1538 Penetration Testing Jobs - Page 9

As an Automation QA Engineer with Python & ERP experience, you will be responsible for working within the existing automation framework. You should be proficient in reverse engineering and have hands-on experience in Enterprise Resource Planning (ERP) in the QA environment. You will have complete ownership of preparing the QA strategy, setting priorities for QA and automation solutions, designing automation frameworks, and leading the implementation of test strategies, plans, and execution for the product. Your role will involve supporting automation script development and optimizing these scripts. You will recommend new tools, techniques, and methodologies to enhance productivity and quality. Collaboration with product teams to strategize and align long-term solutions for test automation, including roadmap, tools, frameworks, and approaches, will be a key aspect of your responsibilities. Additionally, you will evaluate, select, and determine the best usage of test automation tools for different products and applications. Developing a standard framework for Functional Automation, Performance Testing, and Security and Penetration Testing, as well as presenting technical documentation for review by peers and the Development community, are crucial tasks. You will work with the QA team to resolve technical issues of the product as needed and develop an automation strategy to support regression testing based on technical analysis, complexity, and reusability. Adapting appropriately and competently to work challenges when faced with changes, ambiguity, adversity, and other pressures is essential in this role. As a QA Automation Engineer, you will have the opportunity to prepare the QA strategy, set priorities for QA and automation solutions, design automation frameworks, lead the implementation of test strategies, plans, and execution for the product. Supporting automation script development, optimizing these scripts, and recommending new tools, techniques, and methodologies to enhance productivity and quality will be part of your responsibilities. You will collaborate with product teams to strategize and align long-term solutions for test automation, including roadmap, tools, frameworks, and approaches. In return, GlobalLogic offers a culture of caring that prioritizes putting people first, a commitment to continuous learning and development, interesting and meaningful work that makes an impact, balance and flexibility in work arrangements, and a high-trust organization that values integrity. Join GlobalLogic, a Hitachi Group Company, and be part of a trusted digital engineering partner to the world's largest and most forward-thinking companies.,

We are searching for an experienced VAPT professional to join our cybersecurity team. You should possess a solid background in recognizing, evaluating, and mitigating security vulnerabilities in network and application environments through thorough penetration testing and vulnerability assessments. ProTechmanize Solutions, an Information Technology product and services company, founded by professionals with over 20 years of collective experience in Cyber Security, Information Technology, IT Security & Software Development, is where you will be working. The ProTechmanize team is dedicated to offering the right solutions and services to customers through customized programs. Your responsibilities will include conducting regular vulnerability assessments of network infrastructure, applications, and systems, performing detailed penetration tests to simulate cyberattacks and identify vulnerabilities, preparing comprehensive reports of findings with recommended remediation actions, collaborating with IT and development teams to address vulnerabilities, utilizing security tools like Nessus, Metasploit, and Burp Suite, providing expert advice on security posture improvement, and staying updated on security trends and technologies. To be a suitable candidate, you must have a Bachelor's degree in Computer Science, Information Security, or a related field, along with 1.5+ to 4 years of hands-on experience in vulnerability assessment and penetration testing. Proficiency in domains such as Application security OWASP, API security testing, Network security & Mobile app security, exposure to Secure Code Review using Checkmarx or HP Fortify, and a strong understanding of common attack vectors, vulnerability exploitation techniques, and security testing methodologies are essential. In addition to technical skills, soft skills such as excellent analytical and problem-solving abilities, strong verbal and written communication skills, and the capacity to work collaboratively with cross-functional teams in a fast-paced environment are vital for this role. Please note that only candidates with the required experience should apply for this position, as it necessitates hands-on experience in VAPT.,

As a Cyber Security Specialist with 5+ years of experience, your role will involve testing and operating security controls for various applications to ensure compliance with cybersecurity standards. You will collaborate with software architects to create secure software designs by conducting threat modeling. Your responsibilities will include contributing to all levels of the architecture, performing application design reviews focusing on cybersecurity compliance, and ensuring project compliance with secure design and coding standards. You will need to have a strong attention to detail, analytical mind, outstanding problem-solving skills, and great awareness of cybersecurity trends and exploitation techniques. Familiarity with security frameworks such as IEC 62443 and NIST SSDF is essential. Additionally, you will be responsible for developing an understanding of new tools and best practices, contributing to all stages of the Secure Development Lifecycle, and conducting VAPT (Vulnerability Assessment and Penetration Testing) on target applications to identify vulnerabilities and define mitigation strategies. If you are an interested candidate with expertise in Cyber Security, VAPT, Penetration Testing, application security, OWASP, and Threat modeling, and have an immediate to 15 days notice period, we invite you to share your resume at roshan.rn@utthunga.com. The location for this position is Bangalore.,

