196 Oscp Jobs - Page 2

Job Title: VAPT Consultant Note: Looking only for candidates who can join within 45 days. Qualifications: • BE/B. Tech with specialization in cyber security, MCA, M. Tech / Masters in Information security, or Forensics Analysis Knowledge • 2-5 years hands on experience working in VAPT, working for cybersecurity industry. • Candidate must have cybersecurity related certifications such as CEH or eJPT or eWPT or CRTP or any other similar certification. • Candidates must have hands on experience in red teaming or source code review or cloud configuration review in addition to VAPT Role and Responsibility: • Conduct Network/ System Vulnerability Assessments, Penetration Testing using tools to evaluate attack vectors, identify system vulnerabilities, and provide appropriate remediation plans for mitigation of the identified vulnerabilities. • Conduct Application vulnerability assessments, Penetration Testing for web applications, identify and report vulnerabilities, provide recommendations, and track closure of identified vulnerabilities. • Perform Configuration compliance assessments for Endpoints / Assets /network devices and help maintain the security settings at compliant level with Specific Security Standards. • Perform regular monitoring of patch compliance of the assets in the network, Analyze Patch Advisories and provide remediation steps for the stakeholders. • Performing comprehensive review and threat adversary modeling for web applications. • Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting • Conduct and compile findings on new vulnerabilities, new tools for departmental use. • Create project deliverables / reports and assist the client with remediations and discussions. • Abide by the project timelines and maintain project discipline. Technical Skills Required: • Hands-on Experience is performing Network Security Assessment and vulnerability Assessment. • Good understanding of OSI layers and fundamental Operating system concepts, security settings for various flavors of Windows and Linux platforms. • Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. • Familiar working with Publicly available exploits codes. • Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Armitage, Maltego, Burp Suite, Paros Proxy Nessus, nexpose, Wireshark, sqlmap etc. • Sound knowledge about infrastructure vulnerability scans, identifying security vulnerabilities, weaknesses, threats, and assessing related risks that exists within an IT Infrastructure or business processes. • Sound knowledge about Application vulnerability assessments and relevant knowledge of OWASP top 10 vulnerabilities and SANS. • Good understanding of firewalls, Switches, and Routers configuration settings and policies, relevant experience in performing rule base reviews and configuration reviews for network devices

Role: Intern (Technical services) Job Location: Bangalore Qualifications: BE/B. Tech with specialization in cyber security, MCA, M. Tech / Masters in Information security, or Forensics Analysis Knowledge. Certifications such as CEH or eJPT or eWPT or CRTP or any other similar certification, is mandatory. Role and Responsibility: Conduct Network/ System Vulnerability Assessments, Penetration Testing using tools to evaluate attack vectors, identify system vulnerabilities, and provide appropriate remediation plans for mitigation of the identified vulnerabilities. Conduct Application vulnerability assessments, Penetration Testing for web applications, identify and report vulnerabilities, provide recommendations, and track closure of identified vulnerabilities. Perform Configuration compliance assessments for Endpoints / Assets /network devices and help maintain the security settings at compliant level with Specific Security Standards. Perform regular monitoring of patch compliance of the assets in the network, Analyze Patch Advisories and provide remediation steps for the stakeholders. Performing comprehensive review and threat adversary modeling for web applications. Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting Conduct and compile findings on new vulnerabilities, new tools for departmental use.\ Create project deliverables / reports and assist the client with remediations and discussions. Abide by the project timelines and maintain project discipline. Technical Skills Required: Hands-on Experience is performing Network Security Assessment and vulnerability Assessment. Good understanding of OSI layers and fundamental Operating system concepts, security settings for various flavors of Windows and Linux platforms. Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. Familiar working with Publicly available exploits codes. Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Armitage, Maltego, Burp Suite, Paros Proxy Nessus, nexpose, Wireshark, sqlmap etc. Sound knowledge about Application vulnerability assessments and relevant knowledge of OWASP top 10 vulnerabilities and SANS. Good understanding of firewalls, Switches, and Routers configuration settings and policies, relevant experience in performing rule base reviews and configuration reviews for network devices

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or you can apply in below post Mandatory roles: Perform Internal and External Red Teaming. Report Preparation with proof of concepts. Provide recommendations to remediate the findings. Excellent communication skill is important. Additional skills: Cyber Security Assessment & Consulting,Cyber Threat Hunting,Manual Penetration Testing using OWASP checklists,OWASP Top 10,OWASP ZAP,Penetration Testing,Static Code analysis,Static/dynamic testing of mobile applications Exp range:7 + years Who can by Immediate or 15 days max Thanks and Regards, Ankita Ghosh

