Dedicated lead to work with the Happiest Minds Shared SOC team and ITteam to enhance the overall Incident response processes Run any critical incident response along with SOC and IT team Review and update the use caserepository as applicable to Happiest Minds Environment Work on root causeanalysis and remediations for alerts/incidents raised by customers Review andupdate existing automation playbooks Continuous updates of detectiontechniques Periodic threat hunting Use cases to prioritize based on thefindings from the threat and vulnerability management program

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Data Security Assessment Consulting Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies Prepare detailed reports on findings from simulations and suggest improvements Facilitate training sessions for internal teams on security awareness and breach response tactics

Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, Static/dynamic testing of mobile applications, Static Code analysis Artifacts/Grey box Infra Activity (VA/CA) Windows Server - Performing Scanning and preparing reports - application Security Testing/ Infra VACA

Static Code analysis Static/dynamic testing of mobile applications Vulnerability Assessment Penetration Testing. SAST Penetration testing Vulnerability Assessment

Web App Pentesting SAST DAST and API. Static/dynamic testing of mobile applications Static Code analysis Vulnerability Assessment Penetration Testing

Manual Penetration Testing using OWASP checklists, Penetration Testing, Security Configuration Review, Cloud Security Assessment, Cyber Security, Manual Penetration Testing using OWASP checklists, Penetration Testing, Security Configuration Review, Cloud Security Assessment, Cyber Security 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms Notice: Immediate to 15 days

Penetration Testing, Manual Penetration Testing using OWASP checklists, Cloud Security Assessment, Security Configuration Review, Vulnerability Assessment, Vulnerability Mitigation, Cyber Security 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms

You are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following: o Understand and be compliant with the Service Level Agreements defined for the DevSecOps services; o Understand and deep knowledge of application security engineering principles, and helping clients development team and function to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes; o Well versed with the application deployment and configuration baselines, and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations; o Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service; o Perform manual and automated security assessment of the applications; o Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets; o Be a liaison between the Application development and infrastructure team, and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; o Identifying, researching and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and o Performing active monitoring and tracking of application related threat actors and tactics, techniques and procedures (TTPs), that could likely cause an impact to client organization

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps.

Company Overview: Outsourced is a leading ISO certified India & Philippines offshore outsourcing company that provides dedicated remote staff to some of the world's leading international companies. Outsourced is recognized as one of the Best Places to Work and has achieved Great Place to Work Certification. We are committed to providing a positive and supportive work environment where all staff can thrive. As an Outsourced staff member, you will enjoy a fun and friendly working environment, competitive salaries, opportunities for growth and development, work-life balance, and the chance to share your passion with a team of over 1000 talented professionals. About the Role: Conduct web app, external, and internal penetration tests for global clients. Deliver high-quality reports and communicate findings to stakeholders. Work autonomously in a client-facing role with minimal supervision. Work Setup Location: Onsite - Bangalore Core hours: ~10 AM7 PM IST (but we're flexible) Key Responsibilities: Conduct full-scope penetration tests : Web apps (modern JS frameworks, APIs, microservices) External/internal networks (pivoting, privilege escalation) Cloud environments (AWS/Azure/GCP misconfigurations) Develop custom exploits for unique vulnerabilities (not just CVEs) Reverse engineer black-box systems when documentation is limited Client & Reporting: Translate technical findings into executive-level risk briefings Deliver actionable reports (we hate template spam) Guide clients through remediation validation Team Contribution: Mentor junior team members (optional but encouraged) Contribute to internal tool development (if interested) Participate in quarterly research sprints (choose your focus area) Requirements: OSCP-certified (must have current certification) 3-5 years of hands-on pen testing experience (not just vulnerability scanning) Can walk us through your methodology for: Web app testing (Burp Suite, custom exploits) Internal network pivoting Cloud environment testing (AWS/Azure/GCP) Communication chops – you'll be explaining XSS to CTOs Nice-to-Haves (Tell Us If You Have These): OSCE/OSEP/CREST certifications Cloud security certs (AWS/Azure/GCP) Published CVEs/blog posts/research Experience with red team operations What we Offer Health Insurance: We provide medical coverage up to 20 lakh per annum, which covers you, your spouse, and a set of parents. This is available after one month of successful engagement. Professional Development: You'll have access to a monthly upskill allowance of 5000 for continued education and certifications to support your career growth. Leave Policy: Vacation Leave (VL): 10 days per year, available after probation. You can carry over or encash up to 5 unused days. Casual Leave (CL): 8 days per year for personal needs or emergencies, available from day one. Sick Leave: 12 days per year, available after probation. Flexible Work Hours Outsourced Benefits such as Paternity Leave, Maternity Leave, etc.

