1538 Penetration Testing Jobs - Page 8

We are seeking a skilled and motivated Cyber Security Engineer to lead efforts in ensuring the security, integrity, and regulatory compliance of our Software as a Medical Device (SaaMD) products. This role is pivotal in upholding global security standards, including ISO/IEC 27001 , ISO/IEC 27002 , and ISO 13485 , while embedding security best practices across the software development lifecycle. You will be responsible for implementing security controls, conducting threat modeling and penetration testing, supporting compliance audits, and driving continuous improvement in our security posture. Key Responsibilities 1. Security Control Implementation Design, implement, and monitor security controls within the SaaMD development lifecycle. Ensure alignment with ISO/IEC 27001, 27002, and ISO 13485 standards. Collaborate with development teams to integrate security practices across the SDLC. Advise on secure coding, vulnerability management, and DevSecOps principles. Maintain a risk-based security approach, identifying threats and vulnerabilities early. 2. Compliance & Audit Support Provide documentation and evidence for internal/external audits (ISO/IEC 27001, 27002). Work closely with Quality and Regulatory teams to ensure ISO 13485 compliance. Create and maintain policies, procedures, and documentation for audit readiness. Manage change documentation processes to support audit traceability. 3. Threat Modeling & Penetration Testing Build and refine threat models using tools such as LucidChart . Perform penetration testing and security assessments using tools like BurpSuite , nmap , Wireshark , and Deptrack . Conduct both static and dynamic code analysis to uncover vulnerabilities. 4. Vulnerability Management Conduct vulnerability assessments with tools such as Grype , Dockle , and Trivy . Collaborate with development teams to triage and resolve issues. Track vulnerabilities through identification to remediation. Establish a robust vulnerability management process with defined KPIs. 5. Reporting & Communication Create comprehensive security and penetration test reports with clear remediation steps. Effectively communicate risks and collaborate with cross-functional teams. Provide management with periodic updates on security posture, vulnerability status, and remediation progress. 6. Security Awareness & Training Assist in the development and delivery of security training for engineering teams. Foster a strong security culture by promoting best practices and awareness. Qualifications Bachelors degree in Computer Science, Information Security, or a related field (or equivalent experience). 3+ years of experience in cybersecurity engineering, ideally in the medical device or healthcare domain. Deep knowledge of ISO/IEC 27001 , ISO/IEC 27002 , and ISO 13485 standards. Hands-on experience with threat modeling and pen-testing tools (e.g., BurpSuite, nmap, Wireshark, LucidChart). Experience with vulnerability scanning tools like Grype , Dockle , Trivy , and Deptrack . Strong grasp of secure coding, secure software development practices, and DevSecOps. Demonstrated success in security audit preparation and compliance processes. Familiarity with cloud security, container security, and modern environments (e.g., Docker, Kubernetes). Preferred Relevant certifications: CISSP , CEH , OSCP , CISM , or ISO/IEC 27001 Lead Implementer . Experience in SaaMD or highly regulated environments (healthcare, pharma, etc.). Knowledge of NIST , HITRUST , or other risk management frameworks. Experience working within CI/CD pipelines and DevOps workflows. Skills Strong analytical and problem-solving abilities. Excellent written and verbal communication; able to translate technical details to non-technical stakeholders. Detail-oriented with a proactive mindset toward risk management. Team player with the ability to collaborate effectively across departments.

We are looking for a highly skilled and experienced professional to join our team as an Anti-virus and Patching specialist in Mumbai, Pune, Kolkata, Chennai, and Noida-India. The ideal candidate will have 1 to 8 years of experience in the field. Roles and Responsibility Manage and implement anti-virus and patching solutions to ensure system security and integrity. Conduct regular vulnerability assessments and penetration testing to identify potential threats. Develop and maintain documentation of anti-virus and patching procedures and protocols. Collaborate with cross-functional teams to ensure compliance with security standards and regulations. Provide technical support and training to end-users on anti-virus and patching best practices. Stay up-to-date with emerging trends and technologies in anti-virus and patching. Job Requirements Graduation degree required. At least 1 year of experience in desktop L1 support or related field. Strong knowledge of anti-virus and patching principles and technologies. Excellent problem-solving and analytical skills. Ability to work effectively in a fast-paced environment and prioritize tasks. Strong communication and interpersonal skills. Experience with CRM/IT Enabled Services/BPO industry is preferred. Location : - Mumbai, Pune, Kolkata, Chennai, Noida

Key Responsibilities 1. To participate in functional as well as technical discussions with the client /team to understand functional /design specifications, highlight performance concerns, inconsistencies, ensure the appropriate test environments and infrastructures are in place/kept upto date. 2. To Identify opportunities for process improvement in testing methodologies /tools and Implement best practices to enhance the efficiency and effectiveness of the testing process. 3. To oversee the creation and execution of automated test scripts ensuring consistency and alignment with quality standards to minimize exposure. 4. To develop/guide and mentor QA engineers in the use of the testing framework , enhancing their technical capabilities and increasing productivity. Additional requirement: Penetration testing Web Application PT, Network Infrastructure PT, Active Directory PT, Red Team Activities "Web Application PT Must have Mobile PT Good to have Cloud Must (knowledge + understanding of Azure and AWS)Red Team Activities Must Active Directory PT MustNetworkInfrastructure PT Must have (protocols, Windows, Linux)Firewall testingauditing MustCitrix Pen testing Good to haveNetworking equipment Must (routers, switchers, load balancers, how to attack them + common weaknesses)Agile Process & Communication Good to have (it is essential that the candidate has good communicationinterpersonal skills)Certifications Completed or Optional OSCP, CPSA, CRT, CRTP, CEH (All good to have but not essential. I prefer practical knowledge than certifications)"

