195 Oscp Jobs - Page 8

Lead Red, Blue & Purple Team operations, securing client assets via pentests, monitoring, incident response & compliance. Manage teams, train clients, and ensure continuous protection across Web2 & Web3 tech. Full JD here: https://bit.ly/4lxMCjo

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Red Teaming Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will oversee the strategic planning and execution of red team operations to emulate real-world threats and uncover security weaknesses across the organization. Your typical day will involve planning, scoping and conducting red team operations, including social engineering, network exploitation, and post-exploitation activities along with leading a team of offensive security experts, and aligning red team efforts with business risk priorities. You will work closely with incident response, and threat intelligence teams to identify detection gaps and provide actionable insights, ensuring the organization remains prepared against evolving threats, while fostering a culture of continuous learning and adversary-aware defense. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Plan, scope, and execute red team exercises simulating real-world attack scenarios.- Perform threat modeling and adversary emulation exercises based on MITRE ATT&CK framework.- Conduct internal and external penetration tests, including physical security and social engineering engagements.- Design and deliver phishing campaigns and other social engineering attacks to test human security posture.- Establish and manage command-and-control (C2) infrastructures using tools like Cobalt Strike.- Perform post-exploitation tasks including lateral movement, Active Directory (AD) exploitation, privilege escalation, and data exfiltration.- Identify gaps in detection and response capabilities and provide detailed reports and remediation recommendations.- Collaborate with Blue Team and Incident Response to enhance organizational defense.- Continuously research emerging threats, TTPs, and contribute to the development of new testing methodologies.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills.- Monitor and evaluate the effectiveness of security measures and recommend improvements. Professional & Technical Skills: - Deep understanding of red team tactics, techniques, and procedures (TTPs) align with MITRE ATT&CK framework.- Proven experience in conducting end-to-end red team engagements across different environments (on-prem, cloud, hybrid).- Proficient with red team tools such as Cobalt Strike, Mythic, Metasploit, Bloodhound, Sharp hound, PowerShell Empire, Impacket- Expertise in EDR/AV evasion techniques, custom payload development, and OPSEC-aware operations.- Skilled in Active Directory attacks, Kerberoasting, Pass-the-Hash/Ticket, and Golden/Silver ticket attacks.- Proficient in hardware-based and physical attack techniques including Rubber Ducky payload deployment, planting rogue devices such as LAN Turtle, Raspberry Pi, NAC bypass. Executing Wi-Fi attacks like Evil Twin attacks, and RFID cloning for physical access simulation and red team engagements.- Strong knowledge of data exfiltration methods and covert communication channels.- Experience with phishing toolkits and infrastructure for social engineering campaigns.- Familiarity with scripting and automation using PowerShell, Python, or Bash.- Comfortable working under strict ethical and legal boundaries, with a strong focus on operational safety. Additional Information:- The candidate should have minimum 7.5 years of experience in Red Teaming.- Certifications- OSCP, OSEP, CRTP, CRTE, CRTO.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Cloud Security Architecture : - Asses, help in design and development of AWS, Azure and AWS security architectures for protecting PII/PCI data deployed into different types of cloud and cloud/hybrid systems. - Improve the security around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). - Work part of Cyber team for Enterprise Security for other Technology teams and Vendors within the organisation for all matters related to cloud security. - Implement NIST framework on cloud-native architectures to mitigate the risk to Organisation PII, PCI data and with appropriate security controls present. - SSDLC Embed Security practices in development and implementation of the overall enterprise cloud architecture to ensure Secure Software Development Lifecycle. - Enhance/redesign existing cyber standards in partnership with Engineering, Infrastructure Services, and Application Development. - Act as the ambassador and senior technical representative to Lead initiatives designed to share knowledge across Security Platforms and/or Technology teams, identify, recommend, coordinate and deliver timely knowledge to support teams regarding technologies, processes or tools. - Ensures the effective translation of the security architecture is implemented into the solutions. - Assist to evaluate all the new initiatives/solutions (including Cloud) with the design recommendations and work with project managers and architects during implementation. - SAP GRC / AC 12 experience is good to have. New Technology & Risks : - Evaluate and recommend tools and solutions to enhance the security posture of the Enterprise. - Maintain contact with vendors regarding security system updates and technical support of security products. - Perform cost-benefit and risk analysisAnalyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks. Measures of Success : - Product/services are cyber compliant and risk reduced to minimal or zero. - Successful implementation/ adoption of any new solution, technology or framework. - Timely and inbudget delivery of security projects specifications within time and budget. Technical Skills / Experience / Certifications : - CCSP certification is mandatory, Any among like TOGAF, SABSA, OSCP or python certification is preferred. - Knowledge of enterprise IT Systems, infrastructure and security technologies. - Knowledge of Information Security Standards like ISO 27001, PCI-DSS, NIST CSF, CSA framework etc. - Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc. - Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.) preferred. - Experience architecting solutions within Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), VMware NSX, Oracle etc. - Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes such as secure software development, Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments. - Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies. - Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies. - SAP GRC / AC 12 experience is good to have.