Role & responsibilities Orange Business is hiring for Cybersecurity Expert - Pentest for Greater Noida location. Performing (Web, mobile, Cloud-based AWS, Azure, etc.), thick-clients business solutions and infrastructure pentest as assigned by the customer Work on full assessment & revalidation cases within customer defined timelines. Handling report creation based on pentest outcome as per customer template Develop new test cases, scenario & able to perform API pentesting Develops, tests and validates solutions to remediate exploitable conditions on devices such as web servers, mail servers, routers, firewalls and intrusion detection systems | Provide results report and help team to evaluates, codes and implements software fixes (patches) to address system vulnerabilities such as malicious code (e.g., viruses), system exploitation using SQL injection, cross-site scripting, buffer overflows, parameter tampering, hidden field manipulation, cookie poisoning and web services manipulation | Conducts security assessments of systems and applications using penetration tests, ethical hacking tools and risk assessment/mediation methodologies to evaluate vulnerabilities Perform source code review & configurations reviews against CIS benchmarks and security standards Participating in end user calls with customer for requirement gathering, explanation of findings, technical discussions. Preferred candidate profile Mandatory skill set Proficiency in Pentest tool such as using Burp suite and Kali Linux Proficiency in Python and Java, JavaScript, and Other coding languages • Good experience in performing security penetration testing and vulnerability assessment for internal, external web & mobile applications, wireless networks and IT infrastructure, end-points, cloud etc. Experience in testing diverse infra components including various enterprise platforms such as private clouds, Openshift infra, dockers/container infra etc. Experience in Source code reviews, red team exercises, security architecture configuration reviews, and technical security compliance reviews Knowledge on Web-based applications and services (SOAP/REST) Well versed in writing reports, test cases etc. OSCP/ OSWP / OSCE certification (preferred), SANS or Certified Penetration Tester, Certified Expert Penetration Tester or GIAC Certified Penetration Tester Secondary skill set Knowledge on Azure & scripting language Nice to have knowledge on other hacker tools;Appscan, Fortify, Wireshark, nmap, netcat, ZAP, FireBug, Nessus, John the Ripper.

OSCP Certification is needed. Need to have solid hands-on experience with at least 3 of these , and a basic understanding of the rest -- Mac and/or Windows Thick Client Web Application & API & AI Mobile (Android and/or iOS) & IoT Infrastructure/Systems Network/Firewalls/Switches Competencies - 5+ years of penetration testing or related security experience. Network penetration testing and manipulation of network infrastructure. Web, mobile, and/or desktop application assessments. Social engineering assessments (email, phone, or physical). Automation or scripting using Perl, Python, Ruby, or similar languages. Exploit development or modifying shellcode and existing exploit tools. Application development in C#, ASP.NET, Objective C, or Java (J2EE). Reverse engineering malware, data obfuscation, or cryptographic systems. Regulatory penetration testing, particularly focusing on FTC and PCI compliance standards. Source code review for control flow and security vulnerabilities. Strong knowledge of operating systems and network protocols. Proficiency with tools such as Burp Suite, Checkmarx, Snyk, Wireshark, Fiddler, and Wiz. Ethical approach to security and business operations. Fluency in written and spoken English (B2 level or higher). Familiarity with Kali Linux and security frameworks like MITRE ATT&CK. Desire to continuously learn new techniques and attack vectors. Preferred Skills: Experience with wireless, web application, and network security testing tools. Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels. Basic understanding of AI and machine learning security, including adversarial attacks, model poisoning and secure deployment of AI systems. Working knowledge of Unix/Linux/Mac/Windows operating systems, including scripting in Bash and Powershell. Experience with security controls in AWS, GCP, and Azure cloud environments. Understanding of security principles like defense-in-depth and security architectures. Experience in guiding and mentoring junior team members, with a focus on developing technical skills and expertise. Industry certifications like OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CEH or equivalent are highly desirable.