As an intern with our company, you will be responsible for conducting vulnerability assessments and penetration testing. Your role will involve executing comprehensive cybersecurity audits to identify and mitigate risks effectively. Additionally, you will have the opportunity to lead cybersecurity product technical sales by showcasing the value of solutions and ensuring they align with client requirements. Our company is a prominent cybersecurity solutions provider with partnerships with 3i Infotech, Zecurion, and Axidian (Europe). We have a strong presence in various locations including Bangalore, Hyderabad, Chennai, Goa, Kochi, and Thiruvananthapuram. Join us in our mission to deliver cutting-edge cybersecurity services and solutions to our clients.,

As a Senior Associate Security Consultant at NTT DATA, you will play a crucial role in developing expertise in your area of specialization. Your primary responsibility will involve translating clients" cybersecurity requirements and customizing security solutions to implement them into specific systems, applications, and product designs. By identifying and developing security solutions for clients using a variety of tools and technologies, you will consult with clients on secure product configuration, deployment, and security patches to minimize vulnerabilities effectively. Your key responsibilities will include conducting security assessments, vulnerability scans, and penetration tests to identify weaknesses in client systems. Additionally, you will analyze security data, logs, and reports to detect and investigate security incidents, and prepare detailed documentation including security assessment reports, findings, and recommendations. Collaborating with senior consultants, you will provide advice to clients on security best practices and risk mitigation strategies, while staying updated on the latest cybersecurity threats and industry practices. To excel in this role, you should have a strong interest in cybersecurity, possess knowledge of basic cybersecurity concepts, principles, and best practices, and demonstrate familiarity with common security tools and technologies. Effective communication skills, analytical thinking, problem-solving abilities, and the eagerness to stay informed about the evolving cybersecurity landscape are essential qualities for success in this position. Academically, a Bachelor's degree or equivalent in Information Technology, Computer Science, Engineering, or a related field is required. Industry relevant certifications such as CISSP, CISM, CEH, GSEC, or CompTIA Security+ are considered essential for this role. Additionally, you should have a moderate level of demonstrable experience in the Information Technology Security Industry or a similar role within a related environment, along with experience in security architecture design principles, industry compliance, and standards. NTT DATA is a trusted global innovator of business and technology services, committed to helping clients innovate, optimize, and transform for long-term success. With a focus on research and development to support the digital future, NTT DATA offers diverse expertise and a robust partner ecosystem. As a Senior Associate Security Consultant, you will have the opportunity to work in a hybrid working environment and contribute to the company's mission of driving innovation and sustainable growth for clients worldwide. Join NTT DATA to make a difference in the cybersecurity landscape and be part of a global team dedicated to excellence and innovation.,

As an Academic Advisor for Cybersecurity Training & Certification at Technovalley Software India Pvt. Ltd., located in Kochi, India, you will play a crucial role in guiding aspiring students, IT professionals, and corporate partners towards achieving internationally recognized certifications and unlocking global career opportunities. Your main responsibilities will include providing professional career guidance and counselling to individuals interested in pursuing Cybersecurity career paths such as Ethical Hacking, Cybersecurity Analyst, Computer Hacking Forensic Investigator, Offensive Security Certified Cybersecurity, Penetration Testing, SOC Analyst, Threat Intelligence, and Incident Response. You will be tasked with understanding the career aspirations and goals of each individual and recommending appropriate certification and training programs to align with their career trajectory. Additionally, you will educate prospective learners on global certification standards from renowned organizations like EC-Council, OffSec, CompTIA, PECB, and Microsoft. You will also offer insights into industry demand for Cybersecurity professionals, expected salary growth, and career scope in various Cybersecurity fields. Your role will involve coordinating the admission process, following up with leads, ensuring high admission conversion rates, and promoting scholarship opportunities for eligible candidates. Furthermore, you will be responsible for building relationships with students, acting as a student success partner, and collaborating with the placement cell to ensure certified students receive career assistance and placement opportunities. The desired qualifications for this role include a Bachelor's degree in Computer Science, Cybersecurity, IT, or related fields, along with a minimum of 2-3 years of experience in academic counselling, career guidance, or technical training consultation, preferably in Cybersecurity, IT Training, or EdTech industries. To excel in this role, you should possess a strong understanding of Cybersecurity certifications, excellent communication and negotiation skills, and the ability to work towards achieving aggressive targets. Your passion for helping individuals build careers in Cybersecurity, along with your familiarity with global job markets and career trends in Cybersecurity and IT Security domains, will be key assets in this position. Joining Technovalley will offer you the opportunity to work with India's leading Cybersecurity Training Company, engage with global professionals and industry leaders, and contribute to shaping the next generation of Cybersecurity professionals in India and beyond. This role also comes with a competitive salary, performance-based incentives, and the chance to drive career transformation in the cybersecurity space.,

