85 Oscp Jobs - Page 3

The applicant shall work with our development team to support and guide in the creation of an Attack Surface Management tool and associated scripts. The applicant is expected to have extensive & intensive experience in penetration testing activities to ensure protection of the products from its potential threats. The applicant shall adhere to the recognised Standards & frameworks to ensure Invias product security & systems are resilient to existing and emerging cyber security threats. The applicant shall define and execute penetration testing activities for both Invia's in-house products as well as external client products under the scope of Invias security purview. Key Responsibilities Contribute to the development of a platform that will collect risk data, provide analysis and reporting, and enable remediation. This is a significant initiative, providing you with the opportunity to make a huge impact. Acting as our key contact point for all penetration testing needs across Invia while providing a frictionless experience on all engagements. Owning and managing the annual penetration testing schedule for all applicable systems in scope and ensuring these are conducted as planned and all systems meet their annual testing requirements. Supporting and mentoring other team members within the Cyber Security capability and broader Technology teams on penetration testing and vulnerability management. Contributing to the development of technical hardening guidelines and engineering and assurance documentation for education and awareness for providing subject matter expertise on all forms of penetration testing and the applicable use cases for each. Clearly communicating security issues and risks from testing findings to both technical and non-technical stakeholders. Engaging with business stakeholders and maintaining awareness of new systems and platforms and their ramifications on the organizations cyber security and risk posture. Maintaining solid relationships with Developers, project managers, & platform owners so that they understand the critical nature of penetration testing. Conduct peer reviews for client reports drafted by other security engineers within the team. Perform and complete assigned client delivery work daily to the agreed schedule. Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS) Run attack and breach simulations. Adhere to cyber security strategies for Invias products that enables stronger resilience to security threats. Deploy appropriate security measures, including but not limited to, relevant technologies, architectures, policies, and compliance frameworks. Perform regular penetration testing of Web applications and related infrastructure (API endpoints, databases, payment systems etc.) for both internal Invia Applications as well as clients interface applications. Perform regular penetration testing of mobile applications (on Android and iOS platforms) within the scope of Invia’s product range. Create and maintain documents for clients / auditors that clearly convey the risks and associated recommended preventive actions required to mitigate the potential risks. Maintain central repository of Audit NCs and maintain their respective resolution tracker. Actively define and update testing capabilities and methodologies deployed to ensure end to end security/ vulnerability coverage. Provide hands on support to Invia Product Leads to remediate issues encountered. Collaborate with cross functional teams to evaluate, develop, implement, communicate, operate, monitor, and maintain security policies & procedures to promote a safe and secure platform. Keep abreast with current and emerging vulnerabilities, risks, and threats, in addition to understanding their appropriate counter measures. Empower Team Invia to achieve high standards of cyber security culture. Key challenges Working with a global organisation across multiple time zones Keeping abreast of current with emerging vulnerabilities, risks, and threats, in addition to understanding their appropriate countermeasures. Key knowledge and experience Certified Offensive Security Certified Professional (OSCP) Strong customer centric approach as well as excellent interpersonal skills & problem-solving skills. Extensive experience in pen testing Web applications, mobile applications (Android and IOS), API, Wireless, Network, Hardware & IoT. Extensive experience with various tools and frameworks like Kali Linux, Metasploit, Burp Suite, Nmap, Nessus, etc. Experience with Social Engineering Engagements including phishing, phone, and physical security controls. Extensive experience with Adversary Simulation (Red Teaming). Experience with Windows server infrastructure and IIS web servers Experience with Ubuntu and Apache web servers Competent adherence to the following standards and frameworks Open Web Application Security Project (OWASP) OWASP Mobile Security OWASP Application Security Verification Standard (ASVS) NIST Cybersecurity Framework The Penetration Testing Execution Standard (PTES) Open-Source Security Testing Methodology Manual (OSSTMM) Mobile Security Testing Guide (MSTG)

Job Role: Offensive Security Engineer Location: Bangalore Job Type: Full-time Experience: 3+ years in Offensive Security / Penetration Testing About Zybisys At Zybisys , we are committed to securing digital ecosystems by proactively identifying and mitigating cyber threats. As we expand our security team, we are looking for a highly skilled Offensive Security Engineer who thrives in ethical hacking, red teaming, and vulnerability exploitation to strengthen our security posture. Role Overview As an Offensive Security Engineer , you will be responsible for simulating real-world cyberattacks to identify vulnerabilities, assess risks, and improve security defenses. You will work closely with security analysts, DevOps, and IT teams to enhance the organization's resilience against cyber threats. Key Responsibilities Penetration Testing & Red Teaming Conduct advanced penetration testing on web apps, networks, APIs, cloud, and mobile applications. Simulate real-world attack scenarios to evaluate security defenses. Perform internal/external network and infrastructure security assessments. Vulnerability Research & Exploitation Identify, analyze, and exploit vulnerabilities across various systems. Develop custom scripts or exploits for proof-of-concept attacks. Work with security teams to ensure timely patching and risk mitigation. Security Tool Development & Automation Develop and maintain security testing tools and automation scripts. Integrate offensive security techniques into CI/CD pipelines. Threat Hunting & Adversary Simulation Conduct red team and purple team exercises to test detection & response capabilities. Stay ahead of cyber threats by researching latest hacking trends, zero-days, and TTPs. Security Reporting & Collaboration Document security findings with detailed remediation steps. Work with engineering teams to implement security best practices. Contribute to security awareness training within the company. Required Skills & Qualifications Experience: 3+ years in offensive security, penetration testing, or red teaming. Technical Expertise: Strong knowledge of penetration testing tools (Burp Suite, Metasploit, Nmap, Kali Linux, etc.). Deep understanding of network security, web security, and cloud security . Proficiency in exploit development, reverse engineering, and malware analysis . Experience with scripting languages ( Python, Bash, PowerShell ). Hands-on experience with Active Directory attacks, privilege escalation, and lateral movement . Certifications (Preferred, Not Mandatory): OSCP (Offensive Security Certified Professional) OSWE / OSEP / OSEE (Advanced Offensive Security Certifications) CEH (Certified Ethical Hacker) CRTO (Certified Red Team Operator) GPEN (GIAC Penetration Tester) Why Join Zybisys? Work on cutting-edge security projects with real-world impact. Be part of an elite cybersecurity team tackling advanced threats. Continuous learning with access to security tools, training, and certifications. Competitive salary, benefits, and performance-based incentives.