BE, B.Tech, MSc (Information Technology), CISA, CISSP, CEH General Description: Candidates must possess hands-on audit experience in IT general controls. As Information Technology Auditor, you will examine, evaluate and verify policies, procedures and internal controls around information systems and networks. Exposure to ISO27001, SSAE16, Vulnerability Assessment and Penetration Testing, Security Technologies is an added advantage. Responsibilities: Timely completion of information technology and information security audits in a manner that is consistent with the professional standards set by Qadit. Adequately analyze and document all information systems and related controls, and develop an appropriate audit program to test the controls identified. Evaluate the adequacy of security and processing controls as they relate to each audit, and the effectiveness of general IT controls in effect in the IT environment. Review the means of safeguarding information assets and monitor ongoing performance metrics established by the IT and Security Departments of clients. Prepare audit work papers according to established corporate guidelines and industry standards, and as applicable create audit reports. Maintain and enhance audit work paper templates. Maintain active communication with clients to manage expectations, ensure satisfaction, make sure deadlines are met, and lead change efforts effectively. Team with partners and senior managers on proposals and business development calls. 1. Conducting vulnerability assessments & penetration testing analyzing related reports. 2. Running VA PT tools 4. IT general computer controls audits Position will be based in Chennai, but will need to travel extensively both within and outside India. Role Summary Support IT audits, risk assessments, and compliance tasks in the IT GRC domain. B.E./B.Tech (CS/IT/ECE), B.Sc/M.Sc (IT/CS), or B.Com/BBA with interest in IT GRC audit. Key Skills Basic understanding of ISO 27001 and other security frameworks including SOC 2, GDPR and HIPAA, audits, MS Office; good communication and analytical skills. Pursuing CISA, ISO 27001 Foundation, or DISA is a plus. Not mandatory; freshers are welcome. Hands-on exposure to cybersecurity, compliance, and IS audit under expert guidance. Lead and execute IS audits, risk assessments, and compliance reviews within the GRC framework. Graduate in B.E./B.Tech (CS/IT), B.Sc/M.Sc (IT/CS), or equivalent. Upto 2 years in information security, IT audit, or risk/compliance roles. Strong knowledge of ISO 27001 and other security frameworks including SOC 2, GDPR and HIPAA, ITGC, regulatory frameworks (RBI, SEBI), audit tools, and MS Office. CISA, DISA, ISO 27001 Lead Auditor (preferred). Opportunity to lead audits, enhance GRC maturity, and work with senior stakeholders in a dynamic environment.

As a Product Security Engineer, you'll to ensure the security of GRAVTY throughout the development lifecycle. In this role, you will work closely with Engineering, DevOps, and Product teams to design and implement security controls, identify vulnerabilities, and drive secure coding practices. Your responsibilities will include and not limited to Conduct Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, API, and infrastructure. Think like an attacker and simulate advanced threat scenarios to proactively identify security gaps. Utilize leading security tools such as Burp Suite, Acunetix, OWASP ZAP, Snyk, Wiz, and others. Leverage offensive security platforms and toolkits like Wireshark, Metasploit, Kali Linux, and more. Perform API and mobile platform security testing, including vulnerability discovery and exploit validation. Execute and document Open-Source Intelligence (OSINT) investigations. Collaborate closely with DevOps/Engineering to integrate security tools into CI/CD pipelines and promote DevSecOps best practices. Contribute to secure coding reviews and vulnerability triage, and assist in patch, compliance, and access control management. Monitor and respond to production security alerts and assist with security incident handling. To be successful in this role, you should have A bachelors degree in Engineering, preferably CS/IT. 3-6 years of proven experience in penetration testing and vulnerability management. Minimum of 1-3 years of experience in Red Teaming Strong coding/scripting proficiency in Python, Java, Ruby, or similar. Familiarity with AWS cloud, Linux systems, Docker containers, and infrastructure security practices. Exposure to DevSecOps, including implementing security tools in CI/CD, and production environment protection. Experience in Secure Development Lifecycles, access controls, and patch compliance frameworks. Industry-recognized certifications like CEH, eWPT, eWPTX, or equivalent are a plus. Excellent analytical, communication, and collaboration skills. A curious mind, a passion for security, and a knack for staying one step ahead of adversaries.

We are hiring an information security analyst to work in our growing IT Security team. You will monitor our computer networks for security issues, install security software, and document any security issues or breaches you find. To do we'll in this role you should have a bachelors degree in computer science and experience in the information security field. Monitor computer networks for security issues. Investigate security breaches and other cybersecurity incidents. Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs. Document security breaches and assess the damage they cause. Work with the security team to perform tests and uncover network vulnerabilities. Fix detected vulnerabilities to maintain a high-security standard. Stay current on IT security trends and news. Develop company-wide best practices for IT security. Perform penetration testing. Help colleagues install security software and understand information security management. Research security enhancements and make recommendations to management. Stay up-to-date on information technology trends and security standards.