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-7 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L1 Analyst has responsibility to closely track the incidents and support for closure. 10.Escalate more complex incidents to L2 analysts for deeper analysis. 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Handle XDR alerts and followup with customer team for agent updates Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Preferred technical and professional experience Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.2 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques.Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications"

Project Role :Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Penetration Testing Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Experienced and technically proficient Telecom Security penetration tester for our cybersecurity team. The ideal candidate will bring 3 years of hands-on experience in telecom risk and vulnerability assessment, network element hardening and network penetration testing. This role is critical in securing telecom nodes, ensuring compliance with industry standards, and reducing the risk landscape across telecom assets. Key Responsibilities:- Conduct comprehensive telecom risk assessments on core and access network nodes (e.g., Voice core, packet core, radio, IMS, 5G Core, fixed line, etc.).- Perform vulnerability assessments specific to telecom protocols and elements, identifying and addressing weaknesses in both legacy and modern network infrastructures including cloud environments.- Drive security hardening initiatives across telecom network elements by defining and implementing industry-aligned baselines (e.g., 3GPP, GSMA NESAS, NIST).- Perform penetration testing on telecom services and infrastructure. Be proficient with telecom protocols (e.g., SS7, Diameter, GTP, SIP, NAS, SBI) and O&M services (e.g., SNMP, SSH, HTTP). Experience on web application (e.g., OWASP) and on-premises cloud penetration testing- Stay abreast of emerging threats, vulnerabilities, and technologies relevant to telecom systems and propose strategic mitigations.- Lead or support internal and third-party security audits, assessments, and penetration tests across telecom assets.- Develop technical documentation, risk reports, and security architecture reviews tailored to the telecom domain.Required Skills and Qualifications:- Bachelor's or Master's degree in Telecommunications, Information Security, Computer Science, or related field.- 3 years of experience in telecom cybersecurity, with deep expertise in mobile and fixed network technologies (2G/3G/4G/5G, IMS, VoLTE, etc.).- Proven experience in telecom-specific risk, penetration testing and vulnerability assessments.- Strong knowledge of network element hardening techniques and standards (e.g., NE security configuration baselines, patching policies).- Hands-on experience with telecom protocols such as Diameter, SIP, SS7, GTP, SCTP, etc.- Familiarity with compliance frameworks and standards like 3GPP, GSMA NESAS, ISO 27001, NIST, and local telecom regulations.- Ability to collaborate with cross-functional teams and articulate complex security issues to technical and non-technical stakeholders.- Strong documentation and reporting skills. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Penetration Testing with experience in Telecom Security.- Strong understanding of cloud security principles and best practices.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security tools and technologies for vulnerability scanning and penetration testing.- Knowledge of compliance frameworks such as ISO 27001, NIST, and GDPR.Preferred Certifications:- Telecom Security relevant certification/trainings (preferred)- Certified Information Systems Security Professional (CISSP)- GIAC Global Industrial Cyber Security Professional (GICSP) or equivalent telecom-focused security credentials- OSCP (Offensive Security Certified Professional) Additional Information:- The candidate should have minimum 3 years of experience in Security Penetration Testing.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Penetration Testing Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Experienced and technically proficient Telecom Security penetration tester for our cybersecurity team. The ideal candidate will bring 3 years of hands-on experience in telecom risk and vulnerability assessment, network element hardening and network penetration testing. This role is critical in securing telecom nodes, ensuring compliance with industry standards, and reducing the risk landscape across telecom assets. Key Responsibilities:- Conduct comprehensive telecom risk assessments on core and access network nodes (e.g., Voice core, packet core, radio, IMS, 5G Core, fixed line, etc.).- Perform vulnerability assessments specific to telecom protocols and elements, identifying and addressing weaknesses in both legacy and modern network infrastructures including cloud environments.- Drive security hardening initiatives across telecom network elements by defining and implementing industry-aligned baselines (e.g., 3GPP, GSMA NESAS, NIST).- Perform penetration testing on telecom services and infrastructure. Be proficient with telecom protocols (e.g., SS7, Diameter, GTP, SIP, NAS, SBI) and O&M services (e.g., SNMP, SSH, HTTP). Experience on web application (e.g., OWASP) and on-premises cloud penetration testing- Stay abreast of emerging threats, vulnerabilities, and technologies relevant to telecom systems and propose strategic mitigations.- Lead or support internal and third-party security audits, assessments, and penetration tests across telecom assets.- Develop technical documentation, risk reports, and security architecture reviews tailored to the telecom domain.Required Skills and Qualifications:- Bachelor's or Master's degree in Telecommunications, Information Security, Computer Science, or related field.- 3 years of experience in telecom cybersecurity, with deep expertise in mobile and fixed network technologies (2G/3G/4G/5G, IMS, VoLTE, etc.).- Proven experience in telecom-specific risk, penetration testing and vulnerability assessments.- Strong knowledge of network element hardening techniques and standards (e.g., NE security configuration baselines, patching policies).- Hands-on experience with telecom protocols such as Diameter, SIP, SS7, GTP, SCTP, etc.- Familiarity with compliance frameworks and standards like 3GPP, GSMA NESAS, ISO 27001, NIST, and local telecom regulations.- Ability to collaborate with cross-functional teams and articulate complex security issues to technical and non-technical stakeholders.- Strong documentation and reporting skills. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Penetration Testing with experience in Telecom Security.- Strong understanding of cloud security principles and best practices.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security tools and technologies for vulnerability scanning and penetration testing.- Knowledge of compliance frameworks such as ISO 27001, NIST, and GDPR.Preferred Certifications:- Telecom Security relevant certification/trainings (preferred)- Certified Information Systems Security Professional (CISSP)- GIAC Global Industrial Cyber Security Professional (GICSP) or equivalent telecom-focused security credentials- OSCP (Offensive Security Certified Professional) Additional Information:- The candidate should have minimum 3 years of experience in Security Penetration Testing.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Penetration Testing Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Experienced and technically proficient Telecom Security penetration tester for our cybersecurity team. The ideal candidate will bring 3 years of hands-on experience in telecom risk and vulnerability assessment, network element hardening and network penetration testing. This role is critical in securing telecom nodes, ensuring compliance with industry standards, and reducing the risk landscape across telecom assets. Key Responsibilities:- Conduct comprehensive telecom risk assessments on core and access network nodes (e.g., Voice core, packet core, radio, IMS, 5G Core, fixed line, etc.).- Perform vulnerability assessments specific to telecom protocols and elements, identifying and addressing weaknesses in both legacy and modern network infrastructures including cloud environments.- Drive security hardening initiatives across telecom network elements by defining and implementing industry-aligned baselines (e.g., 3GPP, GSMA NESAS, NIST).- Perform penetration testing on telecom services and infrastructure. Be proficient with telecom protocols (e.g., SS7, Diameter, GTP, SIP, NAS, SBI) and O&M services (e.g., SNMP, SSH, HTTP). Experience on web application (e.g., OWASP) and on-premises cloud penetration testing- Stay abreast of emerging threats, vulnerabilities, and technologies relevant to telecom systems and propose strategic mitigations.- Lead or support internal and third-party security audits, assessments, and penetration tests across telecom assets.- Develop technical documentation, risk reports, and security architecture reviews tailored to the telecom domain.Required Skills and Qualifications:- Bachelor's or Master's degree in Telecommunications, Information Security, Computer Science, or related field.- 3 years of experience in telecom cybersecurity, with deep expertise in mobile and fixed network technologies (2G/3G/4G/5G, IMS, VoLTE, etc.).- Proven experience in telecom-specific risk, penetration testing and vulnerability assessments.- Strong knowledge of network element hardening techniques and standards (e.g., NE security configuration baselines, patching policies).- Hands-on experience with telecom protocols such as Diameter, SIP, SS7, GTP, SCTP, etc.- Familiarity with compliance frameworks and standards like 3GPP, GSMA NESAS, ISO 27001, NIST, and local telecom regulations.- Ability to collaborate with cross-functional teams and articulate complex security issues to technical and non-technical stakeholders.- Strong documentation and reporting skills. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Penetration Testing with experience in Telecom Security.- Strong understanding of cloud security principles and best practices.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security tools and technologies for vulnerability scanning and penetration testing.- Knowledge of compliance frameworks such as ISO 27001, NIST, and GDPR.Preferred Certifications:- Telecom Security relevant certification/trainings (preferred)- Certified Information Systems Security Professional (CISSP)- GIAC Global Industrial Cyber Security Professional (GICSP) or equivalent telecom-focused security credentials- OSCP (Offensive Security Certified Professional) Additional Information:- The candidate should have minimum 3 years of experience in Security Penetration Testing.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Penetration Testing Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Experienced and technically proficient Telecom Security penetration tester for our cybersecurity team. The ideal candidate will bring 3 years of hands-on experience in telecom risk and vulnerability assessment, network element hardening and network penetration testing. This role is critical in securing telecom nodes, ensuring compliance with industry standards, and reducing the risk landscape across telecom assets. Key Responsibilities:- Conduct comprehensive telecom risk assessments on core and access network nodes (e.g., Voice core, packet core, radio, IMS, 5G Core, fixed line, etc.).- Perform vulnerability assessments specific to telecom protocols and elements, identifying and addressing weaknesses in both legacy and modern network infrastructures including cloud environments.- Drive security hardening initiatives across telecom network elements by defining and implementing industry-aligned baselines (e.g., 3GPP, GSMA NESAS, NIST).- Perform penetration testing on telecom services and infrastructure. Be proficient with telecom protocols (e.g., SS7, Diameter, GTP, SIP, NAS, SBI) and O&M services (e.g., SNMP, SSH, HTTP). Experience on web application (e.g., OWASP) and on-premises cloud penetration testing- Stay abreast of emerging threats, vulnerabilities, and technologies relevant to telecom systems and propose strategic mitigations.- Lead or support internal and third-party security audits, assessments, and penetration tests across telecom assets.- Develop technical documentation, risk reports, and security architecture reviews tailored to the telecom domain.Required Skills and Qualifications:- Bachelor's or Master's degree in Telecommunications, Information Security, Computer Science, or related field.- 3 years of experience in telecom cybersecurity, with deep expertise in mobile and fixed network technologies (2G/3G/4G/5G, IMS, VoLTE, etc.).- Proven experience in telecom-specific risk, penetration testing and vulnerability assessments.- Strong knowledge of network element hardening techniques and standards (e.g., NE security configuration baselines, patching policies).- Hands-on experience with telecom protocols such as Diameter, SIP, SS7, GTP, SCTP, etc.- Familiarity with compliance frameworks and standards like 3GPP, GSMA NESAS, ISO 27001, NIST, and local telecom regulations.- Ability to collaborate with cross-functional teams and articulate complex security issues to technical and non-technical stakeholders.- Strong documentation and reporting skills. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Penetration Testing with experience in Telecom Security.- Strong understanding of cloud security principles and best practices.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security tools and technologies for vulnerability scanning and penetration testing.- Knowledge of compliance frameworks such as ISO 27001, NIST, and GDPR.Preferred Certifications:- Telecom Security relevant certification/trainings (preferred)- Certified Information Systems Security Professional (CISSP)- GIAC Global Industrial Cyber Security Professional (GICSP) or equivalent telecom-focused security credentials- OSCP (Offensive Security Certified Professional) Additional Information:- The candidate should have minimum 3 years of experience in Security Penetration Testing.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role :Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Penetration Testing Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Experienced and technically proficient Telecom Security penetration tester for our cybersecurity team. The ideal candidate will bring 3 years of hands-on experience in telecom risk and vulnerability assessment, network element hardening and network penetration testing. This role is critical in securing telecom nodes, ensuring compliance with industry standards, and reducing the risk landscape across telecom assets. Key Responsibilities:- Conduct comprehensive telecom risk assessments on core and access network nodes (e.g., Voice core, packet core, radio, IMS, 5G Core, fixed line, etc.).- Perform vulnerability assessments specific to telecom protocols and elements, identifying and addressing weaknesses in both legacy and modern network infrastructures including cloud environments.- Drive security hardening initiatives across telecom network elements by defining and implementing industry-aligned baselines (e.g., 3GPP, GSMA NESAS, NIST).- Perform penetration testing on telecom services and infrastructure. Be proficient with telecom protocols (e.g., SS7, Diameter, GTP, SIP, NAS, SBI) and O&M services (e.g., SNMP, SSH, HTTP). Experience on web application (e.g., OWASP) and on-premises cloud penetration testing- Stay abreast of emerging threats, vulnerabilities, and technologies relevant to telecom systems and propose strategic mitigations.- Lead or support internal and third-party security audits, assessments, and penetration tests across telecom assets.- Develop technical documentation, risk reports, and security architecture reviews tailored to the telecom domain.Required Skills and Qualifications:- Bachelor's or Master's degree in Telecommunications, Information Security, Computer Science, or related field.- 3 years of experience in telecom cybersecurity, with deep expertise in mobile and fixed network technologies (2G/3G/4G/5G, IMS, VoLTE, etc.).- Proven experience in telecom-specific risk, penetration testing and vulnerability assessments.- Strong knowledge of network element hardening techniques and standards (e.g., NE security configuration baselines, patching policies).- Hands-on experience with telecom protocols such as Diameter, SIP, SS7, GTP, SCTP, etc.- Familiarity with compliance frameworks and standards like 3GPP, GSMA NESAS, ISO 27001, NIST, and local telecom regulations.- Ability to collaborate with cross-functional teams and articulate complex security issues to technical and non-technical stakeholders.- Strong documentation and reporting skills. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Penetration Testing with experience in Telecom Security.- Strong understanding of cloud security principles and best practices.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security tools and technologies for vulnerability scanning and penetration testing.- Knowledge of compliance frameworks such as ISO 27001, NIST, and GDPR.Preferred Certifications:- Telecom Security relevant certification/trainings (preferred)- Certified Information Systems Security Professional (CISSP)- GIAC Global Industrial Cyber Security Professional (GICSP) or equivalent telecom-focused security credentials- OSCP (Offensive Security Certified Professional) Additional Information:- The candidate should have minimum 3 years of experience in Security Penetration Testing.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

This is a full-time on-site role for a Penetration Tester located in Faridabad. The Penetration Tester will be responsible for identifying and exploiting vulnerabilities in application security, as well as performing red teaming exercises. Role & responsibilities Plan and perform external penetration tests and vulnerability scans against clients websites, APIs, and network edge, employing manual research techniques and industry-standard tools (e.g., Burp Suite, Nessus). Validate and triage findings, assign severity ratings (e.g., CVSS), and produce professional audit reports that translate technical risks into actionable business recommendations. Engage with client stakeholders - present interim findings, advise on mitigation strategies, and retest remediated issues to verify closure. Preferred candidate profile Deep understanding of VAPT methodologies (OSSTMM, PTES) and research approaches. Proficiency with web-app testing tools (Burp Suite, OWASP ZAP) and network scanners (Nmap). Strong knowledge of OWASP Top 10, CVSS scoring, and network attack vectors. Excellent written and verbal communication skills for client reporting and technical presentations. Scripting ability (Python, Bash, PowerShell) for automation of scans and proof-of-concept research. Hands-on cybersecurity experience such as accepted bug bounties, CTF rankings, disclosable VAPT reports, CVE contributions, or practical certifications like OSCP, eJPT. Familiarity with compliance frameworks (PCI-DSS, ISO 27001, GDPR) and translating audit results into compliance guidance.

Date: 7 Aug 2025 Location: Bangalore, KA, IN At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling, and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, 80,000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars. Could you be the full-time Cybersecurity Engineer in Bangalore were looking for? Your future role Take on a new challenge and apply your cybersecurity expertise in a cutting-edge field. Youll work alongside a highly motivated and dynamic team of cybersecurity professionals. You'll play a pivotal role in safeguarding Alstoms products and solutions by leading vulnerability assessments, performing scans, penetration testing, and monitoring global threats. Day-to-day, youll collaborate with various teams across the businessincluding Program Managers, Product Development Teams, and Regional Cybersecurity Managerswhile driving the implementation of robust security practices and much more. Youll specifically take care of conducting security assessments, including vulnerability scans and penetration tests, but also contribute to incident response workflows and provide training on cybersecurity tools and processes. Well look to you for: Performing vulnerability assessments, penetration tests, and policy compliance scans using industry-standard tools. Monitoring published vulnerabilities and security advisories, and communicating potential risks to internal teams. Providing analysis on vulnerabilities in operating systems, applications, and configurations, and recommending remediation actions. Supporting incident response activities as part of the PSIRT team, including first-level analysis and vulnerability remediation workflows. Identifying and deploying cybersecurity tools, offering training and guidance to ensure effective use. Delivering internal training on cybersecurity processes, tools, and best practices. All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Bachelors or Masters degree in Computer Science, Information Technology, or equivalent. Mandatory CEH or equivalent Pen Test certification. Preferred certifications: ISA 62443, OSCP, or others like GICSP, CISSP, GSEC, ECSA, CISM, Comptia Pen Test+. Experience with security tools such as Qualys, Nessus, Kali Linux, Metasploit, Burp Suite, and more. Strong knowledge of networking (TCP/IP, OSI model), operating systems (Windows, Linux), and security technologies (firewalls, IDS/IPS). Understanding of programming/scripting languages such as Python, Java, or C. Familiarity with security standards and regulations like ISO 2700X, ISA 62443, and NIST. Experience in configuration reviews using CIS Benchmarks. Knowledge of CVE, CPE, and CWE frameworks. Strong analytical, problem-solving, and communication skills. Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges, and a long-term career free from monotonous daily routines. Work with new security standards for rail signalling. Collaborate with cross-functional teams and supportive colleagues. Contribute to innovative and impactful projects. Utilise our flexible and inclusive working environment. Steer your career in whatever direction you choose across functions and countries. Benefit from our investment in your development, through award-winning learning programs. Progress towards leadership roles in cybersecurity or related fields. Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension).

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Red Teaming Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will oversee the strategic planning and execution of red team operations to emulate real-world threats and uncover security weaknesses across the organization. Your typical day will involve planning, scoping and conducting red team operations, including social engineering, network exploitation, and post-exploitation activities along with leading a team of offensive security experts, and aligning red team efforts with business risk priorities. You will work closely with incident response, and threat intelligence teams to identify detection gaps and provide actionable insights, ensuring the organization remains prepared against evolving threats, while fostering a culture of continuous learning and adversary-aware defense. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Plan, scope, and execute red team exercises simulating real-world attack scenarios.- Perform threat modeling and adversary emulation exercises based on MITRE ATT&CK framework.- Conduct internal and external penetration tests, including physical security and social engineering engagements.- Design and deliver phishing campaigns and other social engineering attacks to test human security posture.- Establish and manage command-and-control (C2) infrastructures using tools like Cobalt Strike.- Perform post-exploitation tasks including lateral movement, Active Directory (AD) exploitation, privilege escalation, and data exfiltration.- Identify gaps in detection and response capabilities and provide detailed reports and remediation recommendations.- Collaborate with Blue Team and Incident Response to enhance organizational defense.- Continuously research emerging threats, TTPs, and contribute to the development of new testing methodologies.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills.- Monitor and evaluate the effectiveness of security measures and recommend improvements. Professional & Technical Skills: - Deep understanding of red team tactics, techniques, and procedures (TTPs) align with MITRE ATT&CK framework.- Proven experience in conducting end-to-end red team engagements across different environments (on-prem, cloud, hybrid).- Proficient with red team tools such as Cobalt Strike, Mythic, Metasploit, Bloodhound, Sharp hound, PowerShell Empire, Impacket- Expertise in EDR/AV evasion techniques, custom payload development, and OPSEC-aware operations.- Skilled in Active Directory attacks, Kerberoasting, Pass-the-Hash/Ticket, and Golden/Silver ticket attacks.- Proficient in hardware-based and physical attack techniques including Rubber Ducky payload deployment, planting rogue devices such as LAN Turtle, Raspberry Pi, NAC bypass. Executing Wi-Fi attacks like Evil Twin attacks, and RFID cloning for physical access simulation and red team engagements.- Strong knowledge of data exfiltration methods and covert communication channels.- Experience with phishing toolkits and infrastructure for social engineering campaigns.- Familiarity with scripting and automation using PowerShell, Python, or Bash.- Comfortable working under strict ethical and legal boundaries, with a strong focus on operational safety. Additional Information:- The candidate should have minimum 7.5 years of experience in Red Teaming.- Certifications- OSCP, OSEP, CRTP, CRTE, CRTO.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure youre set up for success, you will bring the following skillset & experience: 3+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Red Teaming Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will oversee the strategic planning and execution of red team operations to emulate real-world threats and uncover security weaknesses across the organization. Your typical day will involve planning, scoping and conducting red team operations, including social engineering, network exploitation, and post-exploitation activities along with leading a team of offensive security experts, and aligning red team efforts with business risk priorities. You will work closely with incident response, and threat intelligence teams to identify detection gaps and provide actionable insights, ensuring the organization remains prepared against evolving threats, while fostering a culture of continuous learning and adversary-aware defense. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Plan, scope, and execute red team exercises simulating real-world attack scenarios.- Perform threat modeling and adversary emulation exercises based on MITRE ATT&CK framework.- Conduct internal and external penetration tests, including physical security and social engineering engagements.- Design and deliver phishing campaigns and other social engineering attacks to test human security posture.- Establish and manage command-and-control (C2) infrastructures using tools like Cobalt Strike.- Perform post-exploitation tasks including lateral movement, Active Directory (AD) exploitation, privilege escalation, and data exfiltration.- Identify gaps in detection and response capabilities and provide detailed reports and remediation recommendations.- Collaborate with Blue Team and Incident Response to enhance organizational defense.- Continuously research emerging threats, TTPs, and contribute to the development of new testing methodologies.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills.- Monitor and evaluate the effectiveness of security measures and recommend improvements. Professional & Technical Skills: - Deep understanding of red team tactics, techniques, and procedures (TTPs) align with MITRE ATT&CK framework.- Proven experience in conducting end-to-end red team engagements across different environments (on-prem, cloud, hybrid).- Proficient with red team tools such as Cobalt Strike, Mythic, Metasploit, Bloodhound, Sharp hound, PowerShell Empire, Impacket- Expertise in EDR/AV evasion techniques, custom payload development, and OPSEC-aware operations.- Skilled in Active Directory attacks, Kerberoasting, Pass-the-Hash/Ticket, and Golden/Silver ticket attacks.- Proficient in hardware-based and physical attack techniques including Rubber Ducky payload deployment, planting rogue devices such as LAN Turtle, Raspberry Pi, NAC bypass. Executing Wi-Fi attacks like Evil Twin attacks, and RFID cloning for physical access simulation and red team engagements.- Strong knowledge of data exfiltration methods and covert communication channels.- Experience with phishing toolkits and infrastructure for social engineering campaigns.- Familiarity with scripting and automation using PowerShell, Python, or Bash.- Comfortable working under strict ethical and legal boundaries, with a strong focus on operational safety. Additional Information:- The candidate should have minimum 7.5 years of experience in Red Teaming.- Certifications- OSCP, OSEP, CRTP, CRTE, CRTO.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Cloud Security Architecture : - Asses, help in design and development of AWS, Azure and AWS security architectures for protecting PII/PCI data deployed into different types of cloud and cloud/hybrid systems. - Improve the security around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). - Work part of Cyber team for Enterprise Security for other Technology teams and Vendors within the organisation for all matters related to cloud security. - Implement NIST framework on cloud-native architectures to mitigate the risk to Organisation PII, PCI data and with appropriate security controls present. - SSDLC Embed Security practices in development and implementation of the overall enterprise cloud architecture to ensure Secure Software Development Lifecycle. - Enhance/redesign existing cyber standards in partnership with Engineering, Infrastructure Services, and Application Development. - Act as the ambassador and senior technical representative to Lead initiatives designed to share knowledge across Security Platforms and/or Technology teams, identify, recommend, coordinate and deliver timely knowledge to support teams regarding technologies, processes or tools. - Ensures the effective translation of the security architecture is implemented into the solutions. - Assist to evaluate all the new initiatives/solutions (including Cloud) with the design recommendations and work with project managers and architects during implementation. - SAP GRC / AC 12 experience is good to have. New Technology & Risks : - Evaluate and recommend tools and solutions to enhance the security posture of the Enterprise. - Maintain contact with vendors regarding security system updates and technical support of security products. - Perform cost-benefit and risk analysisAnalyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks. Measures of Success : - Product/services are cyber compliant and risk reduced to minimal or zero. - Successful implementation/ adoption of any new solution, technology or framework. - Timely and inbudget delivery of security projects specifications within time and budget. Technical Skills / Experience / Certifications : - CCSP certification is mandatory, Any among like TOGAF, SABSA, OSCP or python certification is preferred. - Knowledge of enterprise IT Systems, infrastructure and security technologies. - Knowledge of Information Security Standards like ISO 27001, PCI-DSS, NIST CSF, CSA framework etc. - Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc. - Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.) preferred. - Experience architecting solutions within Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), VMware NSX, Oracle etc. - Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes such as secure software development, Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments. - Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies. - Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies. - SAP GRC / AC 12 experience is good to have.

Role & responsibilities Security testing tools, vulnerability scanning, and exploit frameworks (e.g. Tenable (Nessus), Qualys, Cloud Native Scanning capabilities or other relevant scanning tools). One or more Cloud platforms and cloud vulnerability assessment approaches i.e. Ali Cloud, AWS, GCP, Azure Vulnerability assessment and articulating these to both technical and business stakeholders. Agent scanning and deploying agents in a large environment. Malware, emerging threats, attacks, and vulnerability management. Industry frameworks and best practices: CIS Critical Security Controls, Threat Modelling, OWASP, NIST 800 Series. Operating systems, network protocols, and application development. Exposure to scripting or programming languages (e.g Python, C+, or PowerShell). Excellent critical thinking, analytical and problem-solving skills; with exceptional written and verbal communication skills. Strong team player and collaborative worker. High level of integrity and strong ethical values. Resilient and self driven, capable of informing and driving change and delivering high-quality outcomes, whilst often under pressure/ at pace. Education & Experience: 7+ years of experience into cybersecurity, Information security or security engineering. Strong DevSecOps and Software security background. Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM, OSCP. Bachelor or masters degree in computer science, Information Technology, Cybersecurity or equivalent.

Be a part of a team that harnesses advanced AI, ML, and big data technologies to develop cutting-edge healthcare technology platform, delivering innovative business solutions. Job Title : Cloud Security Lead Job Location : Bangalore, Karnataka / Pune Maharashtra - India Job summary: We are seeking a highly skilled and experienced Cloud Security Lead to own and enhance the security posture of our cloud-based healthcare SaaS platform. This is an individual contributor role requiring deep technical expertise in cloud security, ethical hacking, and compliance frameworks. You will collaborate with engineering, DevOps, and compliance teams to ensure robust protection of sensitive healthcare data. Responsibilities: Design and implement secure cloud architecture across AWS, Azure, or GCP. Conduct ethical hacking, penetration testing, and red teaming exercises. Integrate DevSecOps practices into CI/CD pipelines and infrastructure provisioning. Define and enforce IAM policies, encryption standards, and secure network configurations. Lead incident response planning and disaster recovery strategies. Collaborate with compliance teams to maintain HIPAA, SOC 2, ISO 27001, and HITRUST readiness. Conduct threat modeling and promote secure coding practices across teams. Stay updated on emerging threats and recommend improvements to the security stack. Desired Profile: Bachelors or Masters degree in Computer Science, Information Security, or related field. 6+ years of experience in cloud security, infrastructure security, or cybersecurity. Deep hands-on experience with AWS, Azure, or GCP security services. Strong background in ethical hacking, penetration testing, and red teaming. Proficiency in tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nessus, and Kali Linux. Experience with DevSecOps tools and concepts (e.g., Terraform, Ansible, CI/CD security integration). Strong understanding of container security (Docker, Kubernetes). Experience securing multi-tenant SaaS platforms, preferably in healthcare or regulated environments. Knowledge of compliance frameworks like HIPAA, SOC 2, ISO 27001. Excellent communication skills and a collaborative mindset. Knowledge of compliance frameworks like HIPAA, SOC 2, and ISO 27001. Excellent communication skills and a collaborative mindset Preferred Certifications: Any 2 are mandatory- Certifications such as OSCP, CEH, AWS Security Specialty, CISSP, or equivalent. Good to have educational background from Tier 1 or equivalent institutes HiLabs is an equal opportunity employer (EOE). No job applicant or employee shall receive less favorable treatment or be disadvantaged because of their gender, marital or family status, color, race, ethnic origin, religion, disability, or age; nor be subject to less favorable treatment or be disadvantaged on any other basis prohibited by applicable law. HiLabs is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse and inclusive workforce to support individual growth and superior business results. Thank you for reviewing this opportunity with HiLabs! If this position appears to be a good fit for your skillset, we welcome your application.

- Asses, help in design and development of AWS, Azure and AWS security architectures for protecting PII/PCI data deployed into different types of cloud and cloud/hybrid systems. - Improve the security around cloud-based applications, across all types (including Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). - Work part of Cyber team for Enterprise Security for other Technology teams and Vendors within the organisation for all matters related to cloud security. - Implement NIST framework on cloud-native architectures to mitigate the risk to Organisation PII, PCI data and with appropriate security controls present. - SSDLC Embed Security practices in development and implementation of the overall enterprise cloud architecture to ensure Secure Software Development Lifecycle. - Enhance/redesign existing cyber standards in partnership with Engineering, Infrastructure Services, and Application Development. - Act as the ambassador and senior technical representative to Lead initiatives designed to share knowledge across Security Platforms and/or Technology teams, identify, recommend, coordinate and deliver timely knowledge to support teams regarding technologies, processes or tools. - Ensures the effective translation of the security architecture is implemented into the solutions. - Assist to evaluate all the new initiatives/solutions (including Cloud) with the design recommendations and work with project managers and architects during implementation. - SAP GRC / AC 12 experience is good to have. New Technology & Risks : - Evaluate and recommend tools and solutions to enhance the security posture of the Enterprise. - Maintain contact with vendors regarding security system updates and technical support of security products. - Perform cost-benefit and risk analysisAnalyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks. Measures of Success : - Product/services are cyber compliant and risk reduced to minimal or zero. - Successful implementation/ adoption of any new solution, technology or framework. - Timely and inbudget delivery of security projects specifications within time and budget. Technical Skills / Experience / Certifications : - CCSP certification is mandatory, Any among like TOGAF, SABSA, OSCP or python certification is preferred. - Knowledge of enterprise IT Systems, infrastructure and security technologies. - Knowledge of Information Security Standards like ISO 27001, PCI-DSS, NIST CSF, CSA framework etc. - Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc. - Experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, etc.) preferred. - Experience architecting solutions within Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), VMware NSX, Oracle etc. - Experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes such as secure software development, Application Security, data protection, cryptography, key management, identity and access management (IAM), network security) within SaaS, IaaS, PaaS, and other cloud environments. - Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies. - Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies. - SAP GRC / AC 12 experience is good to have.

We are looking for an experienced Penetration Tester / Offensive Security Analyst for a 6-month full-time onsite role in Hyderabad. The ideal candidate will have 5-7 years of experience in offensive security, with a strong background in application and network penetration testing, red teaming, threat modeling, source code review, and vulnerability assessments. This role involves performing and leading advanced security assessments on web, mobile, APIs, cloud, and infrastructure environments. The candidate should be capable of working across general and UK shifts and possess excellent communication skills for both technical and non-technical audiences. Certification like OSCP/OSCE/CEH is desirable.