Who We Are: Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in todays complex world. Our culture thrives on finding new and better ways to accelerate whats next. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE. Job Description: In the HPE Hybrid Cloud, we lead the innovation agenda and technology roadmap for all of HPE. This includes managing the design, development, and product portfolio of our next-generation cloud platform, Green Lake. Working with customers, we help them reimagine their information technology needs to deliver a simple, consumable solution that helps them drive their business results. Join us redefine what’s next for you. What you’ll do: We are seeking a Software Engineer with strong coding expertise and a solid background in systems engineering and security . The ideal candidate should have experience working with security tools and processes, possess in-depth knowledge of system architecture, and demonstrate the ability to identify and resolve security vulnerabilities. This role involves contributing to the design, implementation, and maintenance of secure systems and applications while ensuring adherence to the best practices in security. This roles involves in Identification and evaluating new technologies, innovations, to ensure alignment with the technology roadmap and business value; creates plans for integration and update into architecture Reviews and evaluates designs and project activities for compliance with development guidelines and standards; provides tangible feedback to improve product quality and mitigate failure risk. Key Responsibilities Coding and Development Write clean, efficient, and secure code using modern programming languages (C# (preferred)). Collaborate with teams to design and develop secure systems and applications. Implement and integrate security tools and frameworks into the development lifecycle. Security Practices Perform security assessments and identify vulnerabilities in existing systems and applications. Deep expertise in software systems design, development methodologies, and integration across diverse platforms and technologies Proficient in cloud-based security concepts like using Identity and Access Management, firewalls, VPN and in-plane switching (IPS) systems Integrate and configure security tools (e.g., static and dynamic code analysis, vulnerability scanners, penetration testing tools). Define and enforce security policies, processes, and best practices across development and deployment. Monitor, analyze, and respond to security incidents and events. System Background Work with system-level components to ensure security in software, operating systems, and networks. Optimize performance and security in multi-threaded, distributed, or cloud-based systems. Collaborate with infrastructure and DevOps teams to enhance the overall system security posture. History of innovation with multiple patents or deployed solutions in the field of software design Collaboration and Documentation Collaborate with cross-functional teams, including product management, DevOps, and QA, to embed security in all stages of the SDLC. Create and maintain detailed documentation of security processes, tools, and guidelines. Provide technical guidance and mentoring to junior team members. Implement Agile practices to ensure continuous delivery and incremental progress. Promote and apply the left-shift strategy by identifying and addressing potential issues early in the development process. Actively participate in daily stand-ups, sprint planning, retrospectives, and backlog grooming sessions. What you need to bring: 10+ years of experience Strong coding skills in C# (.NET) (preferred) programming languages. Solid understanding of security tools (e.g., OWASP, SonarQube, Burp Suite, Nessus, Metasploit) and their integration. Familiarity with secure coding standards and best practices (e.g., OWASP Top 10). Experience with system-level programming and debugging. Knowledge of system security principles , including authentication, authorization, encryption, and secure protocols. Hands-on experience with cloud platforms (AWS, Azure, or GCP) and securing cloud infrastructure. Strong understanding of operating systems, networking, and system architecture. Experience in performing threat modeling , vulnerability management , and risk assessment . Familiarity with DevSecOps practices and integrating security into CI/CD pipelines. Preferred Skills Certifications like CISSP , CEH , OSCP , or equivalent are a plus. Experience with container security (e.g., Docker, Kubernetes). Knowledge of compliance standards (e.g., GDPR, HIPAA, PCI-DSS). Experience in cryptographic libraries and protocols. Educational Qualifications Bachelor’s/Master’s degree in Computer Science, Cybersecurity, Systems Engineering, or a related field. What We Can Offer You: Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing. Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division. Diversity, Inclusion & Belonging We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. Let's Stay Connected: Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE. Job: Engineering HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT and Affirmative Action employer. We are committed to diversity and building a team that represents a variety of backgrounds, perspectives, and skills. We do not discriminate and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global diverse team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity. Hewlett Packard Enterprise is EEO F/M/Protected Veteran/ Individual with Disabilities. HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