Job opportunity Lead Security Engineer (m/f/d) at thinkproject Introducing Thinkproject Platform Pioneering a new era and offering a cohesive alternative to the fragmented landscape of construction software, Thinkproject seamlessly integrates the most extensive portfolio of mature solutions with an innovative platform, providing unparalleled features, integrations, user experiences, and synergies. By combining information management expertise and in-depth knowledge of the building, infrastructure, and energy industries, Thinkproject empowers customers to efficiently deliver, operate, regenerate, and dispose of their built assets across their entire lifecycle through a Connected Data Ecosystem. What your day will look like We are seeking a skilled Lead Security Engineer to join our team and play a key role in safeguarding our organization from cyber threats while ensuring the operational uptime of our customer-facing and internal IT Security platforms. In this role, you will lead the day-to-day operations of the Security Engineering team, continually enhancing our capabilities in cyber security protection, mitigation, and control. The team is responsible for the deployment, management, and ongoing improvement of our IT security solutions, ensuring the integrity, confidentiality, and availability of our systems and data. You will also ensure our security solutions align with industry best practices and fulfil Thinkproject s compliance obligations across all platforms. The Lead Security Engineer will lead and mentor a team, driving a coordinated and strategic response to both emerging and ongoing threats. They will also ensure that the organizations cyber security controls, solutions and platforms are maintained in alignment with service level agreements (SLAs) for both customers and internal stakeholders. The ideal candidate will have extensive experience working within a Security Engineering team and possess hands-on expertise in implementing, configuring, and managing solutions for security logging, monitoring, threat detection, vulnerability management, endpoint protection, and infrastructure security. The candidate should bring leadership and mentoring capabilities, providing oversight and expert guidance to other security engineers while promoting a positive culture of continuous improvement. The Lead Security Engineer will also be responsible for monitoring the health of Thinkprojects IT security infrastructure, responding to health-related events. This role sits within the Product Operations and Corporate IT branch, reporting to the Director of Cyber Security and Networking, and operates as part of the broader Cyber Security, Network Engineering, and Operations team. What you need to fulfill the role Lead the daily operations of the Security Engineering team, ensuring effective management of incidents, requests, problems, and projects related to the IT security infrastructure, solutions and controls maintained by the team. Support the Security Operations Team with Investigation and response to security events and incidents, ensuring timely identification, containment, eradication, and recovery. Assist with development of event response procedures and playbooks Support the Central IT functions with Investigation and response to IT events and incidents, ensuring timely identification, containment, eradication, and recovery. Arrange and oversee frequent penetration tests of our solutions, ensuring they are conducted successfully and without impacting service. Ensure all security engineering operations are conducted in compliance with relevant regulatory requirements, industry standards, and internal policies. Assist in the preparation and maintenance of audit and compliance documentation. Manage the output of security issues from cyber security assessment tools, coordinating with key stakeholders to ensure timely mitigation and remediation of identified issues and threats. Contribute to the ongoing maturation of the Security Engineering team by introducing new solutions to enhance departmental operations and improve cybersecurity coverage. Oversee the day-to-day management of a comprehensive suite of security products and tools, including (but not limited to): Web Application Firewalls (WAF), Endpoint Detection and Response (EDR), Remote Access and Zero Trust solutions, Patch Management solutions, Vulnerability and Penetration Testing solutions, Threat Response solutions, Cloud Security Posture Management, Application Security Posture Management, Cyber Security Awareness Training, Email Security Gateways, Privileged Access Management, Software Composition Analysis, Static Code Analysis, Password Management, Public and Private PKI, SIEM, Identity Management, Dark/Deep Web Monitoring, Asset and Endpoint Management, and Data Classification/Data Loss Prevention (DLP) solutions. Ensure that deployed security controls and solutions consistently generate valuable and actionable alerts to support the Security Operations Centre (SOC), including regular tuning to minimize false positives and effective integration with SIEM and other monitoring systems. Assist in the development and management of the IT Security budget, providing input on resource planning, tooling requirements, training needs, and operational costs. Collaborate with leadership to ensure the budget aligns with strategic objectives and supports the ongoing growth and maturity of the SOC function Mentor and guide security engineers, fostering a positive culture of continuous improvement. Coordinate the team to ensure an effective and consistent response to both emerging and ongoing threats. Conduct daily, weekly, and monthly stand-up meetings with internal teams and the wider engineering and operations groups to ensure effective coordination and alignment on current and upcoming deliverables and objectives. Respond to security issues, vulnerabilities, and threats escalated to the Security Engineering team, and assist in resolving them using tools and solutions managed by the IT Security team. Assist with the management of Microsoft 365 platforms and solutions, ensuring optimal configuration to maintain confidentiality, integrity, and availability for our business operations Assist with the management of Cloud Hosting platforms and solutions, ensuring optimal configuration to maintain confidentiality, integrity, and availability for our business operations Ensure projects involving the Security Engineering team are effectively managed and delivered on schedule, with coordinated use of resources both within and outside the team. Work independently and coordinate resources under the direction of the Cyber Security Director to ensure the successful delivery of business objectives. You Must Have: Language & Communication Proficiency in spoken and written English, with the ability to communicate effectively across both technical and non-technical audiences The ability to communicate difficult or sensitive information tactfully Education & Experience: At least 5 years of relevant experience Strong knowledge of cybersecurity principles, threat landscapes, and incident response procedures Awareness of current and emerging cyber threats affecting SaaS organisations Technical Experience: Hands-on experience with Web Application Firewalls (WAF), Endpoint Detection and Response (EDR), Remote Access and Zero Trust solutions, Patch Management solutions, Vulnerability and Penetration Testing solutions, Email Security Gateways, Privileged Access Management, Password Management, Public and Private PKI, SIEM, Identity Management, Asset and Endpoint Management Solutions, and Data Classification/Data Loss Prevention (DLP) solutions Hands-on experience with Conditional Access, Multi Factor Authentication and Identity Management solutions. Hands-on experience with the Microsoft Azure cloud platform, Microsoft Entra, Microsoft Intune, and Microsoft 365, along with applying best-in-class security protections to these solutions. Understanding of common IT systems / concepts, including but not limited to; DNS (public and private), TCP/IP, Firewalling, Active Directory, APIs, Encryption, Access control, Infrastructure as code. Teamwork & Leadership: A positive, self-motivated attitude and the ability to inspire and motivate others The ability to work effectively in a team environment, collaborating with cross-functional teams to achieve shared objectives Strong time management and prioritisation skills, with the ability to manage your own workload and support others in doing the same The ability to perform effectively under pressure, prioritise tasks, and make sound decisions in high-stress or emergency situations A proactive mindset with the ability to critically evaluate your own work, identify improvement opportunities, and automate, simplify, or standardise processes where appropriate Experience taking ownership of project delivery and coordinating resources both internally and across teams to achieve business objectives. Experience ensuring adherence to business objectives and SLAs to deliver the best possible customer experience. It Would Be Good to Have: Language Skills: Proficiency in German (spoken and written) Leadership & Strategy: Experience leading a security engineering function to enhance operational maturity Experience developing and delivering security posture reports for diverse audiences, including stakeholders, customers, and senior management Experience leading an operational team and coordinating analyst resources Experience producing and managing key performance indicators (KPIs) to measure team performance and drive continuous improvement Experience managing team budgets and contributing to team financial planning Technical Experience: Hands-on experience with Threat Response, Cloud Security Posture Management, Application Security Posture Management, Cyber Security Awareness Training, Software Composition Analysis, Static Code Analysis, DDOS Protection, and Dark/Deep Web Monitoring solutions Hands-on experience with the Amazon AWS cloud platform, along with applying best-in-class security protections to these solutions. Practical knowledge of common cyber security standards (ISO27001, C5, Cyber Essentials, etc) Teamwork & Leadership: Experience conducting and facilitating daily, weekly, and monthly stand-up meetings to support effective team coordination and delivery What we offer Lunch n Learn Sessions I Womens Network I LGBTQIA+ Network I Coffee Chat Roulette I Free English Lessons I Thinkproject Academy I Social Events I Volunteering Activities I Open Forum with Leadership Team (Tp Caf ) I Hybrid working I Unlimited learning We are a passionate bunch here. To join Thinkproject is to shape what our company becomes. We take feedback from our staff very seriously and give them the tools they need to help us create our fantastic culture of mutual respect. We believe that investing in our staff is crucial to the success of our business. Please submit your application, including salary expectations and potential date of entry, by submitting the form on the next page. These cookies are necessary for a good functionality of our website and cannot be switched off in our system. We use these cookies to provide statistical information about our website. They are used to measure and improve performance. On some pages we embed content from social networks and other services. As a result, your personal data may be passed on to the operator of the portal from which the content originates, so that the operator can analyse your behaviour.

