skills matches the above requirement, kindly share drop your updated resume at "pooja.valluru@engro.io". Looking for immediate to 30 Days Notice Period.

Job Description Department: Cyber Resilience Roles and Responsibilities: - Good Understanding of Information Security Concepts Should be well versed with OWASP top 10, SANS top 25, CVSS. Hands-on experience in Pentesting web, mobile APIs OSINT scans Red teaming attack methods AD Pentesting Strong communication skills, client handling, should be able to provide mitigations to clients. Navi Mumbai Requirement Vulnerability Assessment, Penetration Testing, API Testing Experience 3 + yrs. of industry experience Essential Skills/Certifications

Position: VAPT Engineer Reporting to: Platform Lead Infrastructure Security Employment Type : Employee - Full Time Work Location: Guwahati Key Focus area : Infrastructure Penetration Tester Employment Type : Employee - Full Time Work Location: Guwahati Key Responsibilities : Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility. Identifying and maintaining Key metrics and SLA on Infrastructure Security. Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems. Thorough experience in configurations reviews against CIS benchmarks and security standards. Ensure all Hardening and Patching activities are conducted and tracked as per defined policies. Create/Update hardening documents and build audit file for automated testing. Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people. Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations. Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings. Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments. Safeguarding information, infrastructures, applications, and business processes against cyber threats. Proactively create, share, and read reports as part of the penetration testing activities. Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation. Qualification and Work Experience Qualification : BE / BTech (Similar Education Background) Work experience : 7-15 Years 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems. Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required. Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans. Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc. The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng. Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications) Preferred: Script writing skills (Python/Ruby/bash/PowerShell). Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS. Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms. Expertise in performing grey box/Black box testing. Experience devising methods to automate testing activities and streamline testing processes. Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises. Competencies /Expertise Required (Functional & Behavioral) Systematic strong analytical thinking and problem-solving skills. Excellent in analytical thinking for translating data into informative visuals and reports. Adaptable to change. Quick Learner Open learn and work on new technologies and products If you're interested, please share below mention details for the same. Location Preferred location Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Regards, Ashwini Chakor

Location: Mumbai (Candidates should be born and brought up in Mumbai) Experience: 5-7 years Notice Period: Immediate to 30 days ________________________________________ We are seeking a Pen tester (Penetration Testing) to join our cybersecurity team. The ideal candidate will have proven experience in penetration testing, vulnerability assessment, and offensive security operations. Key Responsibilities: Conduct penetration testing on web applications, ERP, SAP systems, and infrastructure assets. Draft business risk-oriented reports and assist teams in mitigating identified vulnerabilities. Contribute to the creation and implementation of security tools to secure the Saint-Gobain environment. Participate in Red Team and Purple Team exercises. Define and implement quality and performance metrics for the cybersecurity roadmap. Qualifications: Educational Background: Bachelors degree in Computer Science or Information Security; relevant certifications (e.g., OSCP, CRTP, CompTIA Security+) are a plus. Technical Expertise: Hands-on experience in web application and API penetration testing tools. Knowledge Areas: o Strong understanding of OWASP Top 10 or SANS Top 25. o Familiarity with malware, TCP/UDP packets, IDS/IPS, web proxies, SIEM, DNS security, and firewalls. o Basic knowledge of ERP and SAP systems. o Mobile and thick client application penetration testing. Skills: Scripting experience (e.g., Python, Bash, Powershell, C#) for automation. Participation in CTF challenges (Hack the Box, Root Me, TryHackMe) is a plus.

Description Data Protection and Encryption Lead JOB DescriptionAs a Thales Cryptography Engineer, you will responsible for data encrypting and their keys management using Thales Vormetric or CipherTrust platform for one of the leading banking sector client. The candidate will be responsible for understanding clients application systems, storage and database requirement for data protection and encryption while ensuring the highest standards of data security. Primary Skills (Must Have)-Deep understanding of cryptographic protocols, key management schemes, and best practices in encryption -Hands-on experience on data encrypting using Vormetric or CipherTrust solutions (i.e. MS SQL, Postgreqsl, File level, storage etc.) -Good understanding and hands-on of KMIP and TDE integration protocol -Develop scripts and use automation tools to streamline security processes Secondary Skills (Good to have)-Work on scripting and automation to streamline key management and encryption processes. -Write secure application code for managing encryption keys and performing cryptographic operation. -Familiarity with various operating systems, such as Windows, Linux, and UNIX. -Familiarity with compliance and regulatory frameworks relevant to data protection and privacy Key Responsibilities-Integrate the CipherTrust Platform with a variety of cloud environments, databases, and applications. -Administer the creation, distribution, rotation, and revocation of encryption keys in accordance with best practices and compliance requirements. -Ensure secure storage and backup of encryption keys, employing robust access controls. -Develop and enforce data security policies through the CipherTrust Manager OR Vormetric Console -Troubleshoot and resolve issues related to SQL DB, File level and Storage encryption. -Develop best practice documentation for the onboarding and integration of application on cryptography solutions. Professional CompetenciesMinimum 2 years of working and hands-on experience with Thales Vormetric or Thales CipherTrust encryption and key management solutions Education / Certifications / Trainings-Bachelor degree in any stream -Good to have certified or trained professional in Thales Vormetric or CipherTrust or any other cryptography solution Shift Timing (9x5,24x7)9X5 Shift Job LocationPreferable Bangalore/ Chennai Optional Across India as per candidate preference Named Job Posting? (if Yes - needs to be approved by SCSC) Additional Details Global Grade D Level To Be Defined Named Job Posting? (if Yes - needs to be approved by SCSC) No Remote work possibility No Global Role Family To be defined Local Role Name To be defined Local Skills cryptography Languages RequiredENGLISH Role Rarity To Be Defined

