345 Vapt Jobs

Job Description Roles and Responsibilities of an IT Server Administrator (58 Years Experience) 1. Server Infrastructure Management Install, configure, and maintain physical and virtual servers (Windows/Linux). Manage Active Directory, DNS, DHCP, and Group Policies. Monitor server performance and ensure high availability and reliability. 2. System Upgrades and Patch Management Plan and execute OS upgrades, firmware updates, and security patches. Automate patch deployment using tools like WSUS, SCCM, or Ansible. 3. Security and Compliance Implement and maintain server security policies (firewalls, antivirus, access controls). Ensure compliance with internal and external security standards (e.g., ISO 27001, GDPR). 4. Virtualization and Cloud Integration Manage virtual environments (VMware, Hyper-V). Support hybrid cloud environments (Azure, AWS, or GCP). Optimize resource allocation and cost in cloud-hosted servers. 5. Backup and Disaster Recovery Design and manage backup strategies using tools like Veeam, Commvault, or Acronis. Test and document disaster recovery procedures. 6. Performance Monitoring and Troubleshooting Use monitoring tools (Nagios, Zabbix, SolarWinds) to track server health. Troubleshoot hardware, OS, and application-level issues. 7. Documentation and Reporting Maintain detailed documentation of server configurations, changes, and incidents. Generate reports on server performance, uptime, and capacity planning. 8. Collaboration and Mentoring Work closely with network, security, and application teams. Mentor junior admins and provide technical guidance. 9. Automation and Scripting Develop scripts (PowerShell, Bash, Python) to automate routine tasks. Implement Infrastructure as Code (IaC) where applicable.

Job Title: Chief Information Security Officer (CISO) Reports To: Project Manager Location: Agra, Uttar Pradesh Job Type: Full-Time / Permanent 1. Overview The Chief Information Security Officer (CISO) is responsible for establishing and managing the Information Security Program, ensuring security policy compliance across the organisation, and maintaining coordination with regulatory agencies such as CERT-In . 2. Roles and Responsibilities The CISO will be responsible for a wide range of cybersecurity and governance functions. Key responsibilities include: 2.1 Threat Landscape Management Regularly update the threat landscape and stay informed on emerging threats and technology developments. 2.2 Establishing Security & Business Continuity Programs Mandatory: Draft and maintain comprehensive security policies: Information Security Policy Data Governance & Classification Access Control Asset Management Risk Management & SoA Cryptography Communication Security Incident Management Security Awareness Programs Conduct regular reviews and updates to security documents and acceptable communication rules. 2.32.4 Security Architecture & Risk Management Design security architecture leveraging latest tech. Define and maintain risk assessment and mitigation frameworks. 2.5 Regulatory Coordination Act as a liaison with CERT-In and other regulatory bodies. 2.6 Technical Audits & Assessments Mandatory: Regularly conduct: Log reviews & exception reporting Quarterly VAPT (Vulnerability Assessment and Penetration Testing) Annual WASA and application whitelisting SDLC audits & code reviews IT Security Audits ensuring: No unsupported OS Patch management and hardening Secure software development Citizen/customer data privacy 2.7 Third-Party Risk Management Perform regular audits of third-party service providers. 2.8 Time Synchronisation Certification Ensure organisation's NTP is synchronized with the National Physical Laboratory . 2.9–2.10 Device & Software Guidelines Periodic review and enforcement of: Device hardening Antivirus/malware protection Acceptable Use Policies for all software and freeware 2.11T Governance Framework Implementation Adopt and implement processes for: Change Management Configuration Management Incident & Problem Management 2.12 Infrastructure Maintenance Ensure systems are up to date and under active support for patches and security. 2.13–2.14 Procurement and Contracting Include security clauses in all contracts/MoUs . Obtain management approval for urgent cybersecurity-related procurements. 2.15ncident Response & Crisis Management Mandatory: Develop scenario-based Incident Response Plans including: Containment RCA (Root Cause Analysis) Forensics CERT-In Reporting Repeat incident analysis 2.16–2.18 Stakeholder Coordination & Reporting Coordinate internally and externally on security matters. Provide periodic reporting to leadership covering: CIA assessments Risk management and remediation Incident impacts 2.17 Cyber Crisis Management Group (CCMG) Mandatory: Establish CCMG chaired by head of organization. Maintain updated crisis contact lists. Implement Cyber Crisis Management Plan (CCMP) with periodic drills. 2.19CT Disaster Recovery & Incident Management Mandatory: Coordinate response and legal readiness. Ensure compliance with CERT-In guidelines. Analyze and prevent recurrence of incidents. 3. Qualifications Education & Experience (Mandatory) Bachelor’s degree in Electronics/Computer Science (BE/BTech) Minimum 10 years of post-qualification experience in cybersecurity/IT roles within Central/State Government services. Desirable Certifications Certified Information Systems Auditor (CISA) ISMS Lead Auditor (STQC or equivalent Government-recognised) 4. Skills & Competencies Strong understanding of cybersecurity principles, best practices, and tools Knowledge of regulatory and compliance frameworks Excellent leadership, communication, and stakeholder management Ability to operate effectively under pressure, especially during crisis situations Mandatory Highlights Summary (for quick reference): 10+ years of relevant Govt. experience BE/BTech (Mandatory) VAPT (Quarterly), WASA (Annually), and regular audits NTP sync with National Physical Laboratory CERT-In coordination & incident reporting CCMG formation and disaster recovery simulations Inclusion of security clauses in all contracts Security certifications like CISA / ISMS Lead Auditor (Desirable)