As a Security Analyst at Dedalus, a prominent healthcare technology company, you will have the opportunity to contribute to the team in Chennai, India, and play a crucial role in enhancing healthcare services for a healthier planet. Your primary responsibility will involve Security Vulnerability Analysis and Penetration Testing, where you will assess, exploit, and report security vulnerabilities in software applications and infrastructure, providing recommendations for appropriate solutions. Working alongside a highly skilled team, your work will have a significant impact on the healthcare sector. Your duties will include: - Conducting Security Vulnerability Analysis, Threat Modelling, and Risk Assessment - Performing static code reviews using automated SAST tools and analyzing false positives - Executing dynamic testing (DAST) with tools like Burp-suite, Invicti, or Nessus - Conducting manual Penetration Testing and utilizing Ethical Hacking techniques to identify vulnerabilities - Compiling assessment and validation reports on identified vulnerabilities, risks, impact, recommended solutions, and Proof of Concepts (POCs) - Explaining threats and presenting assessment reports to the Developer and Architect community To excel in this role, you must meet the following essential requirements: - Minimum of four years of experience in security vulnerability analysis and Penetration Testing (VAPT) on cloud services, web products, or enterprise applications - Proficiency in using Appsec tools, including industry-standard tools like Burp-suite, Invicti, Fortify, and open-source tools such as Kali, Nmap, Wireshark, Metasploit, ZAP, and Echo Mirage - Technical knowledge of Software Development Life Cycle (SDLC) and implementation essentials for various application types (Desktop, Web, API, Mobile, and Cloud) - Ability to review Java or .NET code with a focus on security vulnerabilities and familiarity with OWASP, GDPR, and ISO Security standards - Certification in VAPT or Ethical Hacking in Mobile, Web, or Cloud security is mandatory - Exposure to DevAppSec automation and scripting is preferred - Knowledge of AI tools and securing Docker containers like Kubernetes is advantageous - Understanding of real-world threats and data protection regulations is desirable Join Dedalus and be part of a diverse and inclusive workplace where innovation and collaboration drive better healthcare outcomes for millions of patients worldwide. Dedalus is dedicated to fostering a work environment that encourages learning, innovation, and meaningful contributions to healthcare. If you are passionate about making a difference in the healthcare sector, join us on this journey to transform and improve healthcare options globally. Application Closing Date: 18th August 2025 Dedalus is committed to promoting diversity and inclusion in the workplace, ensuring respect, inclusion, and success for all employees and communities. Our dedication to diversity and inclusion is reflected in our work culture, emphasizing the importance of an inclusive and diverse workforce to drive innovation and create better healthcare solutions globally.,

At PwC, we focus on providing strategic advice and support to clients in areas such as mergers and acquisitions, divestitures, and restructuring. Our team helps clients navigate complex transactions and maximize value in their business deals. If you join our deal integration and valuation realization team, you will be assisting clients in successfully integrating acquisitions and maximizing the value of their investments. Your responsibilities will include conducting valuations, financial analysis, and developing strategies for post-merger integration. Your role will involve building meaningful client connections, managing and inspiring others, and deepening your technical expertise. You are expected to anticipate the needs of your teams and clients while delivering quality results. Embracing ambiguity and leveraging moments of uncertainty as opportunities for growth are essential aspects of this position. To succeed in this role, you should be able to respond effectively to diverse perspectives, utilize a broad range of tools to generate new ideas, and demonstrate critical thinking skills. Understanding the broader objectives of your projects and developing a deeper understanding of the business context are crucial. You must also uphold professional and technical standards, the Firm's code of conduct, and independence requirements. As a Senior Associate, you will work as part of a team of problem solvers, focusing on solving complex business issues from strategy to execution. Key responsibilities include developing self-awareness, delegating tasks to provide stretch opportunities, and demonstrating critical thinking skills. Reviewing work for quality, accuracy, and relevance, using effective communication to influence and connect with others, and upholding the firm's code of ethics are integral to this role. Minimum Degree Required: Bachelor Degree Preferred Fields of Study: Computer and Information Science, Information Technology, Computer Applications, Computer Engineering, Information Security and Privacy Law Preferred Certifications: GSEC, SEC+, Network+, Certified Incident Handler (GCIH), Certified Intrusion Analyst (GIAC) CISM, CIPM, CISSP Minimum Years of Experience: 3 years Preferred Knowledge/Skills: Demonstrates subject matter expertise in areas such as Networking Principles, System Administration, Security Architecture, Incident Response Frameworks, Vulnerability Management, Penetration Testing, Information Security, and Data Privacy Compliance. Ability to work in a shift environment, lead daily huddles, and provide inputs for reports as assigned.,