As a skilled professional with 1-2 years of experience in Application Security or Penetration Testing, you will be responsible for conducting tests on applications, network devices, and cloud infrastructures. Your role will involve researching and experimenting with various types of attacks, developing methodologies for penetration testing, and reviewing code for security vulnerabilities. Additionally, you will automate common testing techniques to enhance efficiency and generate both technical and executive reports based on your findings. Your analytical, multi-tasking, and presentation skills will be essential as you communicate your findings to technical staff and executive leadership. Furthermore, you will play a crucial role in validating security improvements through additional testing. A thorough understanding of Networking, Operating Systems, Programming, and Application Security will be required to excel in this role. This is a full-time position based in Andheri, offering benefits such as a flexible schedule and Provident Fund. The successful candidate will be expected to work in person and should be prepared to share their current salary details during the application process. If you have 1-2 years of experience in VAPT and possess the necessary skills and knowledge to thrive in a dynamic security testing environment, we encourage you to apply for this exciting opportunity.,

You will be joining Olympus Corporation, a globally renowned leader in endoscopy enabled healthcare with a rich history spanning nearly a century. Olympus is committed to integrity, innovation, and quality, excelling in various fields including endoscopy, microscopy, life sciences, and digital imaging. As the Sr Manager, India, you will be leading the digital engineering R&D and acting as the business process owner for Olympuss Standard Operating Procedures related to digital product development. Your responsibilities will include overseeing digital systems design, cloud architecture, data engineering, AI/ML development, software integration, and more. You should be a strategic thinker with a deep understanding of digital technologies and a proven track record of managing high-performing teams in a global environment. Your role will involve setting up the Digital Unit engineering R&D function globally and executing digital engineering projects to align with Olympus global R&D strategy. You will lead the digital engineering teams in India, focusing on project planning, budget management, and technical oversight to meet project timelines and deliverables efficiently. Additionally, you will be responsible for providing strategic oversight in the development of digital systems and software, ensuring compliance with regulatory standards. Collaboration with global and India leadership teams will be essential to drive innovation and enhance operational efficiency. Key responsibilities include further developing the delivery scope and technology focus of the hub, optimizing workflows, enhancing digital engineering processes, collaborating with global teams, and implementing cutting-edge technologies. You will lead NPD activities, define digital strategies for medical devices, oversee system design and development, and ensure solutions meet performance and security requirements. Your background should include a degree or higher qualification in Computer Science, Digital Systems Engineering, or Software Engineering, with proven experience in creating and establishing software R&D teams globally. You should have expertise in digital engineering, cloud systems, AI/ML development, medical device regulations, and leading teams in digital systems and software development. Proficiency in project management, vendor partner management, cybersecurity risk management, and AI/ML technologies will be crucial for success in this role. Overall, you will play a pivotal role in driving innovation, improving operational efficiency, and enhancing patient and customer experiences through digital engineering excellence at Olympus Corporation.,

We are looking for a highly skilled and experienced Cyber Security Manager to join our team at Uniqus Consultech. Roles and Responsibility Develop and implement comprehensive cyber security strategies to protect against threats and vulnerabilities. Conduct risk assessments and penetration testing to identify potential security risks. Collaborate with cross-functional teams to ensure compliance with security standards and regulations. Design and implement secure network architectures and systems. Provide training and awareness programs on cyber security best practices. Stay up-to-date with emerging trends and technologies in cyber security. Job Requirements Strong understanding of cyber security principles and frameworks. Experience with security information and event management (SIEM) systems. Knowledge of threat intelligence and incident response methodologies. Familiarity with compliance frameworks such as HIPAA or PCI-DSS. Excellent communication and collaboration skills. Ability to work in a fast-paced environment and adapt to changing priorities.

Urgent Hiring ... Information Security Analyst Chennai 5-8 yrs Immediate to 30 days Skills- VAPT, Application Security, Vulnerability assessment, penetration Testing, web application testing, Mobile Testing, API Testing, Kali Linux, Burp suite.

The ideal candidate will have a strong background in IT Services & Consulting and excellent analytical skills. Roles and Responsibility Collaborate with cross-functional teams to identify and prioritize project requirements. Develop and maintain complex data models and reports using various tools and technologies. Analyze large datasets to extract insights and trends, and provide recommendations to stakeholders. Design and implement process improvements to increase efficiency and productivity. Develop and maintain technical documentation for projects and processes. Provide training and support to junior team members on new tools and technologies. Job Requirements Strong understanding of IT Services & Consulting industry trends and technologies. Excellent analytical and problem-solving skills with attention to detail. Ability to work collaboratively in a team environment and communicate effectively with stakeholders. Strong technical skills including data modeling, reporting, and visualization. Experience with process improvement methodologies and tools. Strong technical documentation and communication skills. Mandatory Skills: IDAM Security Consulting. Experience: 3-5 Years.