About the role: Broad Responsibilities: Responsible for overall Information Technology Services (ITS) function and in defining, implementing and documenting relevant processes, procedures and standards. This role will be in charge of establishing and maintaining an organization wide information systems, infrastructure, and security, management program to ensure that information assets are well performing, fully functional in a secure mode, adequately protected, monitors inventory tracking and renewals or upgrade requirements. This position is responsible for identifying, evaluating and reporting on information systems performance, and security risks, in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The role serves as the process manager of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information protocols and security policies. Detailed Responsibilities: The Manager (Information Systems and Security) undertakes IT organization's technical activities and is responsible to provide regular status and service-level reports to management. The individual should be a critical thinker, a consensus builder, and an integrator of people and processes must also be able to coordinate disparate drivers, constraints and personalities, while maintaining objectivity and a strong understanding of overall organizational business objectives. The role keeps an eye on the IT support, logistics, and security, for in-premises, and off-premises distributed and virtual workforce, and is a developing opportunity for more strategic responsibilities in due course of time, the extent of duties include but not be limited to: IT Infrastructure Management Management of IT Infrastructure including Servers, Network Devices, IT Security Solutions, Databases, Cloud Services, Network Connectivity and Server Rooms Management of IT Service Providers to ensure services are delivered effectively Identification and evaluation of IT System/ security solutions to meet the objectives Implementation of IT systems/ security solutions covering people, process and technology to ensure effectiveness of the systems/ solutions Delivery of Business Requirements Understand business requirements from ITS Department and provide effective solutions keeping in mind Policies and compliance requirements Timely delivery of ITS Department services to Business and other Department or clients Information and Cyber Security Secure network architecture and cloud security architecture Ensure security of IT Setup to ensure confidentiality, integrity and availability of IT Assets Ensure secure configuration of various systems/ devices/ platforms under ITS Department Ensure systems/ devices/ platforms are timely patched and upgraded Ensure timely closure of any audit findings/ configuration gaps/ vulnerabilities identified Integrate logs of various systems/ devices/ platforms under ITS Department with central log monitoring solution Responsible for conducting Information Security Risk Assessment and Data Privacy Impact Assessment for ITS Department Contribute to define, test and revision of Security Incident Management and Cyber Crisis Management Plans Timely respond to security events/ alerts/ incident assigned to ITS department Implement changes based on the lessons learnt while handling processes/ activities like change management, security incident management etc. to ensure continual improvement in IT Security controls/ practices Service Provider/ Vendor or Supplier Management Define proper scope of work (SoW), service level agreements (SLAs) for third party services Proper evaluation and selection of service providers who can deliver defined scope of work, service levels and meet the compliance requirements which will be applicable for the service provider Regular monitoring of deliverables of service providers against the defined and agreed SOW and SLA and compliance requirements Ensure business continuity aspects while taking into account critical services Business continuity, Disaster Recovery and Cyber Crisis Management Design, implement, regular testing and continual improvement of Disaster Recovery Program Ensure availability of systems/ devices/ servers/ services/ data without compromising on compliance requirements and information & cyber security requirements Ensure DR Program supports organizations BCP Program Represent ITS Department in organizations BCP Program and Cyber Crisis Management Program Responsible for conducting Business Impact Assessment for ITS Department Team Management Definition of Team structure with roles and responsibility Selection of Team Members suitable for the defined roles and responsibility Clearly communicate roles and responsibility (including information & cyber security and compliance responsibilities) of Team Members Ensure Team Members are timely completing training assigned to them Monitor/ guide Team Members to motivate to deliver their the best and grow along with Timely feedback on the performance Monitor Team Members for their suspicious behaviour Compliance Provide inputs for defining policies related to IT and IT Security Definition and regular revision of processes, standard operating procedures (SOPs) for ITS Departments Ensure compliance with the organizations policies and procedures to meet regulatory requirements and contractual obligations Represent/ responsible for ITS Department for ensuring compliance with and continual improvement in Information and Cyber Security Practices, Data Privacy Practices and regulatory compliances Maintain and timely provide artifacts/ evidence to demonstrate compliance to internal and external auditors Ensure ITS department is always audit ready and meet the compliance requirements Collaborate with cross-functional teams to ensure security and compliance requirements are met Strategy and Governance Capacity and