The role is based in Bengaluru, Kolkata and is a part of Grant Thornton, a global organization with 62,000 people across 135 countries. Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd. with revenues exceeding $1.87 billion. Grant Thornton operates 58 offices in the U.S., with 623 partners and over 10,000 employees in the United States and in Bangalore and Kolkata, India. GT INDUS, the in-house offshore center for GT US, based in Bangalore, consists of over 2000 professionals in Tax, Audit, Advisory, Client Services, and Enabling functions. The culture at GT INDUS is focused on empowered people, bold leadership, and distinctive client service. It offers a transparent, competitive, and excellence-driven environment with opportunities for significant contributions and growth. The professionals at GT INDUS are actively involved in community service initiatives. The Cyber Risk Advisory practice at Grant Thornton provides risk management consulting and advisory services to clients. This role involves engagement planning, directing, and completion of Security Framework assessment, GRC Management, Third Party Risk Assessment, and Information Security architectural design. The responsibilities include working on audit engagements from beginning to end, developing and supervising other engagement staff, and assisting in client management and practice development activities. The ideal candidate should have a working knowledge of cybersecurity industry best practices, project management experience, and the ability to communicate security technology issues effectively to clients at all levels. Desired skills for this position include supporting engagement management, fieldwork documentation, training team members, attending professional development sessions, and staying updated on cybersecurity trends and risks. The candidate should hold a Bachelor's and/or Masters degree in Information Technology, Computer Science, or a related field. Preferred certifications include Certified Ethical Hacker (CeH v9 & above), CISSP, OSCP. Grant Thornton INDUS offers various benefits to full-time employees including insurance benefits, wellness programs, parental support, mobility benefits, retirement benefits, and a hybrid work model. Grant Thornton INDUS comprises GT U.S. Shared Services Center India Pvt Ltd and Grant Thornton U.S. Knowledge and Capability Center India Pvt Ltd, supporting the operations of Grant Thornton LLP. Established in 2012, Grant Thornton INDUS employs professionals across disciplines to seamlessly support U.S. engagement teams, increase access to talent, and improve operational efficiencies. The culture at Grant Thornton INDUS is driven by empowered people, bold leadership, and distinctive client service, emphasizing transparency, competitiveness, and excellence.,

The Application Security Expert - Red Team / Ethical Hacker is a critical role responsible for proactively identifying and exploiting security vulnerabilities in software applications throughout the Software Development Life Cycle (SDLC). As a key member of the in-house Red Team, your focus will be on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to strengthen the overall security posture. Your responsibilities will include planning and executing realistic attack simulations against web, mobile, and desktop applications, developing custom exploits, tools, and techniques to mimic advanced threat actors, and conducting social engineering campaigns to assess employee awareness. You will also be responsible for in-depth penetration testing of applications, networks, and systems, identifying and exploiting complex vulnerabilities, and developing detailed penetration test reports with actionable recommendations. In addition, you will conduct code reviews from an offensive perspective, provide guidance on secure coding practices, and develop secure coding guidelines. Staying up-to-date on the latest security threats, vulnerabilities, and exploit techniques will be crucial, as you will be conducting vulnerability research, developing custom exploits and tools, and integrating security testing into the SDLC. You will also collaborate with development teams, participate in design reviews, and promote a security-conscious culture within the organization. Validating and verifying the effectiveness of vulnerability remediation efforts, retesting remediated vulnerabilities, evaluating and customizing offensive security tools, and automating red teaming and penetration testing processes will also be part of your role. Your technical skills should include expert proficiency in programming languages, a strong understanding of web application vulnerabilities, experience with penetration testing tools and frameworks, cloud security principles, authentication and authorization mechanisms, and network protocols. The ideal candidate will have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, along with at least 8 years of experience in application security, penetration testing, or red teaming. Certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Expert (OSCE), and Offensive Security Web Expert (OSWE) are highly preferred.,