We are looking for a skilled Senior Infrastructure Security Engineer with 8 to 13 years of experience to join our team at Squareops, an IT Services & Consulting company. The ideal candidate will have a strong background in infrastructure security and be able to design and implement secure systems. Roles and Responsibility Design and implement secure network architectures to protect against cyber threats. Develop and enforce security policies and procedures to ensure compliance with industry standards. Conduct regular vulnerability assessments and penetration testing to identify weaknesses. Collaborate with cross-functional teams to integrate security into the development lifecycle. Develop and maintain incident response plans and disaster recovery procedures. Stay up-to-date with emerging trends and technologies in infrastructure security. Job Requirements Strong understanding of network protocols and devices such as firewalls and intrusion detection systems. Experience with cloud-based security platforms and containerization technologies. Knowledge of programming languages such as Python or Java is desirable. Excellent problem-solving skills and attention to detail. Ability to work collaboratively in a fast-paced environment. Strong communication and interpersonal skills.

JTSi Technologies India is looking for Application Security Engineer to join our dynamic team and embark on a rewarding career journey Analyzing customer needs to determine appropriate solutions for complex technical issues Creating technical diagrams, flowcharts, formulas, and other written documentation to support projects Providing guidance to junior engineers on projects within their areas of expertise Conducting research on new technologies and products in order to recommend improvements to current processes Developing designs for new products or systems based on customer specifications Researching existing technologies to determine how they could be applied in new ways to solve problems Reviewing existing products or concepts to ensure compliance with industry standards, regulations, and company policies Preparing proposals for new projects, identifying potential problems, and proposing solutions Estimating costs and scheduling requirements for projects and evaluating results

Job_Description":" About SecurityBoat Red Ops Member SecurityBoat is building a cutting-edge Penetration Testing as a Service (PTaaS) platform, where the future of offensive security meets scale and speed. As part of our elite Red Ops team, youll collaborate with a network of top-tier ethical hackers and researchers to deliver high-impact security assessments across a variety of industries and technologies. Role Overview As a Red Ops Member, youll act as an extended arm of SecurityBoat, executing rigorous penetration tests and red teaming engagements for our clients. You will have the freedom to choose projects aligned with your skills, work remotely, and get paid competitively for every engagement all while being part of an exclusive offensive security community. Key Responsibilities Perform end-to-end penetration testing on Web, Mobile, APIs, Cloud, Network, and/or Active Directory infrastructures. Conduct threat modeling and simulate real-world attack scenarios (manual + tool-based). Document vulnerabilities with clear PoC, risk impact, CVSS scores, and actionable remediation. Stay updated with the latest vulnerabilities, attack vectors, and offensive tooling. Collaborate with SecurityBoatinternal teams for client debriefs, retests, and knowledge sharing. Uphold ethical standards and maintain complete confidentiality of client systems and data. Requirements Technical Skillset (pick at least 2 core areas) Web API Pentesting (OWASP Top 10, GraphQL, JWT, SSRF, IDOR, etc.) Mobile Security Testing (Android/iOS static/dynamic) Network Infrastructure Pentesting (internal, external, firewall bypass, pivoting) Cloud Security (AWS, Azure, GCP misconfigurations, IAM abuse, etc.) Red Teaming Adversary Simulation (MITRE ATTCK, C2, initial access, privilege escalation) Active Directory Pentesting (Kerberoasting, ACL abuse, DCSync, GPO misconfigs, etc.) Preferred Certifications (Not mandatory, but a plus) Offensive Security: OSCP, OSWE, OSEP, OSED PortSwigger: Burp Suite Certified Practitioner eLearnSecurity: eCPPTv2, eWPTXv2, eMAPT Red Team: CRTL, CRTO, CRTP, CRTE Others: CEH, GPEN, GWAPT, PNPT Eligibility Criteria Minimum 2+ years of hands-on experience in penetration testing or bug bounty. A strong portfolio (CVEs, Hall of Fames, Blogs, or CTF profiles are welcome). Availability to work on assigned projects and deliver within given timelines. High attention to detail, documentation standards, and ethical conduct. Benefits Paid per project or hour, based on scope and complexity. Priority access to high-quality, recurring pentest engagements. Exclusive Red Ops Member badge and profile on SecurityBoat PTaaS platform. Early access to tools, research, and community-driven bounty opportunities. Note: This is a freelance contract, not a full-time role. We engage freelance pentesters on a project-by-project basis, with most assignments lasting anywhere between 5 days to 2 weeks. During these short-term engagements, we expect your full availability during standard working hours (8 hours/day) to maintain momentum and meet delivery timelines. At times, you may also be asked to join client calls to clarify findings, discuss technical details, or walk through your report. Clear communication and professionalism in client interactions are key. If youre a dependable security professional who thrives in focused, time-bound projects and can handle direct client interactions when needed wed love to connect with you. ","

We are looking for a highly innovative and experienced software leader to join our team at Innovatise, driving the development of cutting-edge solutions in the IT Services & Consulting industry. The ideal candidate will have a strong background in leading teams and delivering high-quality software products. Roles and Responsibility Lead cross-functional teams to design, develop, and deploy innovative software applications. Collaborate with stakeholders to identify business requirements and develop tailored solutions. Develop and maintain technical roadmaps for software projects, ensuring alignment with industry trends. Mentor junior team members, providing guidance on best practices and coding standards. Participate in code reviews to ensure high-quality deliverables. Stay up-to-date with emerging technologies and industry trends to drive innovation. Job Requirements Proven experience as a software leader or similar role, with a focus on innovation and delivery. Strong understanding of software development principles, patterns, and practices. Excellent leadership skills, with the ability to motivate and manage high-performing teams. Effective communication and interpersonal skills, with experience working with diverse stakeholders. Ability to analyze complex problems and develop creative solutions. Strong attention to detail, with a focus on delivering high-quality results.