performance monitoring and management of IT setup Support CTO is preparing and planning for IT Budget Actively participate and contribute to IT Governance/ Information Security Meetings to ensure continual improvements Assist in the development and review of security policies, procedures, and controls. Support risk assessments and compliance audits for regulatory and industry standards (e.g., ISO 27001, NIST, SOC 2, GDPR). Conduct research on regulatory requirements and industry best practices. Help track and document security risks, incidents, and compliance gaps. Assist in vendor risk assessments and third-party due diligence. Participate in internal security awareness programs and training sessions. Support the team in maintaining compliance documentation and reports. Collaborate with cross-functional teams to ensure security and compliance requirements are met. Identifying vulnerabilities, assessing security risks, and implementing risk mitigation strategies. Monitoring systems for security breaches, responding to incidents, and conducting post-incident analysis. Security Awareness Training - Educating employees about security best practices and promoting a security-conscious culture. Working with various stakeholders, including IT, operations, and management, to ensure alignment of security objectives. Audit systems and networks, and assess their outcomes; Identify problematic areas and implement strategic solutions; and plan, organize, control and evaluate IT and electronic data operations; and ensure operations, safety and security of data, network access and backup systems To keep up to date with IT systems and security trends, threats and control measures; and preserve assets, information security and control structures; maintain a knowledgebase as a technical reference library, systems and security advisories and alerts, information on IT trends and practices, and laws and regulations. To be proactive in making recommendations for updates to policies & procedures as required. Manage the day-to-day activities of IT infrastructure performance and associated threat and vulnerability management; conduct technical vulnerability assessments of IT systems/processes, identify vulnerabilities and risks, and to make recommendations to control any threats and to ensure solutions are implemented. To respond rapidly and effectively to operational IT components of incident management, including detection, response and reporting; including computer forensics for evidence gathering and preservation and efficient liaison with external and law enforcement agencies as/when required To be responsible for the coordination of regular Information systems performance and security reviews in the organization, and with partner organizations, by conducting assessments for systems, processes and infrastructure, and making recommendations to minimize risks identified. Assure all IT activities are performed within the parameters of policies, applicable laws, and regulations Ensure smooth, reliable and resilient IT services; and analyse business requirements by partnering with key stakeholders, including technology, audit, legal, HR and others, across the organization to develop solutions for IT needs, as required Proactively engage in the planning and implementation of business continuity plan /disaster recovery plan Handle business-critical IT tasks and systems administration; and continuously analyse current process, technologies, and vendors to identify opportunities for improvement Manage outsourced vendors that provide information systems, infrastructure, and security functions, for compliance with contracted service-level agreements Develop and monitor annual IT budgets, manage variances, and ensure cost effectiveness, and periodic maintenance and renewal/upgrades plans To work closely with the management to assist and provide inputs to ensure that organizational policies and procedures for Information Security are effective and compliances are adhered to. To oversee the ISS information security risk-register and carry out actions to mitigate risks identified To manage other activities that may arise through evolution, growth or restructuring Train employees on both software and hardware, troubleshoot, and provide technical support when needed Inspire continuous improvement of all IT team processes and initiatives: Continually driving operational excellence Define a comprehensive security roadmap that includes cutting edge trends within Applications, APIs, Data networks; and help our clients mitigate known risks and pre-empt unknown threats to safeguard data, networks, people and assets To work in a mixed Windows and Unix software environment. Manage the instances of cloud infrastructure services and the multiple cloud servers. Leads, oversees and maintains, multiuser computing environment as per the requirements of the organization. Preferred Knowledge, Skill & Ability: Certification in ITIL4 is desired (or should be willing to learn and apply ITIL4 standards on the job to demonstrate equivalent competence) Certification in ISO 2700x series for ISMS as internal auditor, is desired (or should be willing to learn and apply the standards/requirements on the job to demonstrate equivalent competence) Excellent knowledge of technical management, information analysis and of computer hardware / software, servers, and networking systems Expertise in Linux (Ubuntu) operating systems, data management, and security governance is required Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. Exhibit excellent analytical skills, along with validated problem-solving ability, to work well in a demanding and dynamic environment and planning skills, to meet overall organizational objectives Strong critical thinking and decision-making skills; and highly organized and detail oriented