Job Role: Offensive Security Engineer Location: Bangalore Job Type: Full-time Experience: 3+ years in Offensive Security / Penetration Testing About Zybisys At Zybisys , we are committed to securing digital ecosystems by proactively identifying and mitigating cyber threats. As we expand our security team, we are looking for a highly skilled Offensive Security Engineer who thrives in ethical hacking, red teaming, and vulnerability exploitation to strengthen our security posture. Role Overview As an Offensive Security Engineer , you will be responsible for simulating real-world cyberattacks to identify vulnerabilities, assess risks, and improve security defenses. You will work closely with security analysts, DevOps, and IT teams to enhance the organization's resilience against cyber threats. Key Responsibilities Penetration Testing & Red Teaming Conduct advanced penetration testing on web apps, networks, APIs, cloud, and mobile applications. Simulate real-world attack scenarios to evaluate security defenses. Perform internal/external network and infrastructure security assessments. Vulnerability Research & Exploitation Identify, analyze, and exploit vulnerabilities across various systems. Develop custom scripts or exploits for proof-of-concept attacks. Work with security teams to ensure timely patching and risk mitigation. Security Tool Development & Automation Develop and maintain security testing tools and automation scripts. Integrate offensive security techniques into CI/CD pipelines. Threat Hunting & Adversary Simulation Conduct red team and purple team exercises to test detection & response capabilities. Stay ahead of cyber threats by researching latest hacking trends, zero-days, and TTPs. Security Reporting & Collaboration Document security findings with detailed remediation steps. Work with engineering teams to implement security best practices. Contribute to security awareness training within the company. Required Skills & Qualifications Experience: 3+ years in offensive security, penetration testing, or red teaming. Technical Expertise: Strong knowledge of penetration testing tools (Burp Suite, Metasploit, Nmap, Kali Linux, etc.). Deep understanding of network security, web security, and cloud security . Proficiency in exploit development, reverse engineering, and malware analysis . Experience with scripting languages ( Python, Bash, PowerShell ). Hands-on experience with Active Directory attacks, privilege escalation, and lateral movement . Certifications (Preferred, Not Mandatory): OSCP (Offensive Security Certified Professional) OSWE / OSEP / OSEE (Advanced Offensive Security Certifications) CEH (Certified Ethical Hacker) CRTO (Certified Red Team Operator) GPEN (GIAC Penetration Tester) Why Join Zybisys? Work on cutting-edge security projects with real-world impact. Be part of an elite cybersecurity team tackling advanced threats. Continuous learning with access to security tools, training, and certifications. Competitive salary, benefits, and performance-based incentives.

Ethical Hacker (Fresher) Job Summary: We are hiring an Ethical Hacker to help identify and fix security vulnerabilities in our systems. This role suits individuals passionate about cybersecurity and ethical hacking. Key Responsibilities: Perform penetration testing and vulnerability assessments. Document findings and suggest remediation strategies. Assist in developing secure coding practices and policies. Stay updated with the latest security threats and tools. Requirements: Bachelors degree in Cybersecurity, IT, or related field. Basic knowledge of ethical hacking tools (Nmap, Metasploit, Burp Suite). Understanding of OWASP Top 10 and network security principles. Interest in certifications like CEH, OSCP (not mandatory for fresher). Preferred Skills: Scripting knowledge (Python, Bash). Analytical thinking and attention to detail. Strong ethics and commitment to responsible disclosure.

Shift - Night shift ( Mon -Friday) Experience - 5+ yrs into Pen Testing PS - OSCP certification is Mandatory for this role. Job Profile Summary Responsible for conducting vulnerability assessment scans, assisting with penetration testing, exposing security vulnerabilities and risks, and recommending solutions to mitigate such vulnerabilities. Contributes to building and delivering services, solutions and processes that enable security defects to found, fixed or avoided before applications are released to production. Tracks public and privately released vulnerabilities and assists in the corporate triage process including: identification, criticality evaluation, remediation planning, communications, and resolution. Conducts vulnerability assessment scans, exposing security vulnerabilities and risks and recommending solutions to mitigate such vulnerabilities. Careel Level Summary Requires in-depth conceptual and practical knowledge in own job discipline and basic knowledge of related job disciplines Solves complex problems Works independently, receives minimal guidance May lead projects or project steps within a broader project or may have accountability for ongoing activities or objectives Acts as a resource for colleagues with less experience Level at which career may stabilize for many years or until retirement Key Responsibilities Assists with mobile black box testing, source code analysis, manual pen testing, and vulnerability assessments. Prepares reports on vulnerability and penetration testing and works with business units to develop remediation plans. Keeps up with the changing nature of security threats. Schedules and executes vulnerability/ penetration testing Contributes to the corporate vulnerability triage process. Works closely with the Risk Management, ISOC and Intel teams Researches and investigates new and emerging vulnerabilities and participate in external security communities Knowledge Intermediate knowledge of Single Sign-On (RSA SecureID), Federation, Kerberos, PKI, LDAP, SAML, OpenID, Oauth, and cross-realm concepts, Identity Synchronization and multi-factor authentication Intermediate knowledge of ethical hacking and penetration testing Intermediate understanding of security principles to include operating system and directory services hardening Skills AI/Machine Learning Cloud Computing Cybersecurity DevOps Coding Skills Network/Systems Skills Certifications OSCP - Mandatory Current CEH, GPEN, CISSP, and GCIA certifications preferred Experience 5 - 7 years of experience in the field of role required