Who We Are: Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in todays complex world. Our culture thrives on finding new and better ways to accelerate whats next. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE. Job Description: In the HPE Hybrid Cloud, we lead the innovation agenda and technology roadmap for all of HPE. This includes managing the design, development, and product portfolio of our next-generation cloud platform, Green Lake. Working with customers, we help them reimagine their information technology needs to deliver a simple, consumable solution that helps them drive their business results. Join us redefine whats next for you. What you’ll do: We are seeking a Software Engineer with strong coding expertise and a solid background in systems engineering and security . The ideal candidate should have experience working with security tools and processes, possess in-depth knowledge of system architecture, and demonstrate the ability to identify and resolve security vulnerabilities. This role involves contributing to the design, implementation, and maintenance of secure systems and applications while ensuring adherence to the best practices in security. This roles involves in Identification and evaluating new technologies, innovations, to ensure alignment with the technology roadmap and business value; creates plans for integration and update into architecture Reviews and evaluates designs and project activities for compliance with development guidelines and standards; provides tangible feedback to improve product quality and mitigate failure risk. Key Responsibilities Coding and Development Write clean, efficient, and secure code using modern programming languages C#/.Net (preferred). Collaborate with teams to design and develop secure systems and applications. Implement and integrate security tools and frameworks into the development lifecycle. Security Practices Perform security assessments and identify vulnerabilities in existing systems and applications. Deep expertise in software systems design, development methodologies, and integration across diverse platforms and technologies Proficient in cloud-based security concepts like using Identity and Access Management, firewalls, VPN and in-plane switching (IPS) systems Integrate and configure security tools (e.g., static and dynamic code analysis, vulnerability scanners, penetration testing tools). Define and enforce security policies, processes, and best practices across development and deployment. Monitor, analyze, and respond to security incidents and events. System Background Work with system-level components to ensure security in software, operating systems, and networks. Optimize performance and security in multi-threaded, distributed, or cloud-based systems. Collaborate with infrastructure and DevOps teams to enhance the overall system security posture. History of innovation with multiple patents or deployed solutions in the field of software design Collaboration and Documentation Collaborate with cross-functional teams, including product management, DevOps, and QA, to embed security in all stages of the SDLC. Create and maintain detailed documentation of security processes, tools, and guidelines. Provide technical guidance and mentoring to junior team members. Implement Agile practices to ensure continuous delivery and incremental progress. Promote and apply the left-shift strategy by identifying and addressing potential issues early in the development process. Actively participate in daily stand-ups, sprint planning, retrospectives, and backlog grooming sessions. What you need to bring: 14+ years of expereinceStrong coding skills in C# (.NET) (preferred) programming languages. Solid understanding of security tools (e.g., OWASP, SonarQube, Burp Suite, Nessus, Metasploit) and their integration. Familiarity with secure coding standards and best practices (e.g., OWASP Top 10). Experience with system-level programming and debugging. Knowledge of system security principles , including authentication, authorization, encryption, and secure protocols. Hands-on experience with cloud platforms (AWS, Azure, or GCP) and securing cloud infrastructure. Strong understanding of operating systems, networking, and system architecture. Experience in performing threat modeling , vulnerability management , and risk assessment . Familiarity with DevSecOps practices and integrating security into CI/CD pipelines. Preferred Skills Certifications like CISSP , CEH , OSCP , or equivalent are a plus. Experience with container security (e.g., Docker, Kubernetes). Knowledge of compliance standards (e.g., GDPR, HIPAA, PCI-DSS). Experience in cryptographic libraries and protocols. Educational Qualifications Bachelor’s/Master’s degree in Computer Science, Cybersecurity, Systems Engineering, or a related field. What We Can Offer You: Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing. Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division. Diversity, Inclusion & Belonging We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know diverse backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. Let's Stay Connected: Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE. Job: Engineering HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT and Affirmative Action employer. We are committed to diversity and building a team that represents a variety of backgrounds, perspectives, and skills. We do not discriminate and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global diverse team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity. Hewlett Packard Enterprise is EEO F/M/Protected Veteran/ Individual with Disabilities. HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories. Explore Location

Preferred candidate profile: Notice period: Looking for immediate joiners only. Strong understanding of IT security standards and frameworks (OWASP, NIST, CIS) Strong understanding of security risks in networks and application platforms Strong understanding of network security, infrastructure security and application security Strong understanding of OSI, TCP/IP model and network basics Demonstrate technical penetration testing skills on IT infrastructure, web applications, mobile platforms and Red teaming Strong technical skills: Information security, network security, Windows security, UNIX/Linux security, web and mobile application security, Cloud platforms Broad knowledge of security technologies for applications, databases, networks, servers, and desktops Solid technical skills in both information security architecture and penetration testing and ability to assess testing tools and deploy the right ones. Scripting and programming experience is beneficial Ability to perform manual penetration testing Experience in Application Security Testing (Web, Mobile & ERP [SAP]), or related functions Vulnerability Assessment, Penetration testing Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actor. Good Understanding of OWASP top 10 and mitigation techniques Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, Security Misconfiguration, CSRF, authentication/ authorization issues Database testing: MySQL, Oracle, NoSQL Understanding of cyber security management, cyber analytics, security intelligence platforms and threat intelligence frameworks Writing business proposals and response to client RFP/ RFIs Identifying business opportunities and lead delivery and program management for large cyber security programs Delivery team and client relationship management. Preferred Certifications: CEH, ECSA, OSCP, CISSP, CCSK, OCSE, CCSP, AWS Security

We are hiring for Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 2 to 5 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2 to 5 Years Skills Source Code :- Secure Code Review / Static Application Security Testing Software Composition Analysis AppSec (Web, Mobile, Thick Client) & API :- Web Application & Thick Client Penetration Testing (DAST) API Security Testing Mobile Application Security Testing (MAST) Network Security:- Network Security VAPT IT Infrastructure VAPT Network Security Configuration Review Process/Architecture Review :- Secure SDLC Process Review Network Security Architecture Review SCD/VA/DFRA/DB Review ;- Database Security Configuration Review Digital Forensics Readiness Assessment Secure Configuration Document Vulnerability Assessment Thanks And Regards, Ankita P Ghosh ankita.patari@happiestminds.com