Role Description : As a Technical Lead - Network Security at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills Skills Requirements: Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Should be open to new ideas and be willing to learn and develop new skills. Should also be able to work well under pressure and manage multiple tasks and priorities. Qualifications 7-9 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred .

Project description We are seeking a seasoned Solution Architect with deep expertise in designing and securing complex web and mobile application ecosystems. This role requires a strategic mindset combined with hands-on technical proficiency to assess risks, define robust security architectures, and drive secure development practices across the SDLC. Responsibilities Architect and implement security solutions for web and mobile platforms, aligned with business objectives and compliance standards. Should have experience with Backbase, additiv, Crealogix, and Avaloq. Perform threat modeling, application security assessments, static and dynamic code reviews, and vulnerability analyses. Define security requirements and best practices across the Secure Software Development Lifecycle (SDLC). Lead penetration testing initiatives and collaborate with cross-functional teams to mitigate identified risks. Establish governance and control frameworks to ensure ongoing security posture management. Advise development and infrastructure teams on secure design patterns and architectural decisions. Stay current with emerging threats, technologies, and industry trends. Proven experience building and securing scalable web and mobile applications. Deep understanding of application security principles, secure architecture, and risk management. Proficiency in tools and methodologies for penetration testing, code analysis, and vulnerability assessment. Strong knowledge of Secure SDLC practices and integration of security into CI/CD pipelines. Excellent communication skills to engage stakeholders, developers, and leadership. Skills Must have Overall, 10+ years of experience as a Solution Architect. Proven experience in building and securing web and mobile applications. Strong knowledge of security architecture and secure coding principles. Hands-on experience in Application security assessments Penetration testing Vulnerability assessment Secure SDLC practices Static code review tools (e.g., Fortify, Checkmarx, SonarQube) Familiarity with OWASP Top 10 and CWE/SANS Top 25 Excellent problem-solving and communication skills Nice to have Certified Secure Software Lifecycle Professional (CSSLP) Experience with cloud security (AWS, Azure, GCP) Knowledge of regulatory and compliance frameworks (e.g., ISO 27001, GDPR, PCI-DSS)

Support Risk Management and Supervision team [RMS] in charge of assessing the risk profile and the effectiveness of the information security risk systems of the Groups Business and Service Units. Review IT risk self-assessments and follow -up the implementation of agreed risk remediation plan. Proactively understanding existing/upcoming regulations. Facilitating local compliance with information security policy as well as appropriate regulations/laws Assisting in the development / changes to the ICT risk frameworks, a strong risk management culture and to be recognized for providing expert operational risk advice. Partner with sr. stakeholders to proactively identify ICT risks and assess the adequacy of controls to manage such risks, including recommending enhanced or additional controls. Proactive in identifying and following up on ICT anomalies / areas of concern. Independently review, challenge and support information security activities. - Review the analyses conducted by the LOD1 (ORMs/CISO/BU-SU Program Managers etc.) on their information security risk profile and the related remediation actions In response to material information security incidents, whether internal or external, conduct independent deep dive review of the preliminary, interim, and final incident investigation report and act as a challenge function to such reports. Support information security reporting and monitoring of metrics and Key Risk Indicators (KRI) at the product line and divisional levels; continuously review existing body of KRI and related reporting. Consult with internal groups such as CISO, Infrastructure, Compliance, Legal, and other Operations teams on matters related to information risk controls, self-assessments, security incidents and infrastructure projects security aspects. Participate in the validation of the information security standards and standards applied by the BUs/SUs and the requested exceptions. Profile required Support Risk Management and Supervision team [RMS] in charge of assessing the risk profile and the effectiveness of the information security risk systems of the Groups Business and Service Units. Review IT risk self-assessments and follow -up the implementation of agreed risk remediation plan. Proactively understanding existing/upcoming regulations. Facilitating local compliance with information security policy as well as appropriate regulations/laws Assisting in the development / changes to the ICT risk frameworks, a strong risk management culture and to be recognized for providing expert operational risk advice. Partner with sr. stakeholders to proactively identify ICT risks and assess the adequacy of controls to manage such risks, including recommending enhanced or additional controls. Proactive in identifying and following up on ICT anomalies / areas of concern. Independently review, challenge and support information security activities. - Review the analyses conducted by the LOD1 (ORMs/CISO/BU-SU Program Managers etc.) on their information security risk profile and the related remediation actions In response to material information security incidents, whether internal or external, conduct independent deep dive review of the preliminary, interim, and final incident investigation report and act as a challenge function to such reports. Support information security reporting and monitoring of metrics and Key Risk Indicators (KRI) at the product line and divisional levels; continuously review existing body of KRI and related reporting. Consult with internal groups such as CISO, Infrastructure, Compliance, Legal, and other Operations teams on matters related to information risk controls, self-assessments, security incidents and infrastructure projects security aspects. Participate in the validation of the information security standards and standards applied by the BUs/SUs and the requested exceptions\

Job Summary: We are seeking a skilled VAPT (Vulnerability Assessment and Penetration Testing) Analyst to join our team. In this role, you will be responsible for conducting comprehensive security assessments, including network penetration testing, black box testing, and vulnerability assessments. You will be working directly with our client while being employed under our payroll, ensuring a seamless and secure IT environment. Your expertise in IT project management and IT security will be crucial in managing and executing these security projects effectively. Major Objectives of the Job: Conduct network penetration testing to identify and exploit vulnerabilities. Perform black box testing to assess system security from an external perspective. Carry out thorough vulnerability assessments to pinpoint potential security threats. Operate as a penetration tester to ensure the robustness of security measures. Skills & Qualifications: Live PT Projects Handling Experience : Demonstrated ability to handle live penetration testing projects independently and efficiently. IT Project Management : Basic knowledge of IT project management principles. Experience with project management tools and methodologies to plan, execute, and oversee IT security projects. IT Infrastructure and Security Knowledge : Solid understanding of IT infrastructure components and security principles. Familiarity with network architecture, protocols, and security measures. Experience in Handling IT Security Projects : Proven experience in managing IT security projects from inception to completion, ensuring all security requirements are met and risks are mitigated. Key Responsibilities: Perform network penetration testing and black box testing to identify security vulnerabilities. Develop and implement testing strategies, methodologies, and tools to ensure comprehensive security assessments. Document and report findings, providing actionable recommendations to improve security posture. Collaborate with IT and security teams to address vulnerabilities and enhance overall network Stay up-to-date with the latest security trends, tools, and techniques to continuously improve testing Manage multiple IT security projects simultaneously, ensuring timely and successful completion. Desired Qualifications: Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field. Relevant certifications such as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or CISSP (Certified Information Systems Security Professional) are a plus. Strong analytical and problem-solving skills. Excellent communication skills, both written and verbal. Ability to work independently and as part of a team.

As a Technical Writer at PwC, your primary responsibility will be to work as part of a team in producing high-quality documentation for threat actor simulation services, device and application assessments, and penetration test results. You will collaborate closely with the business team to gather information and understand documentation requirements. Your role will involve creating, editing, and maintaining documentation for penetration testing reports, procedures, guidelines, and standards. It is essential to explain complex technical concepts clearly and concisely, tailoring the content to various audiences, including both technical and non-technical stakeholders. Staying updated on the latest cybersecurity trends and technologies is crucial to ensure that the documentation reflects current practices and solutions. You will also be analyzing existing content to recommend and implement improvements and ensuring that the documentation meets industry standards, regulatory requirements, and organizational compliance needs. Identifying opportunities to enhance documentation processes and tools, managing diverse viewpoints to build consensus, and focusing on building trusted relationships are integral aspects of this role. Upholding the firm's code of ethics and business conduct is a fundamental expectation. The skills, knowledge, and experiences required to excel in this position include responding effectively to diverse perspectives, utilizing a broad range of tools to generate new ideas, employing critical thinking to break down complex concepts, understanding project objectives in the broader business context, and interpreting data to inform insights and recommendations. Additionally, developing self-awareness through reflection, upholding professional and technical standards, and adhering to the firm's code of conduct and independence requirements are vital components of this role. For this management level role, the basic qualifications include a bachelor's degree and 4-9 years of experience. Preferred qualifications encompass fields of study such as Computer and Information Science, Information Security, Information Technology, Management Information Systems, Computer Applications, and Computer Engineering. Certification in Technical Writing is also preferred. Demonstrating extensive abilities and success in technical concepts related to application security, network segregation, access controls, IDS/IPS devices, physical security, and information security risk management is essential. Familiarity with security testing tools like BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Responder, Nmap, and others within the Kali Linux distribution is advantageous. Knowledge of networking protocols, TCP/IP stack, systems architecture, and operating systems is beneficial. Additionally, familiarity with cybersecurity frameworks and industry-leading practices such as OWASP, NIST CSF, PCI DSS, and NY-DFS is desirable. Experience in writing cybersecurity articles, reports, tools, protocols, and best practices, translating technical jargon into clear language for various audiences, and developing a library of technical documentation are valuable assets. Collaborating with cybersecurity professionals, analyzing information from multiple sources, managing multiple documentation requirements effectively, ensuring accuracy and consistency, and adapting writing styles to suit different platforms and audience needs are essential skills for this role. Leveraging graphic design and visualization tools, proactively seeking feedback, and keeping leadership informed of progress and issues are critical competencies expected in this position. Professional and Educational Background: A Bachelor's Degree is preferred for this role.,