Job Description: Prudent Technologies and Consulting is seeking an experienced Principal Application Security Engineer to lead our rapidly expanding web application penetration testing services. This senior-level position will play a critical role in advancing our offensive security capabilities, mentoring junior security consultants, and delivering high-value security assessments to our global client base. The ideal candidate will combine technical expertise in web application security with leadership skills and client engagement experience to drive our security consulting practice forward. As a Principal Application Security Engineer, you will serve as a technical leader within our offensive security practice, specializing in web application penetration testing methodologies. You will lead complex security engagements, provide subject matter expertise to clients and internal teams, mentor junior security consultants, and contribute to the development of our service offerings. This position requires a deep understanding of application security principles, extensive hands-on testing experience, and exceptional communication skills to translate technical findings into actionable business insights. Responsibilities: Lead complex web application penetration testing engagements for enterprise clients, ensuring delivery of high-quality assessments that meet or exceed client expectations. Serve as the principal security advisor to clients, translating technical findings into business context and providing strategic remediation guidance. Develop and enhance the organization's application security testing methodologies, incorporating industry best practices like OWASP and MITRE ATT&CK frameworks. Perform advanced manual testing to identify sophisticated vulnerabilities beyond the capabilities of automated tools, including business logic flaws, authentication bypasses, and authorization weaknesses. Conduct comprehensive threat modeling sessions with development teams to identify security risks early in the software development lifecycle. Lead code reviews to identify security vulnerabilities in client applications and provide remediation guidance. Create detailed technical reports and executive summaries that clearly articulate security findings, business impact, and prioritized remediation recommendations. Mentor junior security consultants, providing technical guidance and contributing to their professional development. Collaborate with sales teams to scope complex engagements, participate in pre-sales activities, and support business development efforts. Contribute to research initiatives that enhance the company's security testing capabilities and industry reputation. Evaluate emerging tools and technologies to improve the efficiency and effectiveness of security testing processes. Qualifications: Required Qualifications: 5-8+ years of professional experience in application security, with a strong focus on web application penetration testing. Demonstrated expertise in identifying, exploiting, and documenting complex web application vulnerabilities following OWASP methodologies. Proficiency with industry-standard penetration testing tools including Burp Suite Professional, DAST scanners, and other exploitation frameworks. Experience leading security assessments across diverse technologies and environments including web applications, APIs, cloud services (AWS, Azure, GCP), and modern web frameworks. Strong understanding of secure coding practices, common vulnerability patterns, and remediation strategies across multiple programming languages and frameworks. Exceptional technical writing skills, with the ability to produce clear, concise, and compelling security assessment reports for both technical and executive audiences. Proven ability to build trusted relationships with clients and effectively communicate complex security concepts to technical and non-technical stakeholders. Experience mentoring junior security professionals and leading technical teams. Preferred Qualifications: Bachelor's degree in computer science, cybersecurity, or related technical field. Good to have (preferred) advanced security certifications such as OSWE, GWAPT, GPEN, OSCP, or equivalent industry recognitions. Experience developing custom tools or scripts to automate aspects of penetration testing using Python, Go, or similar languages. Prior software development experience that informs a deep understanding of modern application architectures and development practices. Contributions to the security community through published research, CVE discoveries, open-source tool development, or conference presentations. Experience with mobile application security testing (iOS and Android) and API security assessment methodologies. Knowledge of cloud security architecture and specialized cloud service penetration testing techniques. Experience with AI/ML system security evaluation and testing methodologies. Education: Direct work experience performing application penetration testing assessments; ability to begin testing immediately with guidance on Prudent's specific approach and methodology. Bachelor's degree in computer science, cybersecurity, or related technical field.

Job Description: Prudent Technologies and Consulting is hiring for a fast-growing Cybersecurity team that supports a customer base including the worlds largest organizations. We have an immediate opening for a Senior Application Security Consultant. The role requires an experienced offensive consultant who understands application security testing methodologies, frameworks, tools and reporting. As a Senior Consultant you will perform and lead technical teams to conduct thorough security assessments as well as perform field related research. Candidates should be familiar with a variety of technologies including web, mobile, API, AI/LM, cloud, desktop, single sign-on and OAuth. Responsibilities: Consult with technical and non-technical client stakeholders Collaborate with Sales teams to assist in scoping efforts Lead projects and mentor less experienced consultants Perform advanced comprehensive penetration tests, adhering to industry-standard best practices Conduct penetration testing across diverse environments, including desktop applications, mobile applications, web applications, cloud environments, on-prem environments, APIs and AI/LM Document and report vulnerabilities, show proof-of-concepts where applicable, and provide detailed explanations to highlight severity, business impact, and tailored remediation steps Manages priorities and tasks to achieve utilization targets Participate in research and development efforts to improve the Cybersecurity practice Qualifications: Required Qualifications: 8+ years of direct experience performing manual penetration testing assessments on desktop applications, mobile applications, web applications, cloud environments, API and AI/LM Proficient at using penetration testing tools such as Burp Suite, DAST scanners, Metasploit and Nessus to identify and exploit vulnerabilities Able to write deliverable reports, including executive summaries and presentations, and status reports for clients Understanding of industry-standard security frameworks (e.g., OWASP and MITRE ATT&CK) Excellent project management, leadership, time management, and client consulting skills Preferred Qualifications: Bachelors degree in computer science, information security, or related field Good to have (preferred) relevant certifications (e.g., OSCP and/or OSWE) Experience with scripting languages such as Python and Bash Experience with application development, systems engineering, or similar Published CVE/CWE contributions, participation in CTF events and independent research projects Education: Direct work experience performing application penetration testing assessments; ability to begin testing immediately with guidance on Prudents specific approach and methodology