Role & responsibilities Perform fuzzing of network protocols on devices like routers, Wi-Fi routers, ONT/OLT, firewalls, and other network appliances. Research and develop fuzzing strategies to test network protocols, identify vulnerabilities, and improve security. Work with tools such as Synopsys Defensics, AFL, Peach Fuzzer, or similar for fuzzing network protocols. Collaborate with hardware and firmware teams to understand device functionality and how to target fuzzing effectively. Analyze crash reports and debug logs to identify root causes of vulnerabilities and provide detailed remediation steps. Prepare technical documentation and reports on the findings from fuzzing activities. Stay updated with the latest security trends, techniques, and tools in network protocol fuzzing. Preferred candidate profile Minimum 1 year of experience in fuzzing network protocols or security testing of network devices. Strong understanding of network protocols (e.g.TCP/IP, DHCP, DNS, HTTP, SIP, etc.). Experience with fuzzing tools (e.g., Synopsys, Defensics, AFL, Peach Fuzzer, Sulley, or custom fuzzers). Knowledge of network hardware, embedded systems, and operating systems. Familiarity with router, firewall, Wi-Fi router, ONT/OLT technologies, and associated protocols. Hands-on experience with debuggers, crash analysis, and memory corruption vulnerabilities. Solid understanding of network security concepts and vulnerability assessment techniques. Prior experience with security assessments and penetration testing of network appliances. Familiarity with scripting languages (e.g., Python, Bash) for automation of testing processes. Knowledge of reverse engineering and static/dynamic analysis of firmware. Certifications (Optional but Preferred) : OSCP, CEH, or other relevant security certifications.

Responsibilities Work on projects with clearly defined guidelines as team member with responsibility for project delivery To understand end-to end application architecture and business logics. Conduct manual penetration testing of web applications, mobile applications, APIs, networks, and other systems to identify security vulnerabilities. Utilize penetration testing tools and frameworks to simulate real-world attack scenarios and identify vulnerabilities. Performs cyber security assessments which includes vulnerability assessment & penetration testing, network security architecture review, secure configuration / code review, manually etc. Understands basic business and information technology management processes. Demonstrates knowledge of firm's methodologies, frameworks, and tools. Participate in practice development. The Key Skills Understanding of basic business and information technology management processes Good knowledge of protocols, security measures and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Must have in-depth business logic vulnerabilities, XSS, SQLi, Broken Access Control, SSRF, and other OWASP TOP 10 best practices and cyber security guidelines. Experience in Infrastructure Penetration Testing and Application Security Testing Experience in secure code review and expertise in tools like Checkmarx and SonarQube are required. Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Must have Hand-on-Experience of tools like Burp-Suite, Nmap, Metasploit as well as open-source tools. Should possess knowledge of vulnerability exploitation and exploit development. Experience in basic scripting such as: Shell, Python, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, etc. Additional Skills Strong analytical and communication skills (written, verbal and presentation) Open to learn new tools and technologies as per the project requirement. Any other professional certificated will be an added advantage. Requirement: CEH (Required) and OSCP (Preferred)

?Minimum 3+ years of experience in vulnerability assessment and penetration testing domain. Proven track record in identifying, exploiting, and remediating vulnerabilities across networks, applications, and systems. In-depth knowledge of network protocols, operating systems (Linux, Windows, etc.), web application technologies, and common security tools. Expertise in penetration testing tools like Burp Suite, Metasploit, Nessus, Nmap, Wireshark, etc. Strong knowledge of ethical hacking techniques, vulnerability scanning, and risk analysis. Familiarity with network security concepts such as firewalls, VPNs, IDS/IPS, and SIEM tools. Strong problem-solving skills and attention to detail. Ability to communicate complex technical findings in a clear, non-technical manner. Proficiency in scripting languages such as Python, Bash, or PowerShell for automation and exploitation. ?Certifications: Industry-recognized certifications must have as: Offensive Security Certified Professional (OSCP) Certified Information Systems Security Professional (CISSP)