Bachelor or Master degree in computer science with a minimum of 8 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Two or more years of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Experience with discovering, utilizing, and possibly writing exploits for such vulnerabilities as buffer and stack overflows Familiar with the logistics of security testing such as acquiring authorization for testing, reporting, risk analysis of findings, data handling, and legal considerations Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals (CISSP); Certified Information Systems Auditor (CISA); Certified Information Security Manager (CISM) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Perform analysis and testing to verify the strengths and weaknesses of client IT environments utilizing commercial and open source security testing tools Perform Internet penetration testing (blackbox/ greybox / whitebox testing) and network architecture reviews (manual/ automated) Perform other security testing tasks such as wireless penetration testing, social engineering campaigns (email, web, phone, physical, etc.), mobile application testing, embedded device testing, and similar activities meant to identify critical weaknesses within client environments Assist with the development of remediation recommendations for identified findings Identify and clearly articulate (written and verbal) findings to senior management and clients Help identify improvement opportunities for assigned clients Supervise and provide engagement management for other staff working on assigned engagements Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, and senior management in the U.S. on a daily basis Key Skills to Accelerate Career Maintains a high degree of quality and client relationship on multiple clients at the same time Positively engages, motivates and influences team members Identifies client needs/requirements and initiates discussion to expand services through a solid understanding of the firm's service capabilities and offerings Subscribes to and actively read industry publications and share relevant information with clients as considered applicable

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Product Security Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education About The Role ::Product Security Testing Specialist - IoT, Embedded Devices, Hardware, Medical Instruments and automotive connected cars securityWe are seeking a highly skilled and motivated Product Security Testing Engineer with 6-8 years of proven expertise in IoT, embedded devices, hardware medical instruments and automotive/connected car security. The ideal candidate will have a strong background in security testing methodologies, risk assessment, and a deep understanding of the unique challenges posed by IoT, medical devices and software defined vehicle. This role requires a practical approach to identifying, assessing, and mitigate security flaws in our products as well as expertise in leading and mentoring a group of product security experts.Key responsibilities: Conduct and lead thorough security assessments of IoT devices, embedded systems, hardware components, and medical instruments. Conduct security assessments of connected car systems, including in-vehicle networks, infotainment systems, telematics, and communication interfaces. Identify vulnerabilities and weaknesses in the design, implementation, and configurations of automotive software and hardware components. Assess the security of in-vehicle communication networks, including CAN bus, Ethernet, and wireless protocols. Perform penetration testing, vulnerability assessments, and code reviews to identify security weaknesses. Evaluate the security of IoT ecosystems, including communication protocols, cloud interfaces, and firmware. Assess the security of embedded systems and identify potential vulnerabilities in both software and hardware. Perform hardware penetration testing to identify vulnerabilities in electronic systems. Assess the security of medical devices, ensuring compliance with industry regulations and standards. Identify and address security risks associated with healthcare information systems and connected medical instruments. Evaluate and prioritize security risks based on potential impact and likelihood. Provide recommendations and collaborate with cross-functional teams to implement effective security controls. Stay current with emerging security threats, vulnerabilities, and testing methodologies. Implement best practices for security testing and collaborate with development teams to integrate security into the development lifecycle. Document security testing processes, findings, and remediation recommendations. Generate comprehensive reports for stakeholders, including technical details and actionable insights.Technical experience: Hands on experience with penetration testing tools and methodologies. Proven experience in security testing with a focus on IoT, embedded systems, hardware, and medical instruments. Knowledge of secure coding practices and the ability to review code for security vulnerabilities. Familiarity with industry standards and regulations related to product security, such as ISO 27001, ISO/SAE 21434, UNECE WP.29, IEC 62443, UNR-155 and FDA cybersecurity guidelines. Experience with threat modeling and risk assessment frameworks. Familiarity with secure development practices for embedded systems. Understanding of regulatory requirements for medical device security. Strong understanding of networking protocols, encryption, and authentication mechanisms.Professional attributes: Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders. Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability. Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling. Ability to manage multiple tasks and deadlines. Qualifications: Bachelor's or master's degree in engineering or computer science, Information Security, or a related field. Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP). Qualifications 15 years full time education

What youll be doing... Verizon Cyber Security Team is looking for a Penetration Tester to join our Application Pen Test team. Youll be joining a group of talented, creative thinkers who "act like the enemy" to focus on ensuring that infrastructure and applications (web, mobile, and API) are secure by performing penetration testing from both inside and outside of Verizon. . This team isnt a "copy and paste from a scan tool" reporting team, or a cookie cutter just scanning with tools team, or a team that just monitors and supports security scanning tools used by developers. This team is an enterprise-recognized and supported group of skilled, experienced and certified ethical hacking Verizon employees who are trusted to direct themselves with a lot of unknowns. The successful candidate will possess an effective aptitude in thinking like an adversary, security of Web applications, Infrastructure, APIs and Mobile Applications, mentoring and leading junior pen testers and effectively translating highly technical information to internal customers in a way that supports Cyber Security Team and broader Verizon goals. The ability to lead and perform full scope penetration testing on complex web applications, Infrastructure, APIs and Mobile applications. Configuring and safely utilizing attacker tools, tactics, and procedures for Verizon environments. Developing comprehensive and accurate reports and presentations for both technical and executive audiences. The ability to make collaborative decisions on the impact of an exposure to Verizon. Acting as a SME and guide, advising on security vulnerability impact, ratings and remediation recommendations across the organization as needed. Helping define the Pen Test strategy and standards to further enhance the companys security posture. Effectively communicating findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel. Working closely with stakeholders and developers providing risk-appropriate and pragmatic recommendations to correct found vulnerabilities. Developing scripts, tools, or methodologies to enhance Verizons pen testing processes and effectiveness. Driving technical oversight and mentoring junior pen testers on pen test engagements, vulnerability impact and ratings and remediation recommendations. Providing leadership and guidance to advance the offensive capabilities of the team and its subsequent ability to defend the Verizon Enterprise. What were looking for... Youll need to have: Bachelor's degree and four or more years of work experience. Four or more years of relevant work experience. Relevant pen testing or security experience. Deep understanding of OWASP Top 10, OWASP API Top 10, MASVS. Even better if you have one or more of the following: Strong knowledge of tools used for API, infrastructure, web application, mobile, and network security testing, such as Kali Linux, Metasploit, Wireshark, Burp suite, Cobalt Strike, Nessus, Web Inspect, SQLMap. Knowledge of secure software deployment methodologies, tools, and practices. Experience with application security risk procedures, security patterns, authentication technologies and security attack pathologies. Certifications such as: GXPN, GPEN, eWPT, GCIH, GWAPT, OSCP, OSWA, OSCE, OSWE. Service Delivery/Governance: ITILv2/3. Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors. An implementation level familiarity with all common classes of modern exploitation. Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell. Programming skills preferred and encouraged, as well as the ability to read and assess applications written multiple languages, such as Python, JAVA, .NET, C#, or others. Experience with system and application security threats and vulnerabilities and secure configuration management techniques, software debugging principles, software design tools, methods, and techniques, software development models (e.g., Waterfall Model, Spiral Model). Knowledge of secure coding techniques. Some experience with software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization). Knowledge of secure software deployment methodologies, tools, and practices. Knowledge in discerning the protection needs (i.e., security controls) of information systems and networks.