As a Senior Engineer in Cybersecurity at Fluidech IT Services Private Limited, you will have the opportunity to join a leading technology consulting and managed services firm specializing in cybersecurity. Founded in 2014 and headquartered in Gurugram, Fluidech has established itself as a trusted technology partner for over 100 organizations worldwide. As a born-in-the-cloud company, Fluidech offers IT solutions aligned with business objectives, focusing on cloud, infrastructure, DevOps, and cybersecurity services across various industry verticals. In this role, you will be responsible for designing, deploying, and optimizing cybersecurity solutions tailored to client environments and business needs. Your expertise will be crucial in areas such as infrastructure security, endpoint protection, cloud security, threat detection, and GRC support. You will collaborate with internal teams and clients to develop robust security strategies, troubleshoot complex security issues, and stay informed about the latest threat intelligence and security trends. To be successful in this role, you should have a Bachelor's degree in Information Security, Computer Science, or a related field, along with 10+ years of hands-on experience in cybersecurity engineering, solution design, or security architecture. Proficiency in tools such as SIEM, EDR/XDR, firewalls, cloud security platforms, IAM, and compliance scanning tools is essential. Industry certifications like CISSP, CISM, CEH, OSCP, CISA, or AZ-500 are highly desirable, along with experience in supporting security audits and compliance assessments. Joining Fluidech means being part of an award-winning company known for its excellence in cybersecurity. You will work with a passionate and innovative team on cutting-edge technologies, leading high-impact cybersecurity projects across diverse sectors. Additionally, you will have access to competitive compensation, health insurance, learning and development opportunities, cross-functional exposure, and a supportive workplace culture that values transparency, trust, and continuous growth.,

Application Security Perform security reviews, code audits, and threat modeling of web and mobile applications. Work with DevOps and development teams to integrate secure coding practices and tools (e.g., SAST, DAST, SCA). Conduct penetration testing and vulnerability assessments on internal and external applications. Remediate OWASP Top 10 and other emerging threats. Infrastructure & Server Security Harden Linux and Windows servers following CIS/NIST benchmarks. Implement endpoint security solutions (AV, EDR, MDM). Monitor, detect, and respond to system anomalies and unauthorized access. Manage patching and update cycles in coordination with system teams. Network Security Secure network architecture, firewall policies, VPNs, NAT, and VLAN segmentation. Analyze and mitigate threats like DDoS, MITM, spoofing, etc. Configure and manage intrusion detection/prevention systems (IDS/IPS). Perform routine audits and packet-level analysis for suspicious activity. Cloud Security Secure cloud infrastructure (Alibaba Cloud/AWS/Azure/GCP). Manage IAM, WAF, Security Groups, and cloud-native threat detection tools. Audit and improve security configurations in containers, CI/CD pipelines, and serverless deployments. Monitoring, Audit, and Compliance Work closely with compliance teams to meet standards like SAMA-CSF, ISO 27001, and PCI-DSS. Implement and tune SIEM/SOAR systems for proactive monitoring and incident response. Maintain audit trails, security reports, and logs for investigations and audits. Qualifications & Requirements Bachelors degree in computer science, Cybersecurity, or a related field. 4+ years of experience in cybersecurity roles with exposure to infrastructure and application security. Proficiency in tools like Burp Suite, Nessus, Wireshark, Nmap, Suricata, OSSEC/Wazuh, etc. Strong knowledge of TCP/IP, Linux security, cloud security, and secure coding principles. Experience with at least one cloud platform (Alibaba Cloud preferred). Familiarity with regulatory and compliance standards in the GCC region is a plus. Security certifications such as CEH, OSCP, CISSP, or CISM are a plus. Preferred Strong problem-solving and analytical skills. Ability to work under pressure in a fast-paced environment. Excellent communication skills to interface with technical and non-technical stakeholders. Self-motivated and able to work independently or as part of a team.

About the Role We are seeking a dynamic and detail-oriented Cyber Forensic candidates to join our Forensic Team in Risk Advisory practice. The ideal candidate will have hands-on experience in cyber incident response, digital forensics, and threat investigations, and will be responsible for supporting high-impact engagements involving cyber breaches, fraud investigations, and forensic analysis. Role & responsibilities Conduct end-to-end digital forensic investigations across endpoints, servers, cloud, and mobile devices. Support cyber incident response engagements including containment, eradication, recovery, and root cause analysis. Perform evidence acquisition, chain of custody documentation, and forensic imaging using industry-standard tools and Chain of custody procedures. Analyze logs, memory dumps, and network traffic to identify indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). Assist in malware analysis, reverse engineering, and threat actor profiling. Prepare detailed technical reports and executive summaries for clients and internal stakeholders. Preferred candidate profile Bachelors or Masters degree in Computer Science, Information Security, Digital Forensics, or a related field from a reputed institute. 25 years of relevant experience in cyber forensic and incident response. Strong understanding of Windows, Linux, and cloud environments (AWS, Azure, GCP) including log acquisition. Experience with forensic tools such as EnCase, FTK, X-Ways, Autopsy, Cellebrite, Magnet AXIOM. Preferred Certifications (any one) GCFA (GIAC Certified Forensic Analyst) GCIH (GIAC Certified Incident Handler) CHFI (Computer Hacking Forensic Investigato