As a Senior Principal Information Security Analyst at NTT DATA, you will play a crucial role in influencing and leading the implementation of the information security strategy. Your expertise will be instrumental in aligning security measures with business goals and industry best practices. You will act as a consultant in designing and implementing security systems to safeguard the organization's computer networks from cyber threats and maintaining security standards. Additionally, you will provide guidance to junior team members and contribute high-level insights on industry best practices. Your responsibilities will include monitoring security alerts, investigating potential threats, implementing security controls, conducting vulnerability assessments, supporting incident response efforts, ensuring compliance with industry standards, and developing best practices for IT security. You will also be involved in installing and operating security software, performing penetration testing, and staying updated on security trends and standards. Collaboration with cross-functional teams and contributing to security awareness initiatives will be essential aspects of your role. To excel in this position, you should possess excellent communication skills, analytical thinking, problem-solving abilities, leadership qualities, and a strong understanding of network security concepts. Proficiency in firewalls, proxies, SIEM, antivirus, patch management, MAC and OS, security frameworks, network architecture, and system protocols is crucial. Strong analytical skills, the ability to work independently and collaboratively in a fast-paced environment are also key requirements. Academic qualifications such as a Bachelor's or Master's degree in information security, cybersecurity, computer science, or related fields are preferred. Security certifications like CompTIA Security+, CISSP, or CISM are advantageous. You should have significant experience in information security, cybersecurity, global IT organizations, network penetration testing, security assessment, and mentoring junior team members. NTT DATA is a trusted global innovator providing business and technology services to Fortune Global 100 companies. With a commitment to innovation, optimization, and transformation, NTT DATA invests in research and development to support organizations in navigating the digital future confidently. As an Equal Opportunity Employer, NTT DATA offers a hybrid working environment and values diversity, inclusion, and employee growth.,

You have a fantastic opportunity to join our team as a SOC/Incident Management/Incident Response /Threat Detection Engineering/ Vulnerability Management/ SOC platform management/ Automation/Asset Integration/ Threat Intel Management /Threat Hunting professional with a minimum of 2 years of relevant experience. As a part of our team, you will be responsible for conducting Vulnerability assessment & Penetration testing (VAPT) as per the bank's regulatory and operational requirements. This includes External Penetration Testing of Bank's internet-facing Web, Mobile, Web services, Network, and Infrastructure on a periodic basis as per Bank's provided schedules. Your key roles and responsibilities will also include maintaining an up-to-date inventory of IT assets, regularly scanning and assessing systems for vulnerabilities, prioritizing vulnerabilities based on the risk and potential impact, conducting Continuous breach attack simulations, SCD (Secure Configuration Document) verifications, Anti-Malware & Malicious Content Scan, near real-time detection and monitoring of emerging vulnerabilities, and defining and measuring metrics to track the effectiveness of the VM program. To excel in this role, you are required to have a Professional Qualification and a certification such as Certified SOC Analyst (ECCouncil), Computer Hacking Forensic Investigator (ECCouncil), Certified Ethical Hacker (EC-Council), CompTIA Security+, CompTIA CySA+ (Cybersecurity Analyst), GIAC Certified Incident Handler (GCIH), or equivalent. Product Certifications on SOC Security Tools such as SIEM/Vulnerability Management/ DAM/UBA/ SOAR/NBA are preferred. If you have 2 to 5 years of experience in the field and are looking for a challenging opportunity in Navi Mumbai on a Fixed-Term Contract basis with a Face-to-Face interview type, then this role is perfect for you. Join us and be a part of a dynamic team dedicated to ensuring the security and integrity of our systems and data.,

We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong background in penetration testing to join our cybersecurity team. The successful candidate will be responsible for identifying potential security risks and vulnerabilities in our organizations systems, applications, and networks, performing penetration testing, and facilitating and managing third-party penetration testing engagements. WHO YOU LL WORK WITH Attack Surface Reduction team helps and contribute to improve the security posture of H&M by operating within an Agile model. We play a crucial role in proactively identifying and help in mitigating potential security risks and vulnerabilities across H&Ms systems, applications, and networks, with the aim of preventing unauthorized access, data breaches, and other security incidents. Key Responsibilities: Conduct comprehensive vulnerability assessments (VA) and penetration tests (PT) on H&Ms systems, networks, and applications. Utilize industry-standard tools and methodologies to identify potential vulnerabilities and weaknesses in our attack surface. Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities in a timely manner. Experience in designing, implementing, and managing vulnerability management processes and workflows. Facilitate and manage penetration testing engagements with third-party vendors. Collaborate with other members of the cybersecurity team to develop and implement strategies to reduce our attack surface. Develop and maintain security policies and procedures for our organizations systems, applications, and networks. Monitor our organizations systems, applications, and networks for unauthorized access, suspicious activity, and other security threats. Stay up to date with the latest trends and developments in the field of cybersecurity, specifically related to attack surface reduction techniques. WHO YOU ARE We are looking for people with Bachelors degree in computer science, information security, or a related field. 3-5 years of experience in vulnerability scanning, vulnerability management, and penetration testing. Solid knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Strong knowledge of security assessment tools, vulnerability scanning, and penetration testing. Proficient in using industry-standard vulnerability assessment and penetration testing tools (e.g., Kali Distro, Qualys, Burp Suite, etc.). Familiarity with industry frameworks and standards, such as NIST, OWASP, and CIS. Effective communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders. Excellent analytical, problem-solving, and communication skills. Relevant certifications , such as SANS, OSCP, OSEP, CompTIA Security+ or CREST are a plus. WHY YOU LL LOVE WORKING HERE At H&M, we are proud to be a vibrant and welcoming company. We offer our employees attractive benefits with extensive development opportunities around the globe. We offer all our employees at H&M attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program HIP. You can read more about our H&M Incentive Program here . In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment types and countries. JOIN US Our uniqueness comes from a combination of many things our inclusive and collaborative culture, our strong values, and opportunities for growth. But most of all, it s our people who make us who we are. Take the next step in your career together with us. The journey starts here. ADDITIONAL INFORMATION This is a full-time position, starting in August 2025 . Apply by sending in your CV in English as soon as possible, but no later than the 30th of June 2025 . Due to data policies, we only accept applications through the SmartRecruiters or career page