Hiring Cyber Security Pros (No Beginners) -Teach VAPT/ethical hacking -4mo paid internship to polish teaching. -Confidentiality guaranteed; no employer exposure. -Need: 2-3yrs corp pentest experience (OSCP/CEH must) -Must Speak Hindi & English. Required Candidate profile VAPT: Web/Mobile/API. Tools: Burp/Metasploit/Kali. Core: OS internals, buffer/ROP, network (firewall/VLAN). Vuln analysis, reverse engg, social engg, cloud (AWS/Azure). Domain: OWASP, wireless, crypto Perks and benefits Bonus as per performance

Key Responsibilities : Adversarial Simulations : Plan and execute red team engagements to simulate real-world adversary attacks, including network infiltration, social engineering, web application exploitation, and physical security testing. Vulnerability Assessment : Identify vulnerabilities in the organization's infrastructure, applications, and networks by conducting simulated attacks, including penetration testing and security assessments. Threat Emulation : Develop and simulate advanced persistent threats (APTs), insider threats, and other sophisticated adversary tactics, techniques, and procedures (TTPs) to evaluate defense mechanisms. Collaboration : Work closely with other cybersecurity teams, such as blue teams (defensive security) and incident response, to enhance the security posture of the organization through proactive threat identification and remediation. Security Improvement Recommendations : Provide detailed reports and recommendations after each red team engagement, ensuring that identified vulnerabilities are addressed and mitigated in a timely manner. Exploit Development : Design and develop proof-of-concept exploits to demonstrate the feasibility of identified vulnerabilities. Social Engineering : Perform social engineering assessments, including phishing campaigns, pretexting, and physical security assessments to evaluate an organizations susceptibility to human factors in security. Incident Reporting : Document findings and vulnerabilities in a clear, concise manner and present them to stakeholders, including executives, technical teams, and IT staff, in both written and verbal formats. Continuous Learning : Stay current with the latest cybersecurity threats, tools, techniques, and industry best practices to continuously improve the red team’s effectiveness. Tool Utilization and Development : Use commercial and open-source tools to conduct red team operations. Additionally, develop custom scripts or tools to facilitate specific attack scenarios. Qualifications : Education : Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent work experience. Experience : 3+ years of experience in offensive security, penetration testing, or red teaming. Experience with conducting and leading red team exercises, vulnerability assessments, and penetration tests. Strong understanding of security concepts, network protocols, operating systems (Linux, Windows, macOS), and web application security. Certifications : Certified Red Team Expert (CRTE) Offensive Security Certified Professional (OSCP) Certified Ethical Hacker (CEH) - Preferable GIAC Penetration Tester (GPEN) - Preferable Certified Information Systems Security Professional (CISSP) - Preferable Technical Skills : Proficiency in programming/scripting languages such as Python, Bash, PowerShell, or others. Experience with red team tools (e.g., Cobalt Strike, Metasploit, Burp Suite, Nmap, etc.). Familiarity with attack simulation platforms, threat emulation frameworks (e.g., MITRE ATT&CK). Strong knowledge of attack methodologies and the tactics, techniques, and procedures (TTPs) of advanced persistent threats (APTs). Soft Skills : Strong analytical and problem-solving skills. Ability to communicate complex technical findings to both technical and non-technical stakeholders. Strong attention to detail and ability to work independently or as part of a team. Proactive, self-motivated, and eager to learn new security techniques and

Job Purpose This position is open with Bajaj finserv ltd. Duties and Responsibilities Discover and Mitigate Cyber Risks and exploitable vulnerabilities on the internet facing apps/assets Conduct Regular Vulnerability Assessment and Penetration Testing of the applications Experience with latest technologies and security standards such as OWASP, CVSS, Mitre etc. Mobile App Reversing and pen testing as Android and iOS applications security standards Familiarity with malicious code identification and common hacker attack techniques Conduct regular Secure Code and Architecture Review, SAST and DAST Latest technology security- API, Microservices, RPA, IOT etc. Ethical Hacking and Red Teaming Activity (Addon preferred) Assess Third Party Partner vulnerabilities and security risk Remediations, Closures Tracking, Reporting and Management of all Cyber Risks Engage with technology Teams and partners and business units to resolve identified vulnerabilities within acceptable timelines Design and deliver actionable Information Security dashboards and scorecards Work with partners in carrying out comprehensive VAPT assessment Advanced understanding with working experience collecting and tracking threat intelligence Experience working with tracking, communicating, and prioritizing vulnerabilities and cyber threats to an enterprise-wide organization Required Qualifications and Experience Engineering / Computer Graduate with 3-5 years of Information / Cyber Security Experience Relevant Security Certifications like CEH, CPENT, PNPT, EJPT, EWPT, OSCP etc. preferred Prior experience of Security Testing, OWASP Top 10 and application security Prior experience of Penetration Testing Web Application, Mobile Applications and API Security testing Sound in latest application technologies and network attacks execution Good Written and Verbal Communication with Presentation Skills Good Team Player and sound in stakeholder management Threat Modelling, Cloud Security and WAF basics clarity DevOps / DevSecOps and Source Code security review experience is added boon Well versed with related tools and techniques of all the above