Position Purpose The purpose of the position is to help with the information security topics mentioned in the direct responsibilities. Responsibilities Direct Responsibilities - Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Experience in Process Improvement, Controls Enhancement and Reporting. - Engaging with organization wide risk and control groups, including internal audit and territory control teams. - Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls. Contributing Responsibilities Excellent understanding of development security and its implementation in systems: identification, authentication, access control and provisioning, alignment of jurisdiction to business process Knowledge of single-sign-on security strategies (e.g. SAML, OAUTH2, SiteMinder etc.) Excellent understanding of authentication related mechanisms (Kerberos, One Time Passwords, PKI) Good understanding of cryptography and its practical uses within secure application development Familiarity with common security vulnerabilities (e.g. OWASP Top 10) Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them. Excellent knowledge of programming best practices, design patterns, etc. Excellent problem solving skills, being able to develop approaches to complex technology and strategy problems, building consensus across diverse interest groups and working within constraints of practical delivery yet able to think beyond the requirements of immediate issues. Well-developed written communication skills with the ability to summarise key issues, conclusions and recommendations in report form. Target audiences will include regulatory authorities and internal/external auditors. Technical & Behavioral Competencies Excellent knowledge of programming best practices, design patterns, etc. Excellent problem solving skills, being able to develop approaches to complex technology and strategy problems, building consensus across diverse interest groups and working within constraints of practical delivery yet able to think beyond the requirements of immediate issues. Well-developed written communication skills with the ability to summarize key issues, conclusions and recommendations in report form. Target audiences will include regulatory authorities and internal/external auditors. Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity, Sonatype, Blackduck Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Experience in Process Improvement, Controls Enhancement and Reporting. Excellent Inter personal and presentation skills Strong in verbal and written communication Ability to liaise with cross-functional stakeholders globally Clear understanding of application and data security Must be flexible, independent, self-motivated Good analytical skills Specific Qualifications (if required) - CEH, SSCP, OSCP certified. - Technical Graduate (Computer Science) Preferable. Skills Referential Behavioural Skills : (Please select up to 4 skills) Ability to collaborate / Teamwork Communication skills - oral & written Ability to share / pass on knowledge Active listening Transversal Skills: (Please select up to 5 skills) Ability to understand, explain and support change Analytical Ability Ability to develop and adapt a process Ability to develop and leverage networks Ability to manage / facilitate a meeting, seminar, committee, training Education Level: Bachelor Degree or equivalent

Design, implement, and manage security solutions, tools, and processes to protect infrastructure and data. Monitor systems for security breaches, threats, abnormal activities. Conduct vulnerability assessments, penetration testing, and risk analysis

Roles and Responsibilities : Conduct penetration testing (penetration testing) of IoT devices and systems to identify vulnerabilities and weaknesses. Develop and execute custom scripts using Python programming language for automating tasks related to VAPT (Vulnerability Assessment & Penetration Testing). Collaborate with cross-functional teams, including development, operations, and security teams to ensure effective implementation of cybersecurity measures. Analyze results from pen tests and provide detailed reports on findings, recommendations for remediation, and mitigation strategies. Job Requirements : 3-10 years of experience in IT services & consulting industry with expertise in cyber security, IoT testing, OSCP certification preferred. Strong understanding of penetration testing methodologies and tools such as Nmap, Nessus, Metasploit etc. . Proficiency in Python programming language with knowledge of scripting languages like Bash/Shell Scripting.

About the Role: Duration: 6 months Timings: Full Time (As per company timings) Shift: General Shift, Cab facility is available. 5 days work from the office. Notice Period: (Immediate Joiner - Only) Responsibilities: Design and develop detection rules and policies to identify cybersecurity threats across various platforms and technologies. Lead the design, development, and deployment of high-fidelity threat detection mechanisms across our diverse technology stack, including on-premise, cloud (AWS, Azure, GCP), and SaaS environments. Collaborate with security analysts, threat hunters, and intelligence to understand emerging threats and devise effective detection strategies. Validate and tune detection content to minimize false positives and ensure high accuracy and efficiency. Stay updated on the latest cybersecurity trends, tools, and technologies to continuously improve detection methodologies. Work directly with clients to onboard their environments onto our platform and integrate data sources, guiding them through the process. Document detection processes, create reports on security metrics, and communicate findings to stakeholders Good understanding of network infrastructure, security, and devices, i.e,. Firewalls, EDR, Email Security, Proxy, DLP, and IDS/IPS Qualifications: Bachelors degree in Computer Science, Information Security, or a related field. At least 5 years of experience in cybersecurity, with a focus on threat detection, analysis, and incident response Strong knowledge of security information and event management (SIEM) systems, log management solutions, and detection platforms. Familiarity with attack patterns, tactics, techniques, and procedures (TTPs) used by cyber adversaries - MITRE ATT@CK and Cyber Kill Chain Experience with cloud security and understanding of cloud-based threat detection strategies. Strong communication and collaboration skills, with the ability to work effectively in a team environment and interact with clients Collaborate with the Security Operations team on developing and automating alert response processes and playbooks Knowledge of security tools and technologies, such as SIEM, CSPM, EDR/XDR, SOAR, WAF, and IDS/IPS. Professional security certifications such as OSCP, GIAC (e.g., GCIH, GCIA), CISSP, or other relevant certifications are highly valued. Hands-on experience with SIEM platforms for log management and alerting. Ex: Splunk, Elastic Stack (ELK/Security Onion), IBM QRadar, Securonix, Wazu,h or Azure Sentinel. Ability to create SIEM queries, dashboards, and integrate new data sources

About the role: At ICICI Bank, Information Security Group believes in providing services to its customers in the safest and most secure manner keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. Our support application team performs application vulnerability assessments and document vulnerabilities which were found and provides recommendations for remediation according to BFSI guidelines and industry best practices. As an Application Security Manager, you will provide guidance to the application team on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. You will work along with cross functional business teams to get closure of identified gaps and utilize escalation matrix effectively wherever necessary. You will conduct application security assessment results review and mitigation approval. You will keep abreast of new technologies to ensure that the organization remains at the forefront of security. Key Responsibilities: Support and Testing Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets with security tools like BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc. Analysis Perform in-depth analysis of VAPT results, Review assessment reports to provide risk mitigation & recommendations on that basis. Collaboration Collaborate with the application team and provide them guidance on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. Educational Qualification Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with relevant experience. Certification for OSCP is an additional advantage Compliance and Network Security Knowledge of cyber security trends & hacking techniques, MITRE ATT&CK framework with hacker mindset. Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Key Technologies Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance, Knowledge of Networking concepts & Good understanding of latest Network /security technologies such as Cloud security and recent trends

We are looking for a Penetration Tester. This position is available for Chennai Location. Youll make a difference by: Having experience in performing advanced penetration testing on networks, web & mobile applications, and systems. Having ability to Identify vulnerabilities, exploit weaknesses, and assess the security posture of various assets. Having ability to develop and maintain automated testing tools and scripts. Creating detailed reports outlining findings, risks, and recommended actions. Having Extensive experience in penetration testing, vulnerability assessment, and ethical hacking. Having Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Nessus, and others. Strong understanding of network protocols, web and mobile applications, and operating systems. Maintaining documentation of testing methodologies, tools, and processes. Knowledge of scripting and programming languages (e.g., Python, Bash). Youll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 3-4 Years of relevant experience as Penetration Tester. Having Good command over English language (spoken & written) is non-negotiable. Working closely with business partners to understand their needs and translate them into technical requirements. Communicating findings, risks, and remediation strategies to both technical and non-technical stakeholders. Foster strong relationships with business units to ensure security measures align with business goals. Certification Preferred: Entry level certifications like CEH, eJPT, eWPT. Other certifications like eWPTX, OSCP is an advantage. Well support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities.

Location: Pan India Job Title: Infra VAPT & Mobile AppSec Experience: 12-15 Years Job Description: Lead and manage a team of VAPT professionals, overseeing vulnerability assessments and penetration testing for infrastructure and mobile applications. Plan, execute, and review security assessments for networks, servers, cloud environments, and mobile apps (Android/iOS). Ensure high-quality reporting and effective remediation guidance for identified vulnerabilities. Mentor and develop team members, allocate tasks, and monitor project delivery. Liaise with stakeholders to communicate risks and coordinate remediation efforts. Maintain up-to-date knowledge of security threats, tools, and best practices. Requirements: 12-15 years of relevant experience in Infra VAPT and Mobile AppSec. Strong leadership and team management skills. Hands-on expertise with VAPT tools and methodologies. Excellent communication and problem-solving abilities. Relevant certifications (e.g., OSCP, CISSP, CEH) preferred.

About The Role Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a highly skilled and experienced Senior Threat Hunter with deep expertise in Microsoft Sentinel and Microsoft Defender for Endpoint (MDE). The ideal candidate will excel in advanced KQL query writing, hypothesis-driven hunting, detection engineering, and data visualization using Sentinel Notebooks and Workbooks. This role plays a critical part in proactively identifying threats, tuning detection logic, and enhancing our overall threat hunting capabilities.Key Responsibilities:- Write and optimize advanced KQL queries to detect malicious activities in Sentinel and MDE logs.- Conduct proactive threat hunting by forming hypotheses and correlating data across M365 Defender, Sentinel, and other sources.- Use Sentinel Notebooks (Azure ML/Log Analytics) and Workbooks to visualize hunt data and share findings with stakeholders.- Leverage MDE Advanced Hunting for in-depth endpoint telemetry analysis.- Integrate threat hunting with the MITRE ATT&CK framework, mapping TTPs and identifying gaps in coverage.- Collaborate with L3 analysts and detection engineers to fine-tune existing analytics rules and hunting queries.- Create and manage Sentinel Playbooks (Logic Apps) to automate threat response and investigation workflows.- Support continuous improvement of the threat detection lifecycle by contributing to new detection use cases and threat models.- Assist in Purple Team exercises and post-incident retrospectives by contributing hunt-driven insights. Professional & Technical Skills: - 5+ years of experience in cyber threat hunting, SOC operations, or detection engineering.- Strong proficiency in Kusto Query Language (KQL) with hands-on experience in Microsoft Sentinel and MDE.- In-depth knowledge of endpoint, network, and cloud telemetry (especially Microsoft ecosystem).- Experience using Sentinel Workbooks, Notebooks, and custom analytics rule creation.- Practical experience in hypothesis-driven threat hunting and developing custom detection rules.- Familiarity with MITRE ATT&CK framework and its use in mapping attacker TTPs.- Hands-on experience with Sentinel automation workflows using Logic Apps.- Microsoft SC-200:Microsoft Security Operations Analyst- Microsoft SC-100:Microsoft Cybersecurity Architect- GIAC GCFA/GCIA/GCED (or equivalent)- AZ-500:Microsoft Azure Security Technologies- OSCP (for offensive knowledge is a plus) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