Join Team Amex and lets lead the way together. How will you make an impact in this role? Responsible for contacting clients with overdue accounts to secure the settlement of the account. Also they do preventive work to avoid future overdues with accounts that have a high exposure. A PCI Penetration Tester, often referred to as a security expert or ethical hacker, is responsible for simulating real-world cyberattacks on systems and networks to identify vulnerabilities related to the Payment Card Industry Data Security Standard (PCI DSS). Their role involves performing vulnerability assessments, exploiting weaknesses, and providing actionable recommendations for remediation to ensure compliance with PCI DSS requirements. Key Responsibilities: PCI DSS Compliance: Ensuring that systems and networks meet the security requirements outlined in PCI DSS standards. Vulnerability Assessment: Identifying and classifying security flaws in systems, networks, and applications within the Payment Card Industry (PCI) environment. Penetration Testing: Simulating attacks on systems and networks to exploit identified vulnerabilities and assess their impact. Reporting and Recommendations: Documenting findings, including risk assessments, and providing detailed recommendations for improving security posture and addressing identified weaknesses. Compliance and Security: Collaborating with IT and development teams to implement security measures and ensure compliance with PCI DSS and other relevant standards. Staying Updated: Keeping abreast of the latest security threats, vulnerabilities, and testing methodologies to enhance their expertise. Specific Tasks: Network Scanning: Using tools like Nmap to identify open ports, services, and potential vulnerabilities within the network. Application Testing: Evaluating web applications, mobile apps, and APIs for security weaknesses and potential exploitation points. Reporting: Creating detailed reports, including risk assessments, technical findings, and remediation recommendations, for stakeholders. Skills and Qualifications: Bachelor s Degree in Computer Science, Information Systems, Business 10+ years of experience in cyber security Penetration testing Strong understanding of PCI DSS requirements and compliance. Experience in penetration testing methodologies and tools. Proficiency in network protocols, operating systems, and web application technologies. Knowledge of common security vulnerabilities and exploitation techniques. Ability to communicate technical findings clearly and concisely. Certifications: Industry certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or similar can be beneficial.