In-depth knowledge of security issues, exploitation techniques and remediation measures. Hands-on Experience in Source Code Review (Automated + Manual). Expertise in SAST report analysis to confirm the applicable vulnerabilities. Required Candidate profile In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database Familiarity with OWASP, SANS vulnerabilities

Job description Job Title: Security Consultant (Mobile & Web Application Security, Red Teaming, Phishing) Location: Navi Mumbai Experience Level:1-2 Years Job Overview: We are looking for a highly motivated Junior Security Analyst with 1-2 years of hands-on experience in Red Teaming, Mobile Application Security Testing, Web Application Security Testing, and Phishing. The selected candidate will work within our cybersecurity team to identify and help mitigate security vulnerabilities across different platforms and applications. Additionally, the role includes participation in Red Team engagements and Phishing Campaigns. Key Responsibilities: Red Teaming: Assist in conducting Red Team operations to simulate advanced persistent threats (APT) and adversary tactics, techniques, and procedures (TTPs).Collaborate with senior team members to develop realistic attack scenarios and generate actionable reports. Mobile Application Security Testing: Perform security assessments of Android and iOS applications, identifying vulnerabilities and weaknesses.Conduct manual and automated testing using industry-standard tools such as Burp Suite, MobSF, Frida, etc.Document vulnerabilities and offer remediation strategies to development teams. Web Application Security Testing: Conduct web application security testing, identifying common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).Use tools such as OWASP ZAP, Burp Suite, and others to perform penetration testing.Prepare detailed assessment reports with actionable remediation recommendations. Phishing Campaigns: Assist in planning and executing phishing campaigns to simulate phishing attacks. Develop phishing templates and analyze user responses to gauge organizational security awareness. Provide reports and conduct training sessions to improve the organizations resilience to phishing attacks. Requirements: 1-2 years of relevant experience in Red Teaming, Mobile Application Security Testing, Web Application Security Testing, and Phishing. Familiarity with security standards and frameworks such as OWASP Top 10, SANS, NIST, etc. Proficiency with penetration testing tools such as Burp Suite, Metasploit, Nessus, MobSF, etc. Basic knowledge of scripting and programming languages (Python, Bash, etc.) is an added advantage. Understanding of phishing techniques and social engineering principles. Strong analytical and problem-solving skills with great attention to detail. Excellent verbal and written communication skills. Preferred Certifications (Not mandatory): CEH (Certified Ethical Hacker) CompTIA Pentest+ OSCP (Offensive Security Certified Professional)

Job Description Role : Offensive Security Location: Mumbai/Hyderabad/Chennai Qualification & Experience M.Tech/B.E. /B.Tech/MCA/BCA/BSC More than 4 years of experience in conducting Red Team and offensive security. Certifications in different Security products, ITIL, CEH, OSCP, OSCE, OSWE, SANS/GIAC etc. would be an added advantage. Job Responsibilities: 3-4 years of experience in Pentest, Red Team, offensive security engagements. Deep understanding of network, web and API security vulnerabilities and mitigation. Good understanding on Active directories and ways of exploitation. In-Depth knowledge of Linux operating system. Ability to model threats and risks for large and complex systems. Good knowledge of IPS/IDS, Firewalls, WAF, Switch and Router. Advance knowledge on Authentication, security protocols, Cryptography etc. Ability to think critically and identify areas of technical and non-technical risk. Ability to write technical reports and communicate technical content to non-technical audiences. Relevant security certification i.e. OSCP, OSCE, OSWE, SANS/GIAC, Published CVEs is an added advantage. Good understanding and experience in offensive security tools and techniques i.e. Metasploit, Burpsuite, Armitage, MITRE ATT&CK Framework. Knowledge in one of the scripting language. Has basic knowledge to write exploits for known vulnerabilities.

Roles and Responsibilities : Conduct security assessments of web applications to identify vulnerabilities and provide recommendations for remediation. Develop and implement secure coding practices, ensuring compliance with industry standards such as OWASP. Collaborate with development teams to design and develop secure software architectures, leveraging technologies like CISM, OSCP, CISSP. Provide training on application security best practices to clients' IT staff. Job Requirements : 4-10 years of experience in application security testing and consulting. Strong understanding of web application security principles and OWASP guidelines. Proficiency in tools such as Nessus, Acunetix, Tenable for vulnerability scanning and penetration testing.

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities • Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications • Plan and execute network penetration testing and Red teaming assessments to simulate real-world attack scenarios. • Perform manual network and application penetration tests on internal network, Active Directory environment, web applications. • Perform social engineering assessment to assess the security awareness and physical security controls of the organization. • Ability to independently research for new vulnerabilities in systems and software and modify and customize tools, known exploits, POCs and scripts to meet operational requirement. • Research and stay up-to-date with the latest attack techniques, tools, and emerging threats. • Present technical reports to clients, explaining the outcomes of the testing and providing detailed insights and recommendations. • Collaborate effectively with cross-functional teams, including developers, IT operations, and business stakeholders to integrate security best practices seamlessly into project workflows. • Provide mentorship and guidance to junior security staff and foster a culture of proactive security awareness within the organization. This role is for you if you have the below • We are seeking an experienced and highly skilled Consultant with over 5+ years of working experience in the field of cybersecurity, including network penetration testing, vulnerability assessment, Active directory testing, phishing assessment and web application penetration testing. The ideal candidate will possess a strong working knowledge of Network protocols, performing OSINT to identify publicly available information and testing and exploiting Microsoft services like Windows Servers, Active directory, Certificate Services. Mandatory technical & functional skills JOB DESCRIPTIONS • Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications • 5+ years of professional experience in cybersecurity, with a focus on Network penetration testing and Red teaming. • Strong understanding of Network protocols, web applications, cryptography, various operating systems and security technologies. • Strong understanding of exploitation of Microsoft platform used in enterprise environment such as windows Servers, Active Directory Certificate Service, Azure, etc. • Experience in one or more of the following a plus: Web application penetration testing, mobile application penetration testing application architecture and business logic analysis. • Relevant certifications, such as GWAPT, OSCP, OSEP, CRTP, CRTO, OSWA, are strongly preferred.