This Position reports to: R&D Unit Lead Your role and responsibilities Security Architecture: Design and implement security architecture and controls for new and existing products. Secure Coding Practices: Educate and advocate for secure coding practices among development teams through workshops, training sessions, and documentation. Code Review: Review source code for security vulnerabilities and provide actionable feedback to development teams. Security Assessments: Conduct regular security assessments, including threat modeling, Attack Surface Analysis, Critical Analysis. Tool Implementation: Evaluate and implement application security tools (e.g., static and dynamic analysis tools) to automate security testing processes. Incident Response: Assist in incident response activities related to application security breaches, including root cause analysis and remediation strategies. Collaboration: Work closely with cross-functional teams, including software developers, DevOps, and IT security, to ensure security considerations are integrated into the development process. Monitoring and Reporting: Monitor application security metrics and provide regular reports to management on security posture and compliance. Qualifications for the role Understanding of programming languages such as C#, Rust, Python, or JavaScript. Proficient knowledge of application security principles and best practices related to secure coding. Thorough understanding of application security principles like network security, encryption, access management and their best practices. Experience with security tools and processes such as SAST, DAST, SCA, and vulnerability scanners (e.g., SonarQube, OWASP ZAP, Nessus, Invicti) Knowledge of security frameworks (e.g., OWASP Top Ten, NIST, IEC 62443, ISO 27001).Knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud) and their security features. Practical Experience with containerization and orchestration tools such as Docker and Kubernetes Certifications: Relevant certifications include Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP). Proficient in verbal and written communication, capable of explaining complex security topics in an accessible manner to those unfamiliar with the technical details.

We are looking for a Mid Penetration Tester to deliver penetration tests to Thoropass customers, including vulnerability assessments, web app pentests, network pentests, and API pentests. This role will be a player-coach, responsible for delivering our first batch of customer-facing pentest reports. As we scale the offering, this role will also mentor junior resources to deliver consistently high-quality pentests. The ideal candidate will be equal-parts penetration tester, strategic thinker, and operational doer with a passion for solving complex challenges and delivering measurable impact for our company and customers. About You You adopt the mindset of an attacker, delving deep to identify potential vulnerabilities and attack vectors. You exhibit great judgment and sharp technical instincts that allow you to differentiate essential versus nice-to-have and to make good choices about trade-offs. You have a point-of-view on the penetration testing methodology, tools, process, and what is appropriate for different stages of a scaling start-up. Hungry, humble, scrappy, and will thrive in fast-paced environments and manage multiple priorities simultaneously. What You'll Do Deliver Penetration Testing Engagements Conduct web, network, mobile and API penetration tests with automated and manual testing, using black box or gray box testing methods. Demonstrate lateral movement capabilities and expose potential data exfiltration opportunities to simulate real-world attack scenarios. Develop effective countermeasures to address both known and unknown vulnerabilities within internal networks, employing advanced adversarial tactics to highlight security gaps. Employ innovative thinking to overcome security protection mechanisms, craft proof-of-concept code, and exploit business logic. Present detailed reports and findings to customers in a clear and concise manner, in fluent written and oral English. Advise customers on remediation efforts as needed. Build Penetration Testing Function Identify recurring issues and contribute to the automation of the penetration testing process, enabling scalability and expansion. Share your expertise through regular internal knowledge-sharing sessions, maintaining comprehensive documentation, and educating technical staff on security protocols. Serve as a trusted expert in the offensive security field, staying up-to-date with the latest trends and best practices. Collaborate cross-functionally with the Customer Success team and Sales & Marketing team to hit revenue goals and deliver the best customer experience. Skillsets/ Requirements 3-5+ years in a pentesting / red teaming role. Deep technical expertise in network pentesting, web app pentesting, AWS pentesting, and API pentesting. Familiarity with the majority of the following areas: Android pentesting, iOS pentesting, cloud pentesting, OSINT, exploit development, IoT pentesting, Web3 security review, secure code review - white box pentesting. At least 1 of the following certifications: Burp Suite Certified Practitioner, OSCP OR PWPT. Knowledge of current attack methods, manual penetration testing techniques, and popular hacking tools (e.g., Nessus, Nmap, Kali Linux, Burp Suite Pro). Experience with Hack the Box, Portswigger Academy, or similar learning platforms. Proficient scripting skills in bash, Python, or similar languages. Fluency in English, with exceptional verbal & written communication. Youre able to convey complex, technical topics to an array of stakeholders in a digestible and compelling manner. Strong project management skills with experience working with cross-functional teams and influencing stakeholders at all levels of the organization. Bonus Points Familiarity with programming languages such as C/C++, Java, .NET, Python, and manual source code analysis. Compensation : Competitive base salary Exceptional private healthcare Early equity in a fast-growing company Work-from-home model Flexible PTO Home office equipment Monthly wellness and home Wi-Fi stipend

PN: who are relevant & interested candidates can come for F2F interviews on Wednesday,20th Aug 25 btw 10:30am to 6:00pm, Venue details: Happiest Minds- SMILES 1,3rd & 4th Floor, SJR Equinox,Sy.No.47/8,Doddathogur Village,Begur Hobli,E- City Phase1,Hosur Road, Opposite to Velankani tech park,B-560100. . POC:-Sreenivas Please find below the JD for your reference, experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API & Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms.

