Role Overview This isn't just a standard internship; it's a unique opportunity to become a next-generation, AI powered developer. We are looking for passionate and forward-thinking students to join our engineering team. You won't just learn to code; you'll learn to build software in collaboration with cutting-edge Generative AI tools—a critical skill that will define the future of software engineering. This program is designed to provide you with hands-on training across our tech stack, augmented by AI, with the goal of offering you a Pre-Placement Offer (PPO) to join us full-time. Selected Intern's Day-to-day Responsibilities Include Design, build, and test robust features across the full stack, from back-end services (Java/Spring Boot) to responsive front-end interfaces (Next.js). Develop and manage efficient SQL databases, ensuring data integrity and performance for our applications. Leverage Generative AI tools as your daily co-pilot to accelerate development, brainstorm solutions, and optimize code. Contribute to securing our codebase by learning and applying security best practices, using modern tools to identify potential vulnerabilities, and evolving into a security champion for the team. Participate in our DevOps culture by assisting in the deployment, monitoring, and maintenance of applications in a cloud environment. What You'll Learn Full-Stack Fundamentals: Gain practical, hands-on experience in front-end, back-end, database, and deployment processes Accelerated Skill Acquisition: Use AI as a personalized tutor to understand new concepts in our tech stack (Java, React, SQL, DevOps) faster than ever before. Enhanced Problem-Solving: Develop the crucial skill of using AI to explore multiple solutions to a problem, analyse trade-offs, and debug complex issues efficiently. Application Security Basics: Learn to write more secure code, understand common vulnerabilities, and use tools to keep our applications safe from threats. AI Collaboration Mastery: Go beyond basic prompting. Learn how to effectively partner with AI for complex code generation, refactoring, and documentation. About Company: At tinycrows, we believe that a secure digital foundation is vital for every technology driven business. We make security best practices easy to adopt and sustain, regardless of an organization's size or maturity. Our team includes professionals with experience from Microsoft, Deloitte, Goldman Sachs and other top firms. We work closely with startups and enterprises to safeguard their products, infrastructure, and data. We are proud to be part of the IIT Startups ecosystem and associated with NASSCOM and Data Security Council of India (DSCI) initiatives, specifically NCOE (National Centre of Excellence) helping shape the future of cybersecurity innovation in India. We have also been part of multiple national and internal events, including GISEC, Dubai. Our clientele includes Silicon Valley startups, Indian Banks, CRM solution providers and other giants in the industry.
As a GRC Consultant at Tinycrows Private Limited, you will be responsible for interpreting and implementing regulatory guidelines into actionable compliance frameworks. Your expertise will be crucial in providing guidance on GRC best practices and cybersecurity strategies to clients. You will develop and implement security policies, procedures, and standards tailored to meet the specific needs of each client. Additionally, you will assist in developing and reviewing ISMS policies, procedures, and third-party risk management frameworks. Your role will also involve conducting security assessments and gap analysis against various frameworks such as NIST, ISO 27001, CIS, and DPDPA. Key Responsibilities: - Interpret and implement regulatory guidelines (DPDP Act, RBI, SEBI, IRDAI, UIDAI, CERT-In, etc.) into actionable compliance frameworks. - Provide expert guidance to clients on GRC best practices and cybersecurity strategy. Develop and implement security policies, procedures, and standards tailored to client needs. - Assist in developing and reviewing ISMS policies, procedures, and third-party risk management frameworks. - Conduct security assessments and gap analysis against frameworks such as NIST, ISO 27001, CIS, DPDPA. - Assist clients in preparing for and responding to audits and compliance reviews. Create and maintain risk registers and dashboards for client reporting. - Perform risk assessments to identify, analyze, and prioritize cybersecurity risks. Develop and maintain risk mitigation strategies and controls. Key Skills: - Excellent written and verbal communication skills along with the ability to work independently. - Strong analytical and problem-solving abilities. - Strong project management and organization skills. - Proficiency in Microsoft Office. - Strong understanding of cybersecurity regulatory frameworks. Preferred Qualifications: - Familiarity with frameworks and standards such as ISO 27001, NIST CSF, PCI-DSS, etc. - Familiarity with regulatory frameworks such as DPDP Act, RBI, SEBI, IRDAI, UIDAI, CERT-In, etc. - Solid understanding of DPDP Act, 2023, including consent management, data processing, and data fiduciary obligations. Certifications preferred: - ISO 27001 LA, CISA, CISM, CIPM, or equivalently recognized certifications. Experience: - 4+ years of experience in GRC, compliance consulting, or information security risk management. - Proven experience in developing and implementing security policies and procedures. - Experience with risk management methodologies and tools. Joining Tinycrows will provide you with the opportunity to be part of the core founding team and contribute to building security from the ground up. You will have close collaboration with founders and key stakeholders, ensuring that your work directly influences strategic decisions. Additionally, you will work in a fast-paced, agile environment where innovation and curiosity are encouraged. You will have end-to-end ownership of security assessments, tooling, and strategy, leading to a steep learning curve and exposure to a wide variety of technologies and attack surfaces. Tinycrows offers a collaborative team culture with support for skill-building and certifications, allowing you to expand your role and accelerate your career path.,