>> Job Description Experience: 3+ years with at-least 2-3 years in client facing advisory consulting role and managing a medium sized team Preferred Certifications: CEH, ECSA, OSCP, CISSP, CCSK, OCSE, CCSP, AWS Security Desired skill set: 1. Strong understanding of IT security standards and frameworks (OWASP, NIST, CIS) 2. Strong understanding of security risks in networks and application platforms 3. Strong understanding of network security, infrastructure security and application security 4. Strong understanding of OSI, TCP/IP model and network basics 5. Demonstrate technical penetration testing skills on IT infrastructure, web applications, mobile platforms and Red teaming 6. Strong technical skills: Information security, network security, Windows security, UNIX/Linux security, web and mobile application security, Cloud platforms 7. Broad knowledge of security technologies for applications, databases, networks, servers, and desktops 8. Solid technical skills in both information security architecture and penetration testing and ability to assess testing tools and deploy the right ones. 9. Scripting and programming experience is beneficial 10. Ability to perform manual penetration testing 11. Experience in Application Security Testing (Web, Mobile & ERP [SAP]), or related functions Vulnerability Assessment, Penetration testing 12. Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actors 13. Conduct security research on the latest emerging advanced persistent threats (APTs), malware, and other security developments to assist in enterprise security efforts. Apply this security research into assessments. 14. Perform technical writing to communicate the preparation, testing, and recommendation phases for various security tests. Work with stakeholders to remediate system vulnerabilities. 15. Train team members and colleagues on the latest cybersecurity tactics, techniques, and procedures (TTPs) to grow the skill of the firm 16. Understanding of various security technologies including end point security, perimeter security, advanced threat protection, malware defense and security management 17. Expertise in the phases of penetration testing. Familiarity with Kali Linux distribution and the associated penetration testing tools suite. Experience in penetration testing simulations like Hack the Box or Capture the Flag exercises considered a plus. 18. Good Understanding of OWASP top 10 and mitigation techniques 19. Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, Security Misconfiguration, CSRF, authentication/ authorization issues 20. Database testing: MySQL, Oracle, NoSQL 21. Understanding of cyber security management, cyber analytics, security intelligence platforms and threat intelligence frameworks 22. Writing business proposals and response to client RFP/ RFIs 23. Identifying business opportunities and lead delivery and program management for large cyber security programs 24. Delivery team and client relationship management 25. Experience on both commercial, open source tools and frameworks but not limited: Burpsuite, Metasploit, Core-Impact, Kali-Linux, AppScan, WebInspect, SSLScan, Soap UI Pro, SonarQube, Qualys, Nikto, Nessus, nmap, sqlmap, OWASP ZAP .

We are seeking a skilled and motivated Cyber Security Engineer to lead efforts in securing our Software as a Medical Device (SaaMD) offerings. This pivotal role ensures global compliance and best-in-class security practices throughout the software development lifecycle, anchored in standards like ISO/IEC 27001, ISO/IEC 27002, and ISO 13485. Key Responsibilities : Security Control Implementation : - Design, implement, and monitor robust security controls across the SaaMD SDLC. - Align with ISO/IEC 27001, 27002, and ISO 13485 frameworks. - Guide secure coding, DevSecOps practices, and vulnerability management. - Apply a risk-based approach to identify and mitigate threats proactively. Compliance & Audit Readiness : - Support internal and external audits with detailed documentation. - Collaborate with Quality & Regulatory teams for ISO 13485 compliance. - Maintain audit-ready procedures and manage change documentation. Threat Modeling & Penetration Testing : - Develop threat models using tools like LucidChart. - Conduct pen-testing via BurpSuite, nmap, Wireshark, and Deptrack. - Run static and dynamic code analysis for vulnerability detection. Vulnerability Management : - Assess vulnerabilities using Grype, Dockle, Trivy, and Deptrack. - Partner with development teams for triage and resolution. - Drive remediation workflows and monitor KPIs. Reporting & Stakeholder Communication : - Produce detailed security assessments with actionable steps. - Deliver periodic updates on security posture to leadership. - Translate complex risks into business-friendly language. Security Awareness & Training : - Build training modules to cultivate a security-first mindset. - Advocate for secure engineering culture across teams. Qualifications : Required : - Bachelors in Computer Science, Information Security, or relevant experience. - 3+ years in cybersecurity engineering, ideally in healthcare or medical devices. - Proven knowledge of ISO/IEC 27001, 27002 & ISO 13485. - Hands-on expertise with LucidChart, BurpSuite, nmap, Wireshark, Deptrack. - Experience with Grype, Dockle, Trivy; DevSecOps & secure coding practices. - Track record in audit support and regulatory compliance. Preferred : - Certifications like CISSP, CEH, OSCP, CISM, or ISO/IEC 27001 Lead Implementer. - Background in SaaMD or regulated industries (healthcare/pharma). - Familiarity with frameworks like NIST, HITRUST, and CI/CD workflows. Skills & Traits : - Strong analytical, communication, and problem-solving skills. - Detail-oriented with a proactive risk management approach. - Team collaborator able to influence across engineering and compliance functions.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails

The CoinDCX Journey: Building Tomorrow, todayAt CoinDCX, we believe CHANGE STARTS TOGETHER . You are the driving force that will help us make Web3 accessible to all.In the last six years, we have skyrocketed from being India s first crypto unicorn to carrying a community of over 125 million with us. To continue maximising the adoption and acceleration of Web3, we are now focused on developing cutting-edge products, addressing accessibility and security challenges, and bridging the gap between people and Web3 technologies. While we go ahead and keep dominating the Web3 world, we would like to HODL you on our team! Join our team of passionate innovators who are breaking barriers and building the future of Web3. Together, we will make the complex simple, the inaccessible accessible, and the impossible possible. Boost your innovation to an ALL TIME HIGH with us! You need to be a HODLer of these Minimum 1 to 4 years of experience Web and Mobile Security Assessments Must-Have core-technical Skills for: Web and Mobile Penetration Testing Competence with OWASP Standards (Both Web and Mobile) Familiarity with tools like MobSF, Frida, Burp Suite. At least 2 year in API Sec Assessment Good to have - Knowledge of Cloud Security Good to have (Any one or more of the following certs) - OSCP, GPEN, CPENT, PNPT, CRTOPYou will be mining through these tasks Proactively identify and reduce security threats, vulnerabilities and risks Identify & remediate outdated, vulnerable code and code libraries Provide subject matter expertise on architecture, authentication, and system security Develop security training and guidance to internal development teams Participate in the development of CoinDCX platforms by collaborating with the engineering team Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures Create and maintain artifacts in a protected repository established as a single source of truth Assess security tools and integrate tools as needed, particularly open-source tools Assist with recruiting activities and administrative work Professionally Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities Communicate clearly on technical issuesAre you the one? Our missing block You are knowledge-hungry when it comes to VDA and Web3, always eager to dive deeper and stay ahead in this evolving space. The world of Web3 and VDA excites you, fueling your curiosity and driving you to explore new opportunities within this dynamic landscape. You act like an owner, constantly striving for excellence, impact, and tangible results in everything you do. You embrace a We over Me mindset, growing individually while fostering the growth of those around you. Change is your catalyst, igniting your passion to build and innovate. You think outside the box, unbound by limitations or doubt, always pushing the boundaries of what s possible.Perks That Empower YouOur benefits are designed to make a lasting impact on your life, giving you the freedom to create a work-life balance that truly suits you. Design Your Own Benefit: Tailor your perk package to fit your unique needs. Whether you re eyeing a new gadget or welcoming a furry friend into your life, our flexible benefits ensure that you can prioritize what matters most to you. Unlimited Wellness Leaves: We believe in the power of well-being. Take the time you need to recharge, knowing that your health is our priority. With unlimited wellness leaves, you can return refreshed, ready to build and grow. Mental Wellness Support: Your mental health is as important as your professional growth. Benefit from access to health experts, free counseling sessions, monthly wellness workshops, and regular team outings, all designed to help you stay balanced and connected. Bi-Weekly Learning Sessions: These sessions are more than just updates they re opportunities to fuel your growth. Stay ahead with the latest industry knowledge, sharpen your skills, and accelerate your career in an ever-evolving landscape.

Take on a crucial role where youll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the worlds largest and most influential companies. As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Tech Controls team, you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions. Job responsibilities Executes creative security solutions, design, development, and technical troubleshooting with the ability to think beyond routine or conventional approaches to build solutions and break down technical problems Develops secure and high-quality production code and reviews and debugs code written by others Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls Works with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability Conducts discovery, vulnerability, penetration testing, and threat scenarios on multiple organizational assets to identify and assess if vulnerabilities are present, and executes threat modeling for multiple applications including external applications interacting with the internal JPMorgan Chase network Adds to team culture of diversity, equity, inclusion, and respect Required qualifications, capabilities, and skills Formal training or certification on security engineering concepts and 5+ years applied experience Skilled in planning, designing, and implementing enterprise level security solutions Hands on experience in Full stack Development with DotNet & React Proficient in all aspects of the Software Development Life Cycle Advanced understanding of agile methodologies such as CI/CD, Application Resiliency, and Security Experience with threat modeling, discovery, vulnerability, and penetration testing In-depth knowledge of the financial services industry and their IT systems Preferred qualifications, capabilities, and skills Experience effectively communicating with senior business leaders Take on a crucial role where youll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the worlds largest and most influential companies. As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Tech Controls team, you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions. Job responsibilities Executes creative security solutions, design, development, and technical troubleshooting with the ability to think beyond routine or conventional approaches to build solutions and break down technical problems Develops secure and high-quality production code and reviews and debugs code written by others Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls Works with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability Conducts discovery, vulnerability, penetration testing, and threat scenarios on multiple organizational assets to identify and assess if vulnerabilities are present, and executes threat modeling for multiple applications including external applications interacting with the internal JPMorgan Chase network Adds to team culture of diversity, equity, inclusion, and respect Required qualifications, capabilities, and skills Formal training or certification on security engineering concepts and 5+ years applied experience Skilled in planning, designing, and implementing enterprise level security solutions Hands on experience in Full stack Development with DotNet & React Proficient in all aspects of the Software Development Life Cycle Advanced understanding of agile methodologies such as CI/CD, Application Resiliency, and Security Experience with threat modeling, discovery, vulnerability, and penetration testing In-depth knowledge of the financial services industry and their IT systems Preferred qualifications, capabilities, and skills Experience effectively communicating with senior business leaders

Technical Skills: Candidates should have the at least 4 years of experience/expertise in the following: Python development IaaC development using Terraform Azure devops pipelines or github actions development Azure marketplace extensions development Ansible playbooks development Basic shell scripting Version control using git Key Responsibilities: Cloud Security Design and Implementation: Develop and implement robust security architectures for IMS and VoIP applications hosted on Azure public cloud as well as private cloud implementations (e.g. using Red Hat OpenShift), ensuring compliance with AT&T and industry standards as well as regulatory requirements. Security Monitoring and Incident Response: Utilize security tools (cloud-native and otherwise) to monitor cloud environments for potential threats, respond to security incidents, and conduct thorough investigations to mitigate risks. Risk Assessment and Vulnerability Management: Perform regular security assessments, including penetration testing, malware scans, and vulnerability scans, to identify and address potential security gaps in cloud infrastructures. Includes working with vendor(s) in identifying, analyzing, and defining mitigation/remediation plans. Access Management: Implement and manage identity access management (IAM) policies to control user and non-user access to cloud resources, ensuring that only authorized personnel and systems have appropriate access levels. Automation and Scripting: Utilize various methods to automate the scanning and compilation/analysis of scan results concerning the cloud infrastructure. Technology/Domain Knowledge: Cloud platforms: RedHat Openshift, Azure Kubernetes Telecommunication: 5G/EPC/IMS/VoIP Networking concepts Soft Skills: Communication: Should possess good communication and collaboration skills Time management: Ability to manage multiple projects tasks efficiently. Adaptability: Show willingness to embrace continuous learning and adapt to new technologies Problem solving: Ability to troubleshoot and solve complex technical problems. Job ID R-75137 Date posted 07/16/2025

Technical Skills: Candidates should have the at least 4 years of experience/expertise in the following: Python development IaaC development using Terraform Azure devops pipelines or github actions development Azure marketplace extensions development Ansible playbooks development Basic shell scripting Version control using git Key Responsibilities: Cloud Security Design and Implementation: Develop and implement robust security architectures for IMS and VoIP applications hosted on Azure public cloud as well as private cloud implementations (e.g. using Red Hat OpenShift), ensuring compliance with AT&T and industry standards as well as regulatory requirements. Security Monitoring and Incident Response: Utilize security tools (cloud-native and otherwise) to monitor cloud environments for potential threats, respond to security incidents, and conduct thorough investigations to mitigate risks. Risk Assessment and Vulnerability Management: Perform regular security assessments, including penetration testing, malware scans, and vulnerability scans, to identify and address potential security gaps in cloud infrastructures. Includes working with vendor(s) in identifying, analyzing, and defining mitigation/remediation plans. Access Management: Implement and manage identity access management (IAM) policies to control user and non-user access to cloud resources, ensuring that only authorized personnel and systems have appropriate access levels. Automation and Scripting: Utilize various methods to automate the scanning and compilation/analysis of scan results concerning the cloud infrastructure. Technology/Domain Knowledge: Cloud platforms: RedHat Openshift, Azure Kubernetes Telecommunication: 5G/EPC/IMS/VoIP Networking concepts Soft Skills: Communication: Should possess good communication and collaboration skills Time management: Ability to manage multiple projects tasks efficiently. Adaptability: Show willingness to embrace continuous learning and adapt to new technologies Problem solving: Ability to troubleshoot and solve complex technical problems. Job ID R-75138 Date posted 07/16/2025

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Archer. Experience: 5-8 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats. Do Design and develop enterprise cyber security strategy and architecture Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses Identify risks associated with business processes, operations, information security programs and technology projects Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge Identify security design gaps in existing and proposed architectures and recommend changes or enhancements Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. Provide support during technical deployment, configuration, integration and administration of security technologies Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity Provide solution of RFPs received from clients and ensure overall design assurance Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture Depending on the clients need with particular standards and technology stacks create complete RFPs Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps Evaluate and recommend solutions to integrate with overall technology ecosystem Tracks industry and application trends and relates these to planning current and future IT needs Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers Provide training to employees on issues such as spam and unwanted or malicious emails Stakeholder Interaction Stakeholder Type Stakeholder Identification Purpose of Interaction Internal Program Manager/Director Regular reporting & updates Infrastructure (CIS team) For infrastructure support External Customer To coordinate for all security breaches & resolutions Display Lists the competencies required to perform this role effectively: Functional Competencies/ Skill Leveraging Technology - Knowledge of current and upcoming security technologies (e.g. Firewalls, IPS, DDoS, SIEM, WAF, Endpoint etc.) and understanding of compliance regulatory requirement like PCI DSS, HIPAA, etc.- Expert Systems Thinking - Understanding of the Wipro system (interrelatedness, interdependencies and boundaries) and perform problem solving in a complex environment - Expert Leveraging Technology - In-depth knowledge of and mastery over ecosystem technology that commands expert authority respect - Master Technical Knowledge - Certified Information Systems Security Professional (CISSP), Cloud Architect Certification from AWS and Azure, ToGAF or SABSA certification- Master Competency Levels Foundation Knowledgeable about the competency requirements. Demonstrates (in parts) frequently with minimal support and guidance. Competent Consistently demonstrates the full range of the competency without guidance. Extends the competency to difficult and unknown situations as well. Expert Applies the competency in all situations and is serves as a guide to others as well. Master Coaches others and builds organizational capability in the competency area. Serves as a key resource for that competency and is recognized within the entire organization. Behavioral Competencies Effective Communication Managing Complexity Client centricity Technology Acumen Innovation Problem Solving approach Collaborative Working Execution Excellence

Key Responsibilities: Monitor, triage, and document security incidents; escalate them based on severity and business impact. Conduct daily log reviews and analyze event data to detect potential security threats. Assist in vulnerability scanning activities and coordinate with internal/external teams for Vulnerability Assessment and Penetration Testing (VA/PT). Track and follow up on open vulnerabilities to ensure timely remediation. Maintain accurate documentation, dashboards, and reports related to incident response activities. Support internal audits and compliance initiatives aligned with standards such as ISO/IEC 27001, GDPR, and PDPA. Contribute to the development and maintenance of security policies, procedures, and operational checklists. Stay informed on the latest trends, threats, and advancements in cybersecurity tools and practices. Monitor and analyze alerts from security platforms such as SIEM, IDS/IPS, firewalls, and endpoint protection systems. Required Skills Qualifications: Bachelor s degree in Computer Science, Information Security, or a related field. 0 2 years of relevant experience in a cybersecurity role (including internships). Technical Knowledge: Familiarity with security monitoring tools (e.g., SIEM, EDR, IDS/IPS). Understanding of basic networking and security concepts (TCP/IP, firewalls, proxies). Exposure to vulnerability assessment tools and methodologies (e.g., Burp Suite, Nessus, OpenVAS). Awareness of information security standards and regulatory frameworks (e.g., ISO 27001, NIST, GDPR). Experience with ticketing systems and managing the incident response lifecycle. Additional Skills: Basic scripting knowledge (Python, Bash, PowerShell) is an advantage. Strong written and verbal communication skills.

Microland Limited is looking for Associate Manager - Cyber Security to join our dynamic team and embark on a rewarding career journeyTeam Supervision: Provide leadership, direction, and supervision to a team of employees, ensuring their productivity, performance, and professional development.Operational Management: Manage day-to-day operations within the assigned area, ensuring efficiency, adherence to processes, and effective resource allocation.Performance Management: Set performance goals, conduct regular performance reviews, and provide feedback and coaching to team members to help them excel in their roles.Project Coordination: Oversee projects, initiatives, or tasks within the department, ensuring that deadlines are met and objectives are achieved.Communication: Foster effective communication within the team and with other departments, conveying goals, expectations, and updates to ensure alignment.Problem-Solving: Address challenges and issues that arise within the team or department, working to find solutions and implement process improvements.Budget Management: Contribute to budget planning and management, ensuring that resources are allocated appropriately to achieve departmental goals.