Key Responsibilities: Assist in performing vulnerability assessments and penetration tests on web applications, servers, and networks. Help in gathering and analyzing data using tools like Nmap, Nessus, Burp Suite, OWASP ZAP, etc. Support the preparation of technical reports highlighting identified vulnerabilities, risk levels, and mitigation recommendations. Follow industry standards such as OWASP Top 10, SANS 25, NIST during testing. Assist in documenting test cases, tools used, and findings for internal records. Work under supervision to follow proper methodology and maintain client data confidentiality. Eligibility Criteria: Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field. CEH or OSCP certified or similar Basic understanding of networking concepts, operating systems, and web technologies. Knowledge of common vulnerabilities and their exploitation. Familiarity with at least one penetration testing tool or framework. Strong analytical and problem-solving skills. Willingness to learn and work in a fast-paced security environment. Preferred Skills (Not Mandatory): Exposure to Linux/Unix command line Understanding of firewalls, proxies, IDS/IPS Basic scripting knowledge (Python, Bash, etc.) Thanks & Regards,Nikita TelguTalent Acquisition Executive IBN Technologies

You should have a Diploma / Bachelors / Masters Degree along with a minimum of 4-5 years of experience in a Security Operations Centre (SOC) or incident response team. It is required to possess at least one valid certification among Security+, CEH, CISSP, OSCP, CHFI, ECSA, GCIH, GCIA, GSEC, GCFA, or Cisco Cyber OPS certification. Being flexible to work in 24/7 shifts is a must. Your responsibilities will include 24/7 monitoring, triaging, and analyzing security events and alerts, as well as conducting malware analysis, including reverse engineering. You should have experience in coordinating incident response and troubleshooting across a global organization. It is important to be familiar with core concepts of security incident response and have a strong knowledge of email security threats and controls. Additionally, you should have a good understanding of Threat Intel and Hunting, network fundamentals, common Internet protocols, and experience in analyzing network traffic using tools like Wireshark. Experience in reviewing system and application logs, investigating security issues within Cloud infrastructure, and using SIEM tools such as Splunk, AlienVault, QRadar, ArcSight or similar is essential. Moreover, you should have experience in creating new detection rules and correlation rules, defining use cases for playbooks and runbooks, understanding log types and log parsing, and a strong passion for information security. A good understanding of CIS requirements is also required for this role.,

Join our Cyber Tech Assurance team and have the opportunity to work in a collaborative and dynamic environment while driving transformation initiatives within the organization. At Macquarie, our advantage lies in bringing together diverse individuals and empowering them to shape various possibilities. As a global financial services group operating in 31 markets with 56 years of unbroken profitability, you will be a valuable part of a friendly and supportive team where everyone contributes ideas and drives outcomes. In this role, you will be responsible for identifying potential threats, validating security controls against Macquarie's standards and industry frameworks, and documenting security assessment results. Furthermore, you will collaborate with stakeholders to provide security advisory, assess risk severity, and recommend remediation strategies. What You Offer: - 5 - 9 years of experience in cybersecurity consulting, architecture, or IT auditing, with a preference for strong security engineering expertise - Proficiency in security architecture, infrastructure-as-code, CI/CD, vulnerability management, and secure application development - Familiarity with public cloud platforms, containers, Kubernetes, and related technologies - Knowledge of industry standards (e.g., NIST, COBIT, ISO) and evolving threat landscapes - Industry-recognized credentials (e.g., CISSP, CISM, SABSA, OSCP, or cloud certifications) are highly valued We welcome individuals inspired to build a better future with us. If you are excited about the role or working at Macquarie, we encourage you to apply. Benefits: - Wellbeing leave day per year - 26 weeks paid maternity leave or 20 weeks paid parental leave for primary caregivers, along with 12 days of paid transition leave upon return to work and 6 weeks paid leave for secondary caregivers - Company-subsidized childcare services - 2 days of paid volunteer leave and donation matching - Benefits to support physical, mental, and financial wellbeing, including comprehensive medical and life insurance cover - Access to the Employee Assistance Program, a robust behavioral health network with counseling and coaching services - Wide range of learning and development opportunities, including reimbursement for professional membership or subscription - Hybrid and flexible working arrangements, dependent on the role - Reimbursement for work from home equipment About Technology: Technology plays a crucial role in every aspect of Macquarie, for our people, customers, and communities. We are a global team passionate about accelerating the digital enterprise, connecting people and data, building platforms and applications, and designing tomorrow's technology solutions. Our Commitment to Diversity, Equity, and Inclusion: We aim to provide reasonable adjustments to individuals who may need support during the recruitment process and through working arrangements. If you require additional assistance, please let us know in the application process.,