4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API & Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms. Notice: Immediate to 15 days Location: ENBD Bangalore or ENBD Chennai or Dubai

Breach & Attack Simulation, Cloud Security Assessment & Red Teaming

Role & responsibilities Application and API Security: Perform reviews and assessments of application and API-level security controls to identify and mitigate vulnerabilities in internal and partner applications. Vulnerability Assessment and Penetration Testing (VAPT): Conduct scheduled scans using tools such as Qualys, Tenable, Burp Suite, and Metasploit. Prepare reports, track remediation efforts, and ensure timely closure of identified vulnerabilities. Change Advisory Board (CAB): Participate in CAB meetings to review proposed IT changes and provide security-related approvals to ensure compliance with security policies and to avoid introduction of risks. Brand Risk Monitoring: Monitor brand-related risks through relevant channels. Review alerts and take appropriate action to mitigate reputational threats. Privileged Access Management (PAM): Review and approve the onboarding of users into the PAM system to ensure secure management of elevated access rights in alignment with policy. Continuous Threat Exposure Management (CTEM): Track findings from CTEM processes and coordinate with stakeholders for remediation and closure within defined timelines. Preferred candidate profile 5 years of experience in Application Security and IT Infrastructure Security. Hands-on experience in using VAPT tools such as Qualys, Tenable, Burp Suite, and Metasploit . Strong understanding of OWASP Top 10 , API Security , and Cloud Security principles. Proficient in identifying and mitigating risks across web applications, APIs, and cloud environments.

Key Responsibilities: Manage and optimize AWS/Azure cloud infrastructure. Build and maintain CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI/CD). Deploy and manage Kubernetes (EKS/AKS), Docker, and Helm. Implement monitoring & logging (Prometheus, Grafana, ELK, CloudWatch). Ensure compliance (SOC 2, ISO27001) and conduct VAPT security checks. Automate infrastructure with Terraform/CloudFormation. Support MLOps workflows for ML model deployment. Requirements: 8+ years in DevOps/Cloud Engineering. Strong expertise in Kubernetes, Docker, Terraform, and CI/CD tools. Hands-on with SOC 2, VAPT, and cloud security best practices. Experience with MLOps and MongoDB performance optimization.

Roles and Responsibility Provide technical support to customers via phone, email, or chat. Troubleshoot and resolve complex technical issues efficiently. Collaborate with internal teams to resolve customer complaints and concerns. Develop and maintain technical documentation and knowledge base articles. Analyze and report on customer feedback and suggest process improvements. Participate in training and development programs to enhance technical skills. Job Requirements Strong technical skills and knowledge of IT services and consulting. Excellent communication and problem-solving skills. Ability to work in a fast-paced environment and meet deadlines. Strong analytical and troubleshooting skills. Experience with technical support tools and software. Ability to collaborate effectively with cross-functional teams. Mandatory skills include technical support and title analyst. Mandatory Skills: Threat Modeling . Experience: 3-5 Years .

4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API & Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms. Notice: Immediate to 15 days Location: ENBD Bangalore or ENBD Chennai or Dubai

Security Incident Response: Provide timely and effective security incident response within a 24x7 SOC environment. Lead operation teams to effectively maintain the lifecycle of both on-premises and cloud-based security solutions. Manage response to security and operational incidents, and on-going security requests. Coordinate and manage security incidents to ensure swift identification, containment, and remediation. Develop and maintain incident response playbooks and procedures. Participate and contribute to industry cyber forums, both formal and informal. Support all audits and reviews requests. Monitor developments in the information security industry and communicate on the potential impact or applicability to the organization Vulnerability Management: Support global vulnerability management processes including operating system (OS) and infrastructure patching, hardening, and testing efforts. Conduct regular vulnerability assessments (VAPT) and prioritize remediation activities. Collaborate with IT teams to implement and validate security patches and updates. Security Tools Operation: Manage the Total Cost of Ownership (TCO) for security solutions which includes new investments and business-as-usual financials. Operate and manage various security tools including Host Intrusion Detection Systems (HIDS), Network Intrusion Detection Systems (NIDS), Intrusion Prevention Systems (IPS), analysers, scanners, and more. Continuously monitor and analyse security tools to identify active threats, attacks, vulnerabilities, and exposures. Prioritize identified threats and vulnerabilities for remediation activities within the team. Threat and Vulnerability Identification: Assist in the identification and evaluation of security threats and vulnerabilities. Conduct in-depth analysis of security events to determine the root cause and potential impact. Provide recommendations for mitigation and remediation solutions to address identified security issues.

Job Description Designation: Sