1535 Penetration Testing Jobs

Join our team as a Security Analyst in India, where you will play a crucial role in assessing, triaging, and proactively responding to security-related threats, incidents, and events. You will be tasked with defending our assets, information, and systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction. By collaborating with internal and external stakeholders, including third-party suppliers, you will ensure that incident response, user access, alert monitoring, root cause analysis, and scenario planning activities are carried out in accordance with standard operating procedures and to a high standard. This role is available at the associate vice president level. In this role, you will work across various domains, stakeholders, and specialists to anticipate and identify security events, incidents, and trends that could impact the bank, our customers, employees, or assets adversely. Your responsibilities will include contributing to security operations, conducting root cause analysis on security incidents, providing training and scenario planning, preparing reports and briefings, and developing response plans, procedures, and playbooks to enhance response capability. Moreover, you will proactively manage risks to achieve key security-related customer and compliance outcomes, participate in security operations such as production support, incident response, and on-call rotations, maintain security response processes, and ensure the delivery of security-related services align with expectations. Act swiftly in responding to customer queries and complaints, establish feedback loops to enhance service and response, and analyze large volumes of data to identify trends and causal factors. We are seeking an individual with a strong passion for cloud security and automation utilizing Agile and DevOps methodologies and promoting a shift-left culture that integrates security analysis into each CI/CD stage. The ideal candidate will have experience with Azure Cloud and security stack, including Defender, Azure Sentinel, and Azure Security Centre, automated security assessments, third-party security tools integration, and compliance standards like PCI-DSS. Additionally, you should possess expertise in security controls, the ability to communicate technical issues to various stakeholders, experience in penetration testing and vulnerability management, and an understanding of Agile methodologies gained through working in an Agile team.,

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders" cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell's underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell's mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats. In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Developer, Application Security. The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers" security journey with tried and true best practices. We are a Java, Python, and React shop combined with world-class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It's challenging and rewarding! If you are up for the challenge, come join us. You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities. Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure). Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk. Bachelor's degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python. Must have prior in-depth demonstrable experience developing in JAVA and Python; Basically you are developer first and a security engineer second. Applicants that do not have this experience will not be considered. Experience developing in, and securing, Javascript and React a plus. Experience securing integrations and code that utilizes Elasticsearch, Snowflake, Databricks, RDS a big plus. Detail-oriented with problem-solving, communication, and analytical skills. Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation. Excellent understanding and utilization of OWASP. Demonstrated ability to secure API; Techniques, patterns, will be assessed. Experience designing and implementing application security solutions for web and or mobile applications. Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects. Experienced in application penetration testing; and understanding of remediation techniques for common misconfigurations and vulnerabilities. Demonstrable experience in understanding patching and library upgrade paths including interdependencies. Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus. Capability to deploy, provide maintenance for, and operationalize scanning solutions. Hands-on ability to conduct scans across application repositories and infrastructure. Must be willing to work extended hours and weekends as needed. Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts. Preferred Qualifications: You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE. Proficient with penetration testing tools such Burp suite, Metasploit or ZAP. You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better. As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation. Capability to develop operational process from scratch or improve current processes and procedures through well-thought-out hand-offs, integrations, and automation. Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications. Understanding of modern endpoint security technologies/concepts. Adept at working with distributed team members. What Cowbell brings to the table: Employee equity plan for all and wealth enablement plan for select customer-facing roles. Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours, and much more. Professional development and the opportunity to learn the ins and outs of cyber insurance, cybersecurity as well as continuing to build your professional skills in a team environment. Equal Employment Opportunity: Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE Transparency, Resiliency, Urgency, and Empowerment, we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk. At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards. We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.,

As a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients" systems and networks. This position offers an exciting opportunity to work on challenging projects, collaborate with talented professionals, and contribute to the advancement of cybersecurity practices. You will perform end-to-end Vulnerability Assessment and Penetration Testing (VAPT) for clients" IT infrastructure, applications, and networks. Conduct thorough security assessments using industry-standard tools and methodologies, including but not limited to, Nmap, Nessus, Metasploit, Burp Suite, and OWASP. Identify and exploit security vulnerabilities to assess the potential impact on clients" systems and data. Prepare detailed assessment reports outlining findings, risk levels, and recommended remediation measures. Collaborate with clients" IT teams to prioritize and address identified security issues in a timely manner. Develop and implement custom scripts or tools to enhance testing capabilities and automate repetitive tasks. Stay abreast of emerging security threats, vulnerabilities, and industry best practices to continually improve testing methodologies. Provide guidance and mentorship to junior security engineers, fostering a culture of knowledge sharing and skill development within the team. Requirements: - Bachelor's degree in Computer Science, Information Technology, or related field. - 2+ years of experience in cybersecurity, with a focus on Vulnerability Assessment and Penetration Testing. - Proficiency in using tools such as Nmap, Nessus, Metasploit, Burp Suite, and OWASP. - Hands-on experience with various operating systems, including Windows, Linux, and Unix. - Strong understanding of network protocols, web application architecture, and common security vulnerabilities. - Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar certifications preferred. - Excellent analytical skills and attention to detail, with the ability to prioritize and manage multiple tasks effectively. - Effective communication skills, both verbal and written, with the ability to convey technical concepts to non-technical stakeholders. - Proven track record of delivering high-quality security assessments and actionable recommendations.,

We are looking for a certified ethical hacker to assist in enhancing the security of our network against potential threats. Your main responsibility will involve evaluating our company's network, servers, and overall infrastructure to discover any vulnerabilities that may exist. As a certified ethical hacker, you must possess the knowledge and expertise in utilizing various network and security tools, along with a high-level comprehension of computer and network security principles. This includes a deep understanding of encryption and cryptography. Responsibilities Your duties as a certified professional ethical hacker will encompass the following: - Conducting ethical hacking and penetration testing - Performing vulnerability assessments - Analyzing malware - Collaborating with other penetration testers and information security analysts - Ensuring web application security - Executing social engineering tactics - Enhancing database security - Implementing reverse engineering techniques - Safeguarding network security - Conducting threat modeling and risk assessment Job Qualifications and Skill Sets The qualifications necessary for a certified ethical hacker are as follows: - A Bachelor's degree in computer science, information technology security, or a related field - Security certifications such as Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH) - Demonstrated proficiency in penetration tests, vulnerability assessment, and security monitoring - Knowledge of the OSI model, TCP/IP, HTTP, SSL, and wireless networking - Experience with common network infrastructure and security tools - Familiarity with web applications, including HTTP and SQL injection attacks - Understanding of security testing methodologies as per the EC-Council standards - Ability to thrive in a fast-paced work environment,

As an Associate Audit and Infosec at Setu, you will play a crucial role in ensuring the security and compliance of our technical systems. Setu aims to bridge the gap between regulated financial institutions and technology companies to facilitate the creation of innovative financial products. Your responsibilities will include working closely with the Audit & Compliance Manager to uphold Setu's reputation as a dependable player in the eyes of asset partners and regulators. Your primary objective will be to establish and maintain a robust information security, risk & compliance management framework at both the company and individual product levels. You will be involved in managing and enhancing Setu's security, compliance, assessment, and penetration testing programs. Collaboration with various teams within the organization will be essential to improve security compliance and reduce risks effectively. To excel in this role, you should have a minimum of 2-4 years of experience in managing audit and compliance functions, preferably in a fintech or regulated financial institution. Familiarity with frameworks such as ISO 27001:2013 and PCI DSS, as well as experience in completing vendor and technical audits, will be beneficial. Attention to detail, patience in dealing with stakeholders, and a strong focus on process implementation are key attributes for success in this role. You will be responsible for coordinating internal and external audits, ensuring compliance with security policies and standards, and working towards acquiring and maintaining relevant certifications such as ISO 27001:2013, SOC2 Type 2, and data localization requirements. Your role will involve monitoring security advisories, conducting audits, and collaborating with partners to meet audit requirements efficiently. At Setu, you will have the opportunity to work closely with the founding team, access a range of learning and development resources, and enjoy comprehensive health benefits. Our culture is defined by core values such as decisiveness, accountability, leadership, and innovation. If you are passionate about making a direct impact on financial inclusion and improving lives through infrastructure development, Setu offers a challenging yet rewarding environment to grow and excel in your career.,

As the Product Security Leader at Observe.AI, you will play a crucial role in securing our application platform, cloud infrastructure, and IT systems to ensure compliance with various standards and regulations. Working in a dynamic high-tech environment focused on enhancing customer experience through innovative Voice AI solutions, your responsibilities will include shifting security left in the Software Development Life Cycle (SDLC) for cutting-edge Agentic AI and ML-based products. You will lead the product security program, mentor other engineers, define and drive the secure SDLC, conduct threat modeling, and participate in product requirement discussions to influence designs. Your expertise in traditional application security and emerging AI safety practices will be essential in creating AI-specific security controls, addressing unique challenges, and embedding security by design across the entire development lifecycle. Key Responsibilities: - Lead the product security program and mentor other engineers - Define and implement the secure SDLC, including threat modeling and security testing - Participate in product requirement discussions and influence designs - Create scalable application security using secure coding standards and procedures - Integrate dev-sec-ops tooling and shift security left in the development process - Build relationships with Product and Engineering teams to enhance security culture - Ensure products adhere to security standards and incorporate security controls into the SDLC - Develop custom tools and automation for DevSecOps and SecOps - Manage penetration testing program and bug bounty programs - Evaluate and integrate security tools to improve application security posture Qualifications: - 8+ years of hands-on experience in managing application security programs - Strong foundation in security architecture, protocols, and vulnerabilities - Familiarity with secure coding standards, cryptography, and programming languages - Experience with AWS or cloud environments - Strong attention to detail and ability to prioritize automation - Growth mindset and accountability under minimal supervision In addition to a challenging and rewarding role, Observe.AI offers excellent medical insurance, flexible benefit plans, generous leave policies, learning & development opportunities, and a commitment to fostering an inclusive and diverse work culture. If you are passionate about making an impact and shaping the future of AI-driven customer experience, we encourage you to apply and join our team at Observe.AI.,

As a Consultant working in a hybrid work mode with a shift from 1 PM to 10 PM, you will be responsible for various Cyber Security auditing tasks in locations like Bangalore, Pune, Noida, and Gurgaon. Your duties will involve understanding engagement objectives, preparing audit plans, and testing procedures to meet review objectives. You will gather detailed insights into IT and business processes, systems, and controls, and lead risk assessments and evaluations. Additionally, you will identify opportunities to leverage data analytics, track project status, and ensure high-quality work paper documentation according to client standards. You will drive discussions on audit findings with the team and management, formulate risk assessments on complex systems, and create Business Impact Analysis, Risk Assessment, and Corrective Action Plan documentation. Developing recommendations to enhance security posture and communicating these recommendations to stakeholders will be part of your responsibilities. You will also identify security deficiencies and vulnerabilities, participate in organizational projects, and contribute to the development of information security policies, standards, and procedures. Desired Qualifications: - Bachelor's degree in Computer Science, Engineering, Cyber Security, or related field - Cyber security certifications (CISSP, CISM, Security+, CEH, Azure Security Engineer, CSFA) - CISA certification required or willingness to obtain within 3 months of employment - 5+ years of experience in Cyber Security field - 2+ years of IT systems audit experience - Experience in Identity and Access Management, Infrastructure Security, Application Security, Data Governance, Cloud Security, and Third-Party Risk Management - Familiarity with standards and regulations such as PCI, SOX, ISO, NIST CSF, NIST 800-53, NIST RMF, PII, CCPA, COPPA, HIPAA, VCDPA, etc. - Proficiency in MS Office, Teams, and working knowledge of standard computer software - Ability to work in a fast-paced environment with attention to detail - Strong verbal and written communication skills, especially in explaining complex topics - Experience in regulated industries and familiarity with technology standards and compliance frameworks Bonus Points for: - ITIL Certification - Threat Hunting and DFIR experience - Security experience in GCP, Azure, and AWS - Knowledge of Zero Trust architectures and data analytics implementation - Penetration testing experience and expertise in multiple cyber security domains - Familiarity with network protection approaches and technologies,

As a Cybersecurity Penetration Tester at our organization in Hyderabad, you will play a key role in supporting our security initiatives on an On-Demand or Hourly Basis. Your primary responsibility will be to conduct penetration testing on web applications, networks, and infrastructure to identify security vulnerabilities. Utilizing tools like Metasploit, Burp Suite, and other industry-standard tools, you will assess and improve our systems" security posture. Your findings will be documented, and security risks will be reported with clear remediation strategies to ensure effective resolution. Collaboration with internal teams is essential to address identified vulnerabilities efficiently. You will also be required to perform security audits and provide actionable insights to enhance security controls across the organization. Proficiency in utilizing Wiz, a Vulnerability Management Tool, for identifying and managing security risks will be preferred. To excel in this role, you should have proven experience as a Penetration Tester or Security Analyst with a strong background in vulnerability assessment. Proficiency in penetration testing tools such as Metasploit, Burp Suite, and knowledge of Wiz or similar vulnerability management tools will be beneficial. A solid understanding of network security, application security, and system hardening is required. Excellent analytical, problem-solving, and communication skills are essential for effective collaboration with internal teams. Your ability to work independently and deliver high-quality results within deadlines will be crucial for success in this role.,

At Medtronic, you can embark on a life-long career focused on exploration and innovation, all while advocating for healthcare access and equity for everyone. You will play a vital role in fostering a more connected and compassionate world through purpose-driven leadership. As a key member and technical leader in the field of medical device cybersecurity, you will be at the forefront of creating, deploying, and monitoring cybersecurity and information security solutions for Medtronic's medical devices and supporting IT infrastructure. Your responsibilities will include collaborating with external and internal cybersecurity researchers to identify and address vulnerabilities in Medtronic products and systems. Additionally, you will work closely with R&D teams to ensure comprehensive security risk assessments are conducted and appropriate solutions are implemented. You will also be responsible for developing project security management deliverables to comply with regulatory standards and effectively communicate cybersecurity technology to various stakeholders. Your duties may involve, but are not limited to: - Leading and executing cybersecurity-related activities related to products and devices, such as incident response, vulnerability assessments, and mitigation implementation. - Conducting product-level intrusion detection activities. - Performing product risk assessments in coordination with R&D teams and recommending specific security controls. - Participating in the development and testing of product security-related requirements and processes. - Managing security-related deliverables for regulatory bodies to ensure compliance with standards. - Evaluating and testing security risks throughout the development lifecycle. - Supporting emerging cybersecurity certification initiatives. - Maintaining and updating security documentation. - Creating and managing threat models using STRIDE. Requirements: - Bachelor's or graduate degree in computer science, computer engineering, electrical engineering, or a related field. - CISSP or similar certification, or equivalent demonstrated experience. - Experience in embedded devices vulnerability assessment, threat modeling, and risk scoring. - Formal education in cybersecurity and information assurance. - Minimum of 12 years of experience with at least 4 years in technical, cybersecurity-related roles. - Proficiency in security posture analysis, vulnerability assessment, penetration testing, and static code analysis. - Software product development experience and programming skills in languages such as C, C++, Python, Java, .NET, Go, Ruby, or Scala. - Understanding of national and international laws, regulations, and policies related to regulated medical device cybersecurity. - Familiarity with information security practices, risk management processes, cybersecurity principles, and incident response methodologies. In addition to a competitive salary, Medtronic offers a flexible benefits package that supports employees at every stage of their career and life. The company is committed to recognizing and rewarding employee contributions while providing a wide range of resources and compensation plans. Medtronic is a global leader in healthcare technology dedicated to addressing the most pressing health challenges worldwide. The company's mission of alleviating pain, restoring health, and extending life unites a diverse team of over 90,000 passionate individuals. Medtronic's commitment to diversity and innovation drives the team to engineer real solutions for real people, from the R&D lab to the factory floor and beyond.,

As a Deputy Director with over 13 years of experience in the IT industry, including 5 years of specialized expertise in Cloud Security and a thorough understanding of the SAFE Agile framework, you will play a crucial role in ensuring the security of our cloud infrastructure. Your responsibilities will encompass driving excellence in security engineering processes, managing SIEM technologies, and actively participating in the SAFE Agile transformation of our IT operations. This role demands a blend of robust technical skills, effective leadership qualities, and a comprehensive grasp of security principles and best practices. In the domain of Cloud Security Engineering, you will be tasked with designing, implementing, and overseeing cloud security architecture across major platforms such as AWS, Azure, and Google Cloud. Your role will involve leading the establishment of secure cloud environments in compliance with industry regulations like GDPR, HIPAA, and NIST. Additionally, you will be responsible for identifying and mitigating security vulnerabilities, deploying cloud-native security tools, defining security policies and compliance rules, and implementing Role-Based Access Control (RBAC), SSO, and API security measures. Your role also entails ensuring the excellence of security engineering practices within the organization. You will lead incident response and remediation efforts, collaborate with DevOps teams to bolster secure pipelines and code practices, and set Key Performance Indicators (KPIs) for security metrics. Furthermore, you will actively drive the SAFE Agile transformation process for IT security teams, ensuring security alignment with Agile principles and facilitating security integration in all development phases. In terms of collaboration and strategy, you will work closely with IT leadership to define and execute a comprehensive security strategy aligned with business objectives. You will also mentor junior security engineers, promote knowledge-sharing practices, and engage in continuous learning to stay abreast of the latest trends and best practices in cloud security, IT security, and Agile methodologies. To qualify for this role, you should possess a minimum of 13 years of IT experience, with at least 5 years dedicated to Cloud Security engineering. Additionally, experience in SAFE Agile processes and implementations, proficiency in cloud platforms and associated security services, and relevant certifications such as CISSP, AWS Certified Security Specialty, and Certified SAFe Program Consultant (SPC) will be advantageous. Strong leadership, communication, and mentoring skills are essential attributes for this role. Join us in our mission to uphold the security of our cloud infrastructure, drive security excellence, and champion Agile transformation within our IT operations.,

picoNETS is currently seeking a Linux Customisation & Security Expert to join our team in Onsite Thane, Greater Mumbai. As part of this role, you will be responsible for various tasks including Linux Ubuntu 24.04, custom Linux builds, hardening of Linux OS, securing the system at BIOS, kernel & user level, securing packages, securing browsers and other packages, security and penetration testing, CIS Benchmarking, kernel & file system programming. The ideal candidate should have a minimum of 10 years of experience and possess proficiency in Linux operating systems and security protocols. Additionally, the candidate should have experience in implementing and maintaining security measures for Linux systems, knowledge of network security, firewalls, and intrusion detection/prevention systems, an understanding of cybersecurity best practices and principles, experience in developing and deploying integration software, and certifications in Linux security (e.g., CompTIA Linux+, Red Hat Certified Engineer) would be a plus. The candidate should also be able to single-handedly lead software customization projects. If you are a skilled Linux professional with a strong background in security and customization, we encourage you to apply for this exciting opportunity at picoNETS. Accommodation will be provided for this position.,

As an intern at CertCube, you will have the opportunity to engage in various cybersecurity activities to enhance your skills and contribute to the team's success. Your day-to-day responsibilities will include the following: - Conducting security assessments of web apps, mobile apps, and APIs to identify potential vulnerabilities and risks. - Keeping up with the latest cybersecurity trends through dedicated research efforts. - Writing informative and engaging blog posts on diverse cybersecurity topics for our CertCube Labs blogging platform. - Collaborating with the team to create cybersecurity user awareness sessions on social media platforms. - Assisting senior cybersecurity professionals in Vulnerability Assessment and Penetration Testing (VAPT) projects, including vulnerability management and reporting tasks. - Developing and maintaining detailed documentation of security assessments, findings, and remediation actions. - Staying abreast of the newest cybersecurity threats, vulnerabilities, and best practices to enhance the team's knowledge and preparedness. - Researching critical Common Vulnerabilities and Exposures (CVEs) and crafting Proofs of Concept (POCs) for assessment teams" use. CertCube, an ISO 9001:2015 certified company, is a leading IT security firm that offers immersive training programs aimed at equipping students with the practical skills needed to defend organizational systems, networks, web, mobile, and servers against active threats. Our mission includes spreading cybersecurity awareness globally through comprehensive IT security training. We pride ourselves on our focused approach, cutting-edge online learning environment, flexible training options, competitive pricing, and innovative delivery methods. In addition to training services, CertCube provides professional IT security solutions to safeguard organizations" people, processes, and technologies. With a rich history as a trusted penetration testing company, we have a solid track record of delivering high-quality projects for clients worldwide. Join us at CertCube and be part of a team dedicated to enhancing cybersecurity practices and protecting organizations from evolving threats.,

Join our dedicated team in a role where your expertise in risk assessments and cybersecurity exercises propels forward our mission of safeguarding our operations and enhancing resiliency. This position offers the unique opportunity to shape our security posture and contribute to our continuous improvement in an environment that values innovation and teamwork. As an Assessments & Exercises Senior Associate within our cybersecurity team, you will utilize industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. You will collaborate with the team to design and execute risk-promoting tests and simulations, evaluate preventative controls, incident response processes, and detection capabilities. Your ability to make informed decisions and foster continuous improvement will contribute to the achievement of our team's operational goals and the mitigation of cyber and resiliency risks. Collaborate with other Assessments & Exercises team members to conduct testing and simulations such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies to ensure alignment with industry standards and regulatory requirements. Partner with subject matter experts to evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation. Develop comprehensive assessment reports, including detailed findings, risk assessments, and remediation recommendations, and effectively communicate these insights to relevant stakeholders as you contribute to decisions that yield continuous improvement. Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy. Required qualifications, capabilities, and skills: - Formal Training or Certification required on Cybersecurity or resiliency, assessments or simulation exercises and 3+ years applied experience. - Prior experience in offensive or defensive technical cybersecurity roles, focusing on solutions to reduce cybersecurity risks. - Basic coding (scripting) experience in languages such as Python, C, JavaScript, and VBScript. - Demonstrated proactivity and resourcefulness in identifying and analyzing data sources for data-driven investigations. - Knowledge or experience in cybersecurity roles and processes, including Incident Response, Threat Intelligence, Penetration Testing, and more. - Familiarity with network architecture concepts, cloud architectures, and deploying large-scale applications in enterprise environments. Preferred Qualifications, Capabilities, and Skills: - Familiar in developing both tactical and strategic tools and capabilities. - Familiar in building analytical processes, templates, and documentation. - Bachelor's Degree in Computer Science or a related field, or equivalent experience.,

OPENTEXT - THE INFORMATION COMPANY OpenText is a global leader in information management, where innovation, creativity, and collaboration are the key components of our corporate culture. As a member of our team, you will have the opportunity to partner with the most highly regarded companies in the world, tackle complex issues, and contribute to projects that shape the future of digital transformation. AI-First. Future-Driven. Human-Centered. At OpenText, AI is at the heart of everything we do powering innovation, transforming work, and empowering digital knowledge workers. Were hiring talent that AI cant replace to help us shape the future of information management. Join us. OPENTEXT OpenText is a global leader in information management, where innovation, creativity, and collaboration are the key components of our corporate culture. As a member of our team, you will have the opportunity to partner with the most highly regarded companies in the world, tackle complex issues, and contribute to projects that shape the future of digital transformation. Your Impact As part of the Product Security team, you must have a strong understanding of information security processes across product development lifecycle including secure coding principle, static code / dynamic scanning, application penetration testing, container security, cloud security, supply chain security and threat modelling the applications. You should be familiar with the industry best practices for information security policies and product security. standards. You will have the opportunity to collaborate with the product stakeholders such as product development, cloud operation, system architects, security champions, Global Information Security on the Product security process and customer escalations/support What The Role Offers Please review the below write up and highlight for any corrects Strategic Planning Align application security initiatives with business goals; refine Product Security processes and tools. Technical Leadership Stay updated on the latest trends and advancements in application security and apply them to continually improve the organization s security program. Recommend mitigations for vulnerabilities; manage third-party and open-source software risk. Architecture and Design Review application designs for security best practices. Design, enhance, and advocate for the threat modelling process. Conduct threat modelling and advise product teams on implementing appropriate security controls. Security Reviews Conduct security assessments throughout the development lifecycle. Collaborate with development teams to remediate security vulnerabilities. Code Review and Analysis Conduct code reviews and implement automated code analysis tools. Secure Development Practices Enforce secure coding practices, train developers in secure coding. Incident Response/Customer Escalations Lead incident response efforts related to application security incidents. Work with cross-functional teams to investigate and remediate security breaches. Policy and Standards Develop and enforce application security policies; ensure compliance with industry standards. Security Testing Oversee the implementation of security testing methodologies Conduct Penetration Testing activity for applications/systems Security Awareness Promote security awareness across engineering; conduct training for development teams on Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). Collaboration Collaborate with cross-functional teams, including development, operations, GIS, etc., to integrate security into all aspects of the software development lifecycle and improve security maturity. Documentation and Reporting Maintain comprehensive documentation of security processes/policies; produce maturity status reports for senior management. Generate reports and conduct peer reviews. Research and Innovation Stay informed on emerging threats and vulnerabilities, and proactively implement innovative security solutions. Vendor and Tool Evaluation Evaluate and recommend security tools/technologies; Manage vendor relationships What You Need To Succeed 5 - 8 years of experience with the relevant technologies Bachelor s degree in engineering, computer science or equivalent is preferred Industry standard best practices on application security controls, requirements, features, and specifications Application security issues, weaknesses, vulnerabilities, threats, risks, and impacts of exploitation Familiarity with Security Standards and groups (OWASP, PCI, SANS, OSSTMM etc.) Strong vulnerability assessment experience of web, mobile and thick client applications, RESTful & JSON APIs, web servers, databases, and hosting environments (cloud, off-cloud, Containers) Strong experience in manual vulnerability assessment and penetration testing Hands on experience on Application Security tools such as Fortify, WebInspect, Burp, etc. Experience in planning, researching and developing security policies, standards and procedures in line with industry best practices A natural curiosity to learn how things work, and more importantly, how they can be made to work outside of their intended purposes, (i.e. the ethical hacker mentality) Preferably to have application security penetration testing related certifications, (e.g. GWAPT, OSWE, OSCP, GPEN, CPTE, CEH, GWEB, GCIH, etc.) Highly desirable to have general information security related certifications, (e.g. CISSP, CISM, GSEC, CCSP, etc.) Should have excellent team playing and collaborative skills, to work with multiple stake holders. Strong analytical, troubleshooting, writing, communication, and consultancy skills Possess a commitment to quality and a thorough approach to work OpenTexts efforts to build an inclusive work environment go beyond simply complying with applicable laws. Our Employment Equity and Diversity Policy provides direction on maintaining a working environment that is inclusive of everyone, regardless of culture, national origin, race, color, gender, gender identification, sexual orientation, family status, age, veteran status, disability, religion, or other basis protected by applicable laws. . Our proactive approach fosters collaboration, innovation, and personal growth, enriching OpenTexts vibrant workplace.

OPENTEXT - THE INFORMATION COMPANY OpenText is a global leader in information management, where innovation, creativity, and collaboration are the key components of our corporate culture. As a member of our team, you will have the opportunity to partner with the most highly regarded companies in the world, tackle complex issues, and contribute to projects that shape the future of digital transformation. AI-First. Future-Driven. Human-Centered. At OpenText, AI is at the heart of everything we do powering innovation, transforming work, and empowering digital knowledge workers. Were hiring talent that AI cant replace to help us shape the future of information management. Join us. OPENTEXT OpenText is a global leader in information management, where innovation, creativity, and collaboration are the key components of our corporate culture. As a member of our team, you will have the opportunity to partner with the most highly regarded companies in the world, tackle complex issues, and contribute to projects that shape the future of digital transformation. Your Impact As part of the Product Security team, you must have a strong understanding of information security processes across product development lifecycle including secure coding principle, static code / dynamic scanning, application penetration testing, container security, cloud security, supply chain security and threat modelling the applications. You should be familiar with the industry best practices for information security policies and product security. standards. You will have the opportunity to collaborate with the product stakeholders such as product development, cloud operation, system architects, security champions, Global Information Security on the Product security process and customer escalations/support What The Role Offers Please review the below write up and highlight for any corrects Strategic Planning Align application security initiatives with business goals; refine Product Security processes and tools. Technical Leadership Stay updated on the latest trends and advancements in application security and apply them to continually improve the organization s security program. Recommend mitigations for vulnerabilities; manage third-party and open-source software risk. Architecture and Design Review application designs for security best practices. Design, enhance, and advocate for the threat modelling process. Conduct threat modelling and advise product teams on implementing appropriate security controls. Security Reviews Conduct security assessments throughout the development lifecycle. Collaborate with development teams to remediate security vulnerabilities. Code Review and Analysis Conduct code reviews and implement automated code analysis tools. Secure Development Practices Enforce secure coding practices, train developers in secure coding. Incident Response/Customer Escalations Lead incident response efforts related to application security incidents. Work with cross-functional teams to investigate and remediate security breaches. Policy and Standards Develop and enforce application security policies; ensure compliance with industry standards. Security Testing Oversee the implementation of security testing methodologies Conduct Penetration Testing activity for applications/systems Security Awareness Promote security awareness across engineering; conduct training for development teams on Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). Collaboration Collaborate with cross-functional teams, including development, operations, GIS, etc., to integrate security into all aspects of the software development lifecycle and improve security maturity. Documentation and Reporting Maintain comprehensive documentation of security processes/policies; produce maturity status reports for senior management. Generate reports and conduct peer reviews. Research and Innovation Stay informed on emerging threats and vulnerabilities, and proactively implement innovative security solutions. Vendor and Tool Evaluation Evaluate and recommend security tools/technologies; Manage vendor relationships What You Need To Succeed 5 - 8 years of experience with the relevant technologies Bachelor s degree in engineering, computer science or equivalent is preferred Industry standard best practices on application security controls, requirements, features, and specifications Application security issues, weaknesses, vulnerabilities, threats, risks, and impacts of exploitation Familiarity with Security Standards and groups (OWASP, PCI, SANS, OSSTMM etc.) Strong vulnerability assessment experience of web, mobile and thick client applications, RESTful & JSON APIs, web servers, databases, and hosting environments (cloud, off-cloud, Containers) Strong experience in manual vulnerability assessment and penetration testing Hands on experience on Application Security tools such as Fortify, WebInspect, Burp, etc. Experience in planning, researching and developing security policies, standards and procedures in line with industry best practices A natural curiosity to learn how things work, and more importantly, how they can be made to work outside of their intended purposes, (i.e. the ethical hacker mentality) Preferably to have application security penetration testing related certifications, (e.g. GWAPT, OSWE, OSCP, GPEN, CPTE, CEH, GWEB, GCIH, etc.) Highly desirable to have general information security related certifications, (e.g. CISSP, CISM, GSEC, CCSP, etc.) Should have excellent team playing and collaborative skills, to work with multiple stake holders. Strong analytical, troubleshooting, writing, communication, and consultancy skills Possess a commitment to quality and a thorough approach to work

: The Sr. QA Analyst will primarily focus on testing web application, microservices, API s and backend testing. He/she will contribute to ensuring the quality delivery of the system. The ideal candidate will play a crucial role in ensuring the quality and reliability of our software products by conducting thorough testing and validation processes. Preferred Skills : Must have 8+ years of well-rounded quality assurance testing experience Must have 3+ years of database testing experience Must have 3+ years of API testing experience using Postman Nice to have: 3+ years of Performance testing experience using Jmeter Nice to have: 3+ years of Automation testing experience using Selenium Nice to have: 3+ years of Security and Penetration testing experience using BurpSuite, OWASP ZAP or any other tools (Nice to have) 1+ year of experience with AI tools Responsibilities: Participate in all aspects of the software development life cycle and Agile ceremonies. Perform various types of testing including Unit, integration and Regression, DB validation, system testing as needed Collaborate with cross-functional teams to understand project requirements and develop comprehensive test plans. Execute testing procedures to identify software defects and ensure adherence to quality standards. Perform Backend validation for data completeness/correctness and performance verification. Work closely with developers to reproduce and debug issues, providing detailed information for resolution. Perform regression testing to guarantee the stability of existing functionality after code changes. Create and maintain detailed test documentation, including test cases, test scripts, and test reports. Gathers non-functional requirements to verify application performance Defines performance test scenarios and workflows to be tested and associate load profiles to ensure application performance Collaborate with the automation team to identify opportunities for test automation and contribute to automated test scripts. Stay current with industry best practices and incorporate them into our testing processes. Ensure that the final product satisfies the product requirements and meet end-user expectations Qualifications Bachelors degree in Computer Science, Information Technology, or related field or equivalent work experience (preferred) Experience with both Agile/Scrum and Waterfall system development life cycle methodologies Excellent communication skills, both written and verbal, with the ability to effectively collaborate with cross-functional teams. Must be proficient in both Manual and hands-on Automated testing Working knowledge of test management software (integrated with Jira) Web application testing, including verification of user experience Must have experience writing efficient SQL queries Familiarity with Agile/SCRUM and the software testing life cycle Familiarity with test automation tools and the ability to contribute to automated test scripts is a plus. Perform controlled and methodological attempts to exploit identified vulnerabilities, simulating real world attacks. Manual Pen testing. Ability to work independently with little supervision or guidance Ability to multi-task and change directions as requirements and priorities change Strong analytical, problem-solving, and follow up-skills Team player with the ability to communicate effectively both verbally and in writing to all organizational levels Ability to meet tight deadlines for deliverables Must foster an inclusive work environment and respect all aspects of diversity; must demonstrate and value differences in others strengths, perspectives, approaches, and personal choices Comfort in engaging with senior-level business leadership as well as software development staff Ability to work well in a deadline-driven team environment. Skills and Knowledge: Database Testing, API Testing, Performance Testing, Security & Penetration Testing, Apply We Are Looking For Ambitious, Experienced Developers! Glassdoor Have a referral? X

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute to achieving the teams goal. Responsibilities Direct Responsibilities Strong expertise in application security concepts and activities like Source Code Review (SAST) & Dynamic application vulnerability scanning (DAST). Good understanding of Information Security concepts and strategies. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like Apisan, WebInspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Experience in Process Improvement, Controls Enhancement and Reporting. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Providing independent expert advice to the IT areas on application & data risk issues. Engaging with organization wide risk and control groups, including internal audit and territory control teams. Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulate appropriate remediation strategies based on a full understanding of business exposure and compensating controls. Contributing Responsibilities Monitoring and oversight of existing IT risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate. Managing relationships with Business and IT teams, chairing periodic meetings and being a point of contact for escalating to wider team members. Assistance with drafting of risk acceptance statements and coordinating sign-off from business and IT stakeholders. SPOC for security architecture meetings. Technical & Behavioral Competencies Excellent Interpersonal and presentation skills Strong in verbal and written communication Ability to liaise with cross-functional stakeholders globally Clear understanding of application and data security Must be flexible, independent, self-motivated Good analytical skills. Specific Qualifications (if required) CEH, SSCP, OSCP certified. Technical Graduate (Computer Science) Preferable.

Knowledge of scripting languages (Perl, Python, HTML, Java, Shell). Hands-on experience in dynamic analysis, container testing, fuzzing, OWASP top 10 and vulnerability scanning if have any certificate ( CEH, ethical hacking

Exclusive Walkin Drive for Security Engineer (AI) at Bangalore on 12th August 25 Greeting from Infosys BPM Ltd., You are kindly invited for the Infosys BPM:: Walk-In Drive on 12th August 25 at Bangalore(JP Nagar). Note: Please carry copy of this email to the venue and make sure you register your application before attending the walk-in. Please mention Candidate ID on top of the Resume https://career.infosys.com/jobdesc?jobReferenceCode=PROGEN-HRODIRECT-206442 Interview Information: Interview Date: 12 August 2025 Interview Time: 9 AM till 12 PM Interview Venue - Bangalore:: Infosys BPM Limited, #785,Ground Floor Axis Sai Jyoti, 15th Cross 100 Feet Road,Sarakki,1st Phase JP Nagar, Bengaluru, Karnataka560078 Landmark: Near Sindhoor Convention Centre Note: No Candidate parking facility available at JP Nagar recruitment center location. Documents to Carry: Please carry 2 set of updated CV (Hard Copy). Please carry Face Mask**. Mandatory to carry PAN or Passport for Identity proof. Job Description Job Title: Security Engineer AI CoE (Vulnerability Management & Penetration Testing) Experience: 2-3 yrs Location: Bengaluru Department: DTS - AI Center of Excellence (CoE) Employment Type: Full-time About the Role: We are seeking a proactive and detail-oriented Security Engineer to join our AI Center of Excellence (CoE) . In this role, you will work closely with AI product teams to identify, assess, and remediate security vulnerabilities across cloud-native and AI-driven platforms. You will play a key role in ensuring the security posture of our AI solutions through vulnerability scans, penetration testing, and secure DevOps practices. Key Responsibilities: Conduct regular vulnerability assessments using tools like Qualys , Nessus , or OpenVAS . Collaborate with product and DevOps teams to triage, prioritize, and remediate vulnerabilities in application and infrastructure layers. Assist in penetration testing activities and support red/blue team exercises. Implement security controls and best practices across Azure , AWS , or GCP environments. Contribute to secure CI/CD pipelines by integrating security checks and automating compliance. Maintain documentation of findings, remediation plans, and risk mitigation strategies. Stay updated on emerging threats, CVEs, and cloud security trends. Required Skills & Qualifications: 24 months of experience in cybersecurity , DevSecOps , or cloud security roles. Familiarity with vulnerability scanning tools and penetration testing methodologies . Basic understanding of cloud security principles (Azure/AWS/GCP). Exposure to OWASP Top 10 , CIS Benchmarks , and secure coding practices . Strong analytical and problem-solving skills. Good communication skills to collaborate with cross-functional teams. Preferred Qualifications: Certifications such as CEH , Security+ , AZ-500 , or AWS Security Specialty . Experience with SIEM tools (e.g., Splunk,Sentinel) and threat modeling . Knowledge of scripting for automation (Python, Bash, PowerShell). Exposure to AI/ML security or model risk management is a plus. What Youll Gain: Hands-on experience securing AI platforms and cloud-native applications. Opportunity to work with cutting-edge technologies in a fast-paced innovation hub. Mentorship from senior security architects and cloud experts. A collaborative environment focused on continuous learning and impact. Regards, Infosys BPM Recruitment team

Your Role Perform static application security testing on source code using Fortify. Perform software composition analysis using Sonatype IQ Assist with scan onboarding and troubleshooting Integrate tools into Jenkins pipelines Collaborate with teams to remediate high/critical findings Generate and analyse SCA scan result Automate reporting and dashboards Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders. Your Profile Deep understanding of Source code review, SCA and SBOM Hands-on experience with SAST and SCA tool Fortify SCA, Sonatype IQ. Good understanding of secure coding practices for languages such as Java, .NET ,JavaScript,Python,etc. Strong knowledge of OWASP Top 10, CWE, and secure software development lifecycle (SSDLC). Familiarity with CI/CD pipelines and integrating security tools in DevOps. (Jenkins, GitHub) Security certifications such as OSCP, GWAPT, eWPTX, CEH, CRTP will be an added advantage. What will you love working at Capgemini Every Monday, kick off the week with a musical performance by our in-house band - The Rubber Band. Also get to participate in internal sports events, yoga challenges, or marathons. At Capgemini, you can work oncutting-edge projects in tech and engineering with industry leaders or create solutions to overcome societal and environmental challenges. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. You will have the opportunity to learn on one of the industry"s largest digital learning platforms, with access to 250,000+ courses and numerous certifications.

Responsible for performing VAPT, mobile pen testing, sequel injection, on the web, mobile, infrastructure, and API, doing a secure code review, and analyzing any security incidents that strike within our Secure Nexus division.

INFORMATION SECURITY PROJECT SPECIALIST The Information Security Project Specialist will be responsible for supporting the InfoSec project portfolio and the delivery of security projects for the IT department, primarily with a focus on Cloud Security. The role includes acquiring resources and coordinating the efforts of team members and enterprise stakeholders to deliver projects according to plan. What You'll Do: Executes the end-to-end management of security projects: including resource management, communications, training requirements, change management and budget (if applicable). Estimate the resources and participants needed to achieve project goals. Reviews and recommends changes, reductions or additions to the overall project Acts as the liaison between InfoSec and end-users when applicable Maintains the efficiency of the project management process such as planning, scheduling, and budget and risk assessment. Identifies and mitigates potential risks Work with cross-functional teams and staff of all levels, including assisting in the development, training and assignment of work/projects to team members reporting to others; Works well within a structured environment in which team members can work together as an efficient team. What You'll Bring: Bachelors Degree required. 7 - 10 years of relevant work experience, including Information Security, project management, and team management. PMP-PMI certification desired, or completion within a year of assuming the position. Agile certification desired, or completion within a year of assuming the position. Security+ or equivalent certification desired, or completion within a year of assuming the position. Management of projects in AWS or other public cloud infrastructure desired. Project plan development experience, including charter, scope, project management approach, management plans, statement of work, cost estimates, schedule. Excellent communication (written and oral) and interpersonal skills; ability to interface and influence all levels within the organization, including facilitation, consulting, negotiation, and presentation. Excellent project management and coordination skills working with multiple stakeholders across several technology platforms and business areas Strong technical skills and experience. The ideal candidate has lead projects relating to Information Security deliveries or migrations (ie. Cloud Security enhancements, Firewall implementation, Anti-Virus migration, MDM implementation, OS/Network hardening, etc.) Project plan and budget management. Knowledge of project management best practices, Experience identifying and mediating risk.