We are looking for a skilled Security Consultant / Senior Security Consultant with expertise in penetration testing to join our team. The ideal candidate will have 3-9 years of experience. ### Roles and Responsibility Lead engagements from kickoff with clients through scoping, penetration testing, and reporting while adhering to the agreed scope and deadlines. Perform penetration testing including network, web application, mobile app (Android & iOS), APIs, cloud security, thick client applications, wireless, social engineering, physical penetration testing, and red team assessments. Execute penetration testing projects using established methodology, tools, and rules of engagement. Identify and exploit security vulnerabilities in various systems. Conduct in-depth analysis of penetration testing results and create reports describing findings, exploitation procedures, risks, and recommendations. Convey complex technical security concepts to both technical and non-technical audiences, including executives. Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Stay up-to-date with the latest techniques and concepts, including Active Directory attacks. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing knowledge, skills, and best practices to foster their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. ### Job Requirements BE/ B.Tech/ MCA or equivalent degree. Minimum 3 years of work experience in penetration testing, including at least three of the following: network, web application, mobile app (Android & iOS), thick client, APIs, wireless, social engineering, physical, and red team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX. Knowledge of Windows, Linux, UNIX, and other major operating systems. Strong understanding of security principles, policies, and industry best practices. Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in cybersecurity through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel, and PowerPoint skills.

We are looking for a skilled Security Consultant / Senior Security Consultant with expertise in penetration testing to join our team. The ideal candidate will have 3-9 years of experience. ### Roles and Responsibility Lead client engagements from kickoff to scoping, penetration testing, and reporting, ensuring adherence to agreed scope and deadlines. Conduct penetration testing including network, web application, mobile app (Android & iOS), APIs, cloud security, thick client applications, wireless, social engineering, physical, and red team assessments. Execute penetration testing projects using established methodologies, tools, and rules of engagement. Identify and exploit security vulnerabilities in various systems. Perform in-depth analysis of penetration testing results and create reports describing findings, exploitation procedures, risks, and recommendations. Convey complex technical security concepts to both technical and non-technical audiences, including executives. Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Stay updated with the latest techniques and concepts, including Active Directory attacks. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing knowledge, skills, and best practices to foster their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. ### Job Requirements Minimum 3 years of work experience in penetration testing, including at least three of the following: network, web application, mobile app (Android & iOS), thick client, APIs, cloud security, thick client applications, wireless, social engineering, physical, and red team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX. Knowledge of Windows, Linux, UNIX, and other major operating systems. Strong understanding of security principles, policies, and industry best practices. Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in cybersecurity through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. BE/ B.Tech/ MCA or equivalent. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel, and PowerPoint skills.

We are hiring for Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 2 to 5 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2 to 4 Years Primary Skills : SAST, Penetration testing , Vulnerability Assessment Responsibility: Static Code analysis, Static/dynamic testing of mobile applications,Vulnerability Assessment,Penetration Testing Thanks And Regards, Ankita P Ghosh ankita.patari@happiestminds.com

6+ yrs of exp in Cyber Security consulting, with min 3 yrs in leadership role Expertise in cybersecurity frameworks & standards such as NIST, ISO 27001, GDPR, DPDPA, PCI DSS, etc. Exp in GDPR, VAPT, App security. Must have exp in consulting