Position: Sr. Information Security Consultant Location: Navi Mumbai, India Experience: Minimum of 4 to 5 years (relevant to the position and job responsibility) Company Profile: Tinycrows Private Limited is a budding cybersecurity firm working with BFSI, fintech, and technology-driven enterprises dedicated to helping these businesses protect their digital assets and mitigate risks. At Tinycrows, we follow a 'shift left' cybersecurity approach to fortify the security of products. Our team of trusted professionals, with experience from top consulting firms like Microsoft and Deloitte, design robust security solutions for various industries. We have a proven track record of implementing cybersecurity best practices for startups and large organizations, ensuring digital assets remain secure in today's threat landscape. Role Description Tinycrows has designed this role for a highly motivated and technically adept individual with strong expertise in Web and Mobile (iOS/Android) Application Penetration Testing . This role requires analysing, designing and implementing robust security to help the stakeholders maintain and strengthen their security posture. An ideal fit for this position is an individual who is passionate about offensive security, with a hands-on approach to identifying vulnerabilities, supporting secure development, and contributing to scalable AppSec initiatives. Exposure to Red Team operations , Active Directory attack paths , and cloud environments is a strong plus. The Consultant will work closely with clients to ensure the security of their digital assets. Key Responsibilities Execute in-depth security assessments and Manual penetration testing of web and mobile applications. Perform secure code reviews to identify flaws across various tech stacks (e.g., JavaScript, Java/Kotlin, Swift, Python). Contribute to the automation and enhancement of internal testing frameworks , reporting tools, and reusable AppSec methodologies. Leverage tools such as Burp Suite Pro, nmap, slmap, MobSF, Frida, Objection, Jadx, APKTool, and others as part of testing workflows. Collaborate cross-functionally with developers, DevOps, and product teams to embed security across the SDLC. Support and guidance to CISO, CIO and Product Team functions providing security reviews for prospective products and services. Transfer of residual risks to the business/customer as required by the Client’s risk management framework. Collaboration with stakeholder and IT teams to support incident response and investigations using their knowledge of the technology systems sharing security insights. Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes. Support Red Teaming engagements , including reconnaissance, initial access, and Active Directory exploitation techniques (e.g., Kerberoasting, ACL abuse, lateral movement). Deliver detailed technical findings and clear, actionable remediation guidance to both technical and non-technical stakeholders. Key Skills Practical experience in web and mobile application security testing, including real-world vulnerability exploitation and security implementation. Strong proficiency with offensive security tools such as Burp Suite Pro, nmap, sqlmap, MobSF, Frida, Objection, etc. Understanding of common vulnerabilities and standards (e.g., OWASP Top 10, CWE, MITRE ATT&CK). Basic experience with cloud security reviews, particularly for AWS, Azure, or GCP-hosted environments. Familiarity with secure development practices, modern CI/CD pipelines, and DevSecOps integration. Excellent verbal and written communication skills, with the ability to clearly explain technical findings to diverse audiences. Comfortable working independently in a fast-paced, highly technical environment. Excellent written and verbal communication skills along with the ability to work independently and remotely Current with the evolving threat landscape, emerging tools, and industry best practices in application security. Preferred Qualifications Formal Cyber Security qualification e.g. Degree/Masters or a well-recognized certification. Exposure to Red Teaming techniques , Active Directory attack paths , and post-exploitation tooling (e.g., BloodHound, Rubeus, SharpHound). Experience developing custom scripts or automation tooling using Python , Bash , or PowerShell . Familiarity with SAST/DAST tools and API security testing methodologies. Preferred Certifications Industry certifications such as OSCP , OSEP , CRTP, eMAPT are a strong plus Perks of Joining Tinycrows If you value growth, ownership, and learning over just stability and routine, a start-up can be the perfect place for you because at Tinycrows, we deal with real problems, fast pivots, and innovation — you learn by doing, not just following manuals and your work directly shapes the company’s success and culture — you’re not “just a cog in the wheel”. You get exposure to latest technologies, regulatory frameworks, and client-facing challenges. You get more autonomy, creativity, and ownership of projects, apart for this you also get: Opportunity to be part of the core founding team and contribute to building security from the ground up. Close collaboration with founders and key stakeholders (CISOs, CTOs, engineering leaders) ensuring your work directly influences strategic decisions. Fast-paced, agile environment where innovation and curiosity are encouraged. End-to-end ownership of security assessments, tooling, and strategy. Steep learning curve with exposure to a wide variety of technologies and attack surfaces. Great opportunities to expand your role and accelerate your career path. Collaborative team culture with support for skill-building and certifications. This role requires the individual to work at the client’s site. Therefore, working days, hours and holidays will be defined by the client.