ome careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. Our Technology teams work closely with HSBC s global businesses to help design and build digital services that allow our millions of customers around the world; to bank quickly, simply and securely. We also run and manage our IT infrastructure, data centres and core banking systems that power the world s leading international bank. Our multi-disciplined Technology teams include amongst others: DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project and programme managers. Following extensive investment across our Technology and Digital domains and with plans for continued expansion, we are seeking a Lead Consultant for Threat and Controls Assessment , to join the HSBC Cybersecurity team within Technology. . Brief overview of the business areas Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology and cybersecurity risks by ensuring these are well-understood, and that controls used the manage such events are defined, assessed and implemented appropriately. Cybersecurity deliver this via objective, independent, professional and specialized subject matter experts. The role forms part of the 1LoD in relation to risk management framework. The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development, Threat and Controls Assessment (threat modelling) and Third Party Security Assessment. The function drives the identification, capture, assessment, testing and ultimately the remediation of security defects, gaps and vulnerabilities across HSBC s estate in concert with business and technology teams on premise, within the Cloud and resulting from 3 rd party engagements. What you will be doing; The Threat and Controls Assessment Lead Consultant role will work as part of the global team to perform Threat Modelling on HSBC services. This is a senior role reporting into the Threats and Controls Assessment Regional Lead, closely collaborating with peers across Penetration Testing; Secure Development, Third Party Security Assessment and Cybersecurity business and regional leads, enabling effective end-to-end vulnerability identification. Key Responsibilities: Perform effective threat and control assessments for complex services and platforms across the HSBC estate. This will include cloud platform reviews for Azure, AWS and GCP Liaise with Developers, Architects and other Technical Leads to understand the end to end service and identify where there are any control gaps Work with the CSAT management team to enhance the Threats and Controls Assessment Service. Provide cybersecurity consultancy with HSBC Business and Functions Manage the team of resources and take responsibility that their deliveries are meeting the quality expectations. Stay up to date within the industry of new trends and best practices Provide supervision, guidance and mentor less experienced members of the global team Act as a point of contact and source of advice on issues relating to Cybersecurity within the team What you will bring to the role; To be successful in this role you should have proven experience within the Technology sector with knowledge of the following skills: Mindset An inquisitive approach, always asking how to achieve goals in a smarter and more effective way An ability and interest to learn and experiment with new approaches to vulnerability management, in different contexts, across the amazing scale that HSBC brings. Stay up to date within the industry of new trends, and best practices Good Risk and Controls understanding Knowledge and exposure of Risk and Control Management Ability to understand and assess both threats, controls and vulnerabilities, articulating these to both technical and business stakeholders. Knowledge of different frameworks and methodologies including Threat Modelling using STRIDE and the MITRE ATTCK Framework. Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM or Cloud Security Certifications Requirements Strong Technical background Expert hands on knowledge in one or more of the main Cloud Service Providers Azure, AWS or GCP Proven experience in general security concepts and principles and application specific security concepts and principles. Proven experience working in a large scale, multi-national and technologically diverse environment Hands on experience with threat modelling and strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets Strong understanding of applications design and architecture Strong understanding of Software Development Life Cycle (SDLC) with a focus on security Knowledge and experience with network, host and application security practices Understanding of emerging technologies and corresponding security threats Strong stakeholder management and communications skills Experience of working in international and diverse environments Experience in engaging with business, technology, regional and regulator stakeholders Ability to communicate to executive leadership effectively translating technical gaps into business risk Ability to prepare concise presentations and updates for senior management Ability to support hiring activities, manage the team of resources Interpersonal Skills Influential, credible and persuasive, active listener, embraces HSBC Values, shows good judgement and demonstrates high level of communication skills in order to achieve effective stakeholder management Some travel will be required expected once to twice a year. Come Power a Business that Defines How to Power the World As a business operating in markets all around the world, we believe diversity brings benefits for our customers, our business and our people. This is why HSBC is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation. We want everyone to be able to fulfil their potential which is why we provide a range of flexible working arrangements and family friendly policies. As an HSBC employee, you will have access to tailored professional development opportunities and a competitive pay and benefits package.

Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network blockchain. Experience in both commercial and open source tools like: Burp Professional, Nmap, Kali, Metasploit, etc. Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. Experience in preparing a security threat model and associated test plans. Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results. In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred. Knowledge of current information security threats Open Source, Penetration Testing, Web App

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SailPoint Identity Mgmt and Governance Experience : 3-5 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SailPoint Identity Mgmt and Governance Experience : 3-5 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do: Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do: Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Privilege Password Management CyberArk Experience : 5-8 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do: Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: PKI - Certificate Management Experience : 5-8 Years.