You take a long term view of how to drive quality and improve the testability of system architecture. You drive the development of testing tools for complex problems and large software systems to improve software testability, test coverage and product quality. You make it easier for a development team to write and execute tests. When appropriate, you implement new or reuse testing methods. You work through all phases of the project lifecycle, including reviewing requirements, designing critical infrastructure and tools , building new interfaces, integrate with existing architectures, developing and testing code, and delivering seamless implementations for speech middleware functionality. You make appropriate test trade-offs (e.g., level of instrumentation, cost of maintenance, low level vs. high level testing). You are instrumental in guiding best practices (e.g., unit testing, continuous deployment, etc.). 1+ years of test automation frameworks and tools building experience 2+ years of non-internship professional software development testing experience Experience programming with at least one modern language such as Java, C++, or C# including object-oriented design Experience in penetration testing and exploitability-focused vulnerability assessment Experience in platform-level security mitigations and hardening for Linux and Windows Knowledge of overall system architecture, scalability, reliability, and performance in a database environment Experience with security in service-oriented architectures and web services

Information Security Engineer Vulnerability Management Analyst What you will do In this vital role is focused on identifying, assessing, prioritizing, and tracking the remediation of vulnerabilities across the organizations technology stack. The Vulnerability Management Analyst plays a key role in the security operations team by ensuring known vulnerabilities are managed through their lifecycle using structured processes and tools. The individual will analyze vulnerability scan data, correlate threat intelligence (e.g., KEV, EPSS), and work closely with infrastructure, application, and business teams to drive risk-based remediation. Roles & Responsibilities: Analyze vulnerability scan results from tools like Tenable, Qualys, or Rapid7 to identify security weaknesses across infrastructure and applications. Prioritize vulnerabilities using multiple criteria, including CVSS, KEV (Known Exploited Vulnerabilities), EPSS (Exploit Prediction Scoring System), asset criticality, and business context. Partner with IT and DevOps teams to track remediation progress and provide technical guidance on mitigation strategies. Monitor threat intelligence feeds to correlate vulnerabilities with current exploit activity. Create and maintain vulnerability metrics, dashboards, and reports for leadership and compliance teams. Support vulnerability assessment activities in cloud environments (AWS, Azure, etc.). Maintain documentation related to the vulnerability management lifecycle. Assist in policy and process development related to vulnerability and patch management. Participate in audits and compliance efforts (e.g., SOX, ISO, NIST, PCI). What we expect of you We are all different, yet we all use our unique contributions to serve patients. Masters degree and 1 to 3 years of experience in Cybersecurity, vulnerability management or information security operations OR Bachelors degree and 3 to 5 years of experience in Cybersecurity, vulnerability management or information security operations OR Diploma and 7 to 9 years of experience in Cybersecurity, vulnerability management or information security operations Must-Have Skills: Familiarity with vulnerability management tools (e.g., Tenable, Qualys, Rapid7). Understanding of CVSS scoring, vulnerability lifecycle, and remediation workflows. Basic knowledge of threat intelligence and how it applies to vulnerability prioritization. Working knowledge of network, operating system, and application-level security. Ability to analyze scan data and correlate it with business context and threat intelligence. Preferred Qualifications: Good-to-Have Skills: Experience with KEV, EPSS, and other threat-based scoring systems. Familiarity with patch management processes and tools. Exposure to cloud security and related scanning tools (e.g., Prisma Cloud, AWS Inspector). CompTIA Security+ GIAC GSEC / GCIH Qualys Vulnerability Management Specialist (QVMS) Tenable Certified Nessus Auditor (TCNA) Soft Skills: Analytical Thinking Ability to interpret complex data sets and assess risk effectively Attention to Detail Precision in identifying and tracking vulnerabilities and remediation status Communication Skills Ability to communicate technical findings to both technical and non-technical audiences Collaboration & Teamwork Able to work across IT, DevOps, and security teams to drive resolution Curiosity & Continuous Learning Willingness to know the latest with evolving threats and technologies Problem-Solving Approach Capability to identify solutions to security weaknesses in diverse environments

This role involves the development and application of engineering practice and knowledge in designing, managing and improving the processes for Industrial operations, including procurement, supply chain and facilities engineering and maintenance of the facilities. Project and change management of industrial transformations are also included in this role. - Grade Specific Focus on Industrial Operations Engineering. Develops competency in own area of expertise. Shares expertise and provides guidance and support to others. Interprets clients needs. Completes own role independently or with minimum supervision. Identifies problems and relevant issues in straight forward situations and generates solutions. Contributes in teamwork and interacts with customers. Skills (competencies)

Primary Skill Roles and responsibilities Work within the Cyber security domain, focusing on the Automated security testing part of our services and improving overall security posture of products and systems for assigned business domain. You will be part of an agile team, constantly improving and automating the security posture of the cloud infrastructure at IKEA. You will partner with and support the IKEA engineering community to build secure infrastructure at scale. You will perform threat modeling and security risk assessments. Understanding of security compliance requirements such as GDPR, NIS2, ISO27000. You will build and operate reliable tooling to increase the visibility of cloud environments and remediate security misconfigurations. You will be a valued member of the team, providing sound perspectives on infrastructure security as well as secure software development. You will be part of the IKEA Cyber Security organization, with a lot of room to grow and develop your skills, knowledge, and experience. Experience utilizing CI/CD practices to Automate security testing tools like SAST (Static Application Security Testing), SCA (Software Composition Analysis), IaC scanning or Container scanning tools in GitHub, Azure DevOps etc. Secondary Skill Experience in cloud native environments and preferably Google Cloud Platform or Azure. Experience in working with REST APIs and API security. You have good infrastructure security experience and are passionate about reducing security risks in the cloud. You have experience with threat modeling, security design reviews, and security architecture. Experience with CI/CD pipelines (preferably Github actions), Kubernetes and infrastructure Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders.

Job Summary If you are a graduate looking for an opportunity to build career in Cybersecurity domain, Emerson has an exciting opportunity for you! Based in our Pune, India location, you will be a member of a collaborative product Security group. You will have the opportunity to learn product Security and work with global technical leadership teams for product Security for Emerson business units located across the globe. You ll be employed for Emerson Innovation Centre, Pune (EICP) In This Role, Your Responsibilities Will Be: Perform Vulnerability Analysis and Penetration testing of Web / Thick client / Mobile applications used in critical infrastructure Perform protocol fuzz Testing of industrial communication protocol Provide appropriate mitigation actions for the identified vulnerabilities to development team Work closely with development team to validate and strengthen security controls. Who You Are: You will quickly learn the dynamic and fast changing security area under mentorship of senior resources and build skillset to deliver results independently by the end of training period. For This Role, You Will Need: Familiar with different security pen test tools like Burp Suite, Kali Linux, DAST like App Scanner or similar other tools widely used for Penetration Test. Understanding of security protocols (HTTPS, HSTS, TLS, SSH). Strong learning agility and commitment to learn. Good analytical skills and decision-making capabilities. Proven verbal and written communications. Knowledge of scripting language (TCL, Perl, Python, Shell etc. ) for exploit development. Familiar with OWASP Top10 and IEC62443 standard Preferred Qualifications that Set You Apart: BCA / BSC-Computer Science completed in 2024 or due to complete by June 2025 from reputed institute. Cybersecurity training / Certification will have added advantage. Our Culture Commitment to You . .

Cybersecurity penetration tester Lead engagements from kickoff with product owners through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Minimum 4+ (4-6yrs) years of experience in web and thick client application penetration testing domains. Expertise in using tools such as Nmap, Wireshark, Burp suite, OWASP Zap, Echo Mirage, and OS such as Kali Linux or similar etc. Proficiency in dynamic analysis of thick client applications and reverse engineering to uncover the logic and develop exploits. Strong communication skills and ability to develop detailed PoCs and reports to convey complex technical information to both technical and non-technical stakeholders, train product team and promote security awareness. Stay up to date on the latest exploits and security trends. Requirements Candidate must have either of the following certifications from OSCP, OSEP, OSED, SANS GPEN, GXPEN. Knowledge of programming languages such as C, C++, Java, .Net.. Who have practical pen-test certification . Eg OSCP , OSWE , CREST CRT , CTRE Knowledge of Windows and Linux OS along with strong understanding of networking principles. Knowledge of reverse engineering tools, debuggers, and dynamic analysis techniques for thick client applications. Knowledge of OWASP, NIST, MITRE CWE,CVSS etc. Ability to learn and adapt quickly. Knowledge in testing mobile applications (Android and iOS) is not mandatory but good to have. Candidate must have experience in working with Web and Thick Client Applications.