Nature of Experience: (in years): Engineering candidate shall have 3 to 5 years of experience in ISO/SAE 21434, WP.29, UNECE R155 and R156. Knowledge of security methodology and terminology Behavioral Competencies: Candidate shall have innovative and out of box thinking Candidate shall have positive attitude and team player Candidate shall adapt to work environment Ready to travel for Plant location in case of need basis Candidate shall be capable of handling ad-hoc requests from different departments and Suppliers Efficient grasping and to work in challenging environment Functional Competencies: Expert Knowledge in the below specified areas: Automotive cyber security regulations and standards such as UNECE R155, ISO/SAE 21434 and ASPICE for cyber security. Shall support and provide expert knowledge in the analysis of Cybersecurity requirements from the customer. Work inline with the OEM, Supplier and Internal Project team in preparation of the Cyber Security Development Plan. Shall be expert in Threat analysis and risk assessment (TARA), Threat modelling. Shall be expert in Technical Security concept and Software Security concept requirement analysis and Implementation based on the micro controller(Secure-On board communication, Secure debug, Secure Log, Secure Coding, Secure boot, Secure Access, Secure Update and Interface protection etc. ) Shall Support within verification of Cybersecurity concepts (DOORS or Requirement management tool) Support to production side to ensure that Cybersecurity concepts achieved through production Good understanding of HSM, cryptographic libraries, True Random number generator, Signing (ECDSA, RSA). Good understanding on Automotive OS, ARM Trusted Firmware. Good Knowledge in Crypto terminologies like encryption (AES, ECC), signing (ECDSA, RSA), Hash (SHA-256). Efficient collaboration with Project Management, Quality Department and Functional Safety Management. Efficient Management of Cybersecurity Vulnerabilities Cyber Security Incident Responses during and after SOP. Shall be accountable for the documentation in the project to achieve cyber security compliance such as cyber security plan, cyber security case. Support for the Penetration testing and Fuzz testing activities. Shall be responsible for cyber security vulnerabilities, cyber security incident responses during and after SOP Shall Support Third party, Internal audits and assessments of cyber security work products and processes. Shall be responsible for the Peer review and quality of the work products.

The Associate Technical Security Specialist plays a critical role in supporting cybersecurity operations by implementing technical security controls, monitoring security events, and ensuring compliance with company contractual and regulatory obligations. This role focuses on operational information security tasks, responding to information security incidents, and continuously improving information security processes to protect the managed information and technical assets. Key Responsibilities Information Security Operations & Incident Response: Monitor information security alerts and logs using XDR and other security tools. Investigate potential information security incidents, escalate critical issues, and support information security incident response processes. Endpoint, Cloud, and Network Security: Assist in managing security controls for endpoints, cloud services, and network environments. Support security hardening initiatives to reduce risks. Email Security Gateway & Anti-Phishing: Manage and optimize email security solutions to prevent phishing, malware, and spam attacks. Work on email filtering policies, domain security (DMARC, DKIM, SPF), and respond to email-based threats. Vulnerability & Patch Management: Perform routine security assessments to identify vulnerabilities and misconfigurations. Work with IT teams to prioritize and implement security patches and updates. Threat Intelligence & Risk Mitigation: Analyze emerging threats and recommend proactive security measures. Assist in conducting risk assessments and security reviews of new technologies and processes. Compliance & Security Governance: Assist in maintaining security policies and ensuring compliance with contractual regulatory requirements (ISO 27001, GDPR, HIPAA, etc.). Support audits and security assessments. Security Awareness & Training: Promote cybersecurity awareness by assisting with security training sessions and phishing simulations. Support internal teams with security best practices. Functional Competencies (Technical knowledge/Skills) - Strong understanding of cybersecurity frameworks (ISO 27001, NIST, CIS Controls). - Experience with XDR, firewalls, endpoint security, and cloud security solutions. - Familiarity with Email Security Gateways (Proofpoint, Mimecast, etc.) and anti-phishing technologies. - Basic knowledge of penetration testing and vulnerability scanning tools. - Hands-on experience with IAM and access control mechanisms. - Understanding of regulatory and compliance requirements in cybersecurity. - Strong analytical skills with attention to detail. - Good communication and collaboration skills to work across teams. Experience, Education, and Certifications - 3-5 years of experience in cybersecurity operations or security administration. - Bachelors degree in Cybersecurity, Information Technology, or a related field. - Certifications such as CompTIA Security+, CEH, or equivalent preferred. - Experience working with email security solutions and incident response processes. - Knowledge of cloud security in AWS, Azure, or GCP is an advantage. Note: This role has working shifts from 02:00 PM IST - 11:00 PM IST.,