SUMMARY Job Title: NET IQ - IAM & PAM Location: Mumbai Experience: 3-8Years Notice Period: Immediate to 60 Days Job Description: We are seeking a skilled Linux Security Engineer with hands-on experience in troubleshooting, vulnerability management, IAM/PAM systems, and automation scripting using PowerShell. The ideal candidate should have a strong understanding of SSL/TLS, risk mitigation, and penetration threat detection on Linux-based environments. Key Responsibilities: Perform Linux server troubleshooting including performance issues, system logs, and hardware/software faults. Conduct vulnerability assessments, manage security patches, and mitigate potential risks across enterprise infrastructure. Manage and configure SSL certificates and ensure secure communication channels. Utilize PowerShell scripting for automation, system configuration, and reporting. Implement and manage IAM/PAM solutions (NetIQ or equivalent) ensuring proper access control and compliance. Monitor and analyze security threats, penetration attempts, and work with SOC/IR teams to mitigate them. Maintain and update security documentation, procedures, and technical diagrams. Collaborate with cross-functional teams including DevOps, IT, and Security to enhance overall system security posture. Required Skills & Experience: Strong hands-on experience with Linux systems administration. Proven ability to troubleshoot Linux-based systems and resolve complex issues. Working knowledge of PowerShell scripting (including variants like "Power shell", "Power.shell", etc.). Familiarity with IAM/PAM tools like NetIQ, CyberArk, or equivalent. Deep understanding of security principles, risk assessment, SSL/TLS, patching, and penetration testing methodologies. Experience in handling security vulnerabilities and threat management. Good understanding of IT security compliance and best practices.

Job Description Summary We are looking for an Sr Product Security Analyst, with a focus in vulnerability management and incident response capability In this role you will work in a team to identify, risk rate, communicate and track product vulnerabilities and be a part of the product incident response team, Job Description Roles and Responsibilities In This Role, You Will Be able to scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment Engage in incident response methods lead incident response processes related to product cyber Create and track meaningful metrics around product cyber risk and compensating controls Create vulnerability and incident trend analysis to improve product design Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components Engage and administer End Of Life processes for digital products Consult, architect on security requirements and utilize best practices to meet them Engage in application and domain-specific threat modeling and attack surface analysis/reduction Help prepare reports at appropriate levels of confidentiality for stakeholders to view Responding promptly and in detail to customer-sponsored penetration tests Provides guidance on automated testing tools and techniques Education Qualification For Roles Outside USA Bachelor's Degree in Computer Science or ?STEM? Majors (Science, Technology, Engineering and Math) with advanced experience, For roles in USA:Bachelor's Degree in Computer Science or ?STEM? Majors (Science, Technology, Engineering and Math) with minimum years of experience4years Desired CharacteristicsTechnical Expertise Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc) implementation and governance Program and Project Management experience; expertise with Agile development teams Experience with secure coding principles; code signing; secure boot Experience with penetration testing and ethical hacking Knowledge of CI/CD and automation tools (Chef, Git, Jenkins) Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML) Experienced in developing web services (SOAP/REST) Must be available for on call for potential security response Knowledge of application risk identification and evaluation techniques Knowledge of Cyber Security and full knowledge of multiple related engineering functions Experience securing applications within cloud platforms such as AWS, Azure and alike, Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment Note Note To comply with US immigration and other legal requirements, it is necessary to specify the minimum number of years' experience required for any role based within the USA For roles outside of the USA, to ensure compliance with applicable legislation, the JDs should focus on the substantive level of experience required for the role and a minimum number of years should NOT be used, This Job Description is intended to provide a high level guide to the role However, it is not intended to amend or otherwise restrict/expand the duties required from each individual employee as set out in their respective employment contract and/or as otherwise agreed between an employee and their manager, Additional Information Relocation Assistance Provided: Yes Show

Essential Services : Role & Location fungibility At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team . To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service . The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the role Our support application team performs application vulnerability assessments and document vulnerabilities which were found and provides recommendations for remediation according to BFSI guidelines and industry best practices. As an Application Security Manager, you will provide guidance to the application team on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. You will work along with cross functional business teams to get closure of identified gaps and utilize escalation matrix effectively wherever necessary. You will conduct application security assessment results review and mitigation approval. You will keep abreast of new technologies to ensure that the organization remains at the forefront of security. Key Responsibilities Support and Testing: Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets with security tools like BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc. Analysis: Perform in-depth analysis of VAPT results, Review assessment reports to provide risk mitigation & recommendations on that basis. Collaboration: Collaborate with the application team and provide them guidance on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. Qualifications & Skills Educational Qualification: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with relevant experience Certifications: OSCP Compliance: Knowledge of cyber security trends & hacking techniques, MITRE ATT&CK framework with hacker mindset. Network Security: Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Key Technologies: Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance, Knowledge of Networking concepts & Good understanding of latest Network /security technologies such as Cloud security and recent trends. About the Business Group ICICI Banks Information Security Group believes in providing services to its customers in the safest and secured manner, keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. The CIA triad of Confidentiality, Integrity, and Availability is built on the vision of creating a comprehensive information security framework. The Bank also lays emphasis on customer elements like protection from phishing, adaptive authentication, awareness initiatives, and provide easy to use protection and risk configuration ability in the hands of customers. With this core responsibly, ICICI administer and promotes on going campaigns to create awareness among customers on security aspects while banking through digital channels.