Job Title: Security Operation Manager Location: Noida Job Tyoe : Full-Time Experience: 7+ Years Department: Operation/ Security Reports To: Operation Director Job Summary: The Security Operational Manager is responsible for overseeing the day-to-day operations of the organization's security infrastructure. This role involves managing the security operations center (SOC), leading incident response efforts, and ensuring the effectiveness of security policies, procedures, and protocols. The Security Operational Manager will collaborate with various departments to safeguard the company's information assets and maintain a robust security posture. Key Responsibilities: Manage Security Operations: Oversee the daily activities and operations of the security operations center (SOC), ensuring continuous monitoring, detection, and response to security incidents. Incident Response: Lead the incident response team in identifying, managing, and resolving security breaches and vulnerabilities. Conduct post-incident analysis and reporting to prevent future occurrences. Security Monitoring: Implement and maintain security monitoring tools and technologies to detect and respond to threats in real-time. Penetration Testing and Vulnerability Scanning: Conduct regular penetration testing and vulnerability scanning to identify and mitigate security weaknesses within the organization's systems and applications. Policy and Compliance: Develop, enforce, and update security policies, procedures, and protocols in alignment with industry standards and regulatory requirements. Ensure compliance with relevant laws and regulations. Team Leadership: Tain, and mentor the security operations team, fostering a culture of continuous improvement and professional development. Risk Management: Conduct regular security risk assessments and implement mitigation strategies to reduce identified risks. Collaboration: Work closely with IT, legal, and other departments to ensure comprehensive security measures are integrated into all business processes. Reporting: Prepare and present regular reports on security operations, incidents, and compliance status to the Customers. Emergency Response: Develop and maintain emergency response plans for security incidents, ensuring the organization is prepared for potential crises. Qualifications: Education: Bachelors degree in Computer Science, Information Security, or a related field.. Experience: Minimum of 7 years of experience in information security, with at least 3 years in a managerial role overseeing security operations. Certifications: Relevant certifications such as CISSP, CISM, CEH, or similar are highly desirable. Technical Skills: Proficient in security technologies such as SIEM, IDS/IPS, firewalls, antivirus software, and endpoint protection. Expertise in conducting penetration testing and vulnerability scanning. AWS Expertise: In-depth knowledge and experience with Amazon Web Services (AWS) security practices and tools. Knowledge: In-depth understanding of security frameworks (e.g., NIST, ISO 27001), compliance requirements (e.g., GDPR, HIPAA), and incident response best practices. Leadership: Strong leadership and team management skills with the ability to motivate and guide a diverse team. Communication: Strong verbal and written communication skills, with the ability to convey complex security issues to non-technical stakeholders. Working Conditions: The role may require occasional on-call work to address security incidents. Must be able to work in a high-pressure environment and handle multiple tasks simultaneously.

Job Title: Information Security Analyst (InfoSec Analyst) Location: Remote Job Type: Fulltime YoE: 12+ years relevant experience Shift: 2 to 11 pm IST Description: The Information Security Analyst is responsible for the defining, planning, and monitoring of security measures for the protection of computer networks and information. This individual will also be responsible for monitoring and analyzing network security hardware and software and assist in the development and enforcement of network security policies. This position will work within the legal department and report to the Director, Head of the Security, Compliance, & Risk (SCR) department. Duties and Responsibilities: The following duties are normal for this job. These are not to be construed as exclusive or all-inclusive. Other duties may be required and assigned. Defines, maintains, and reports on overall computer network security strategies (Best Practices/Common Practices) with all information assets connected to the Vaco network. Must have the ability to communicate security policies and strategies to people of varying technical ability both verbally and in written format. Monitors operation of, and provides reports on, perimeter security systems such as firewalls, routers, proxy servers, intrusion detection and protection systems. Monitors operation of, and provides reports on, end point security systems such as anti-virus, patch management and vulnerability assessment tools. Monitors operation of, and provides reports on, security information and event management (SIEM) systems. Must have the ability to examine a variety of data sources to correlate events and determine courses of action. Participates in the incident response process when network anomalies are discovered and drives the incident process to completion. Manages relationships and coordinates operational activities between Vaco and external security services providers (e.g., Managed Security Services Providers, Penetration Testers, Solution providers, etc.). Coordinates vulnerability remediation activities and works with the IT operations section to mature the patch management lifecycle based on vulnerability management Service Level Agreements (SLAs) defined by the SCR function. Creates and publishes daily/weekly/monthly/quarterly/annual incident management reports as requested/required. Desired Competencies and Skills: Knowledge of SIEM systems Knowledge of Intrusion Detection Systems/Intrusion Protection Systems Knowledge of networking and firewall appliances Knowledge of Information Security standards (International Organization for Standardization 27000 series, National Institute of Standards and Technology, HITRUST) Knowledge of a variety of vulnerability management solutions Strong verbal and written communication skills. Project management and organizational skills Educational Requirements: Bachelor’s degree in Computer Science, Information Technology, Information Security or Electrical Engineering preferred, with at least two (2) years of experience of Information Security experience. One of the following certifications is required: Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); GIAC certifications and/or Certified Ethical Hacker (CEH); CompTIA Security+. Any equivalent combination of education, training, and experience which provides the requisite knowledge, skills, and abilities for this job may be considered. Travel Requirements: 10% -Occasional travel to onsite offices or vendor conferences may occur