Conduct security testing, including vulnerability assessments and penetration testing, on web applications, mobile applications, APIs, and infrastructure. Identify, exploit, and document security vulnerabilities and weaknesses in the systems. Required Candidate profile Experience: 2-3 years of hands-on experience in security testing, vulnerability assessment, and penetration testing. Relevant security certifications such as CEH , OSCP , or similar are mandatory.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Engineer, you will implement and validate security controls across in-vehicle systems, ensuring protection of ECUs, telematics units, and connected vehicle infrastructure. You will contribute to threat modeling and diagnostics hardening efforts, support penetration testing activities, and document the integration of cybersecurity measures in alignment with regulatory and technical requirements. Roles & Responsibilities: Support the development and implementation of cybersecurity controls across ECUs, telematics systems, and in-vehicle networks in alignment with ISO/SAE 21434 and company CSMS. Participate in security architecture and design reviews, contributing to the definition and validation of security requirements for embedded vehicle systems. Conduct and document threat modeling and risk assessments using methodologies such as HEAVENS, STRIDE, and custom attack graphs. Perform penetration testing and intrusion validation on in-vehicle protocols including CAN, DoIP, and Ethernet, as well as wireless interfaces such as Bluetooth and Wi-Fi. Assist in the execution of fuzz testing and vulnerability analysis using tools like CANoe, Wireshark, Scapy, and Python-based custom scripts. Contribute to the validation of secure boot mechanisms and assist in reverse engineering activities to verify firmware security compliance. Work with software and hardware teams to analyze security issues, identify root causes, and define corrective actions and mitigations. Maintain operational documentation, including test procedures, vulnerability logs, and mitigation tracking in compliance with regulatory requirements. Collaborate with cross-functional teams to integrate secure diagnostics, access control strategies, and key management protocols. Participate in internal assessments and support audit readiness for cybersecurity compliance frameworks such as UNECE WP.29 and ISO 26262. Professional & Technical Skills: Experience supporting in-vehicle cybersecurity programs with 8+ years in embedded or automotive systems development, including 3–4 years focused on penetration testing, diagnostics security, or secure ECU architecture. Hands-on experience conducting security testing and vulnerability assessments on vehicle communication interfaces such as CAN, DoIP, and Ethernet, as well as wireless protocols including Bluetooth, Wi-Fi, and cellular. Strong working knowledge of UDS diagnostics (ISO 14229), secure diagnostics access control, and protocol fuzzing techniques to uncover vulnerabilities in ECUs and vehicle gateways. Proficiency with security testing tools and platforms such as CANoe, Wireshark, Scapy, Python, and Ghidra for traffic analysis, custom scripting, and reverse engineering. Familiarity with cryptographic principles and practical usage of cryptographic libraries (e.g., OpenSSL, mbedTLS) and hardware security modules (HSM) for secure key storage, boot processes, and firmware authentication. Experience supporting OTA (Over-the-Air) update platforms and ensuring their secure integration using encryption, authentication, and rollback protection mechanisms. Exposure to cybersecurity development in Agile-based or V-model automotive environments, working collaboratively with software, systems, and validation teams. Knowledge of regulatory and compliance standards relevant to automotive cybersecurity, including ISO/SAE 21434, UNECE WP.29 (R155/R156), and functional safety (ISO 26262). Ability to document test cases, generate detailed security analysis reports, and provide engineering teams with clear recommendations and follow-up actions for mitigation. Demonstrated problem-solving skills and the ability to troubleshoot complex issues related to embedded systems security, communication integrity, and control system protection. Additional Information: 5+ years' experience implementing and performing Automotive Cybersecurity Experience with AUTOSAR (Classic/Adaptive), ECU firmware security, or secure telematics units. This position is based at our Bengaluru office A 15-year full-time education is required Good to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Architect, you will define the end-to-end security architecture and strategy for in-vehicle systems, telematics, and cloud-connected services, ensuring alignment with regulatory requirements and industry best practices. You will also lead penetration testing efforts, document security controls across ECUs and communication interfaces, and guide the implementation of secure system designs across the vehicle ecosystem. Roles & Responsibilities: Define and implement end-to-end cybersecurity architecture for connected vehicles, ECUs, and backend services, ensuring alignment with ISO/SAE 21434, UNECE WP.29, and CSMS requirements. Develop secure communication and firmware update frameworks, supporting over-the-air (OTA) updates and in-vehicle data integrity. Perform threat modeling and risk analysis using industry-standard methodologies such as HEAVENS, STRIDE, and attack trees to identify vulnerabilities across vehicle networks and interfaces. Guide the definition of mitigation strategies and ensure full traceability between threats, assets, and controls throughout the development lifecycle. Plan and lead security validation activities, including advanced penetration testing and fuzzing of vehicle interfaces (CAN, DoIP, Ethernet, Bluetooth, Wi-Fi, Cellular). Create and maintain documentation for test cases, tooling, security controls, and validation outcomes across ECUs and connected modules. Collaborate with cross-functional teams to drive secure design practices in diagnostics, boot process, and firmware integrity verification. Conduct vulnerability assessments using tools such as CANoe, CANalyzer, Wireshark, Ghidra, and custom analysis scripts, and support remediation planning. Lead red team exercises and security reviews in coordination with product security and development teams. Represent cybersecurity in internal audits and regulatory assessments, ensuring alignment with WP.29 R155/R156 and ISO 26262. Work with suppliers and partners to evaluate and integrate security solutions aligned with evolving vehicle cybersecurity requirements. Professional & Technical Skills: Extensive experience (12+ years) in embedded and automotive systems, with over 6 years specializing in automotive cybersecurity strategy, architecture, and threat analysis. Hands-on experience designing and executing penetration testing of automotive systems, including ECUs, ADAS, telematics, infotainment, and V2X components, across in-vehicle networks and external interfaces. Strong knowledge of in-vehicle communication protocols such as CAN, LIN, FlexRay, DoIP, and automotive diagnostic protocols (UDS), as well as wireless technologies including Bluetooth, Wi-Fi, and Cellular. In-depth understanding of secure communication protocols and cryptographic standards, including TLS, MACsec, AES, RSA, ECC, and Public Key Infrastructure (PKI) for automotive applications. Proven experience in designing and implementing Secure Boot, Secure OTA (Over-the-Air) update mechanisms, and ECU firmware authentication using HSMs and trusted execution environments. Demonstrated ability to conduct and lead threat modeling and risk assessments using HEAVENS, STRIDE, attack trees, and DFD methodologies in compliance with ISO/SAE 21434. Familiarity with regulatory and compliance frameworks such as UNECE WP.29 (R155/R156), CSMS, and ISO 26262, and practical experience aligning security activities to these standards. Proficiency in security validation tools and platforms including Canoe, CANalyzer, Wireshark, Ghidra, Scapy, and custom-built tools for binary analysis, fuzzing, and reverse engineering. Experience guiding vulnerability remediation efforts across hardware and software development teams in an Agile or V-model development environment. Strong technical documentation skills and the ability to translate complex cybersecurity concepts into actionable guidance for engineering and compliance teams. Capable of engaging with external vendors, regulatory bodies, and cross-functional stakeholders to align security requirements, audits, and certifications. Additional Information: 7+ years' experience implementing and performing Automotive Cybersecurity This position is based at our Bengaluru office A 15-year full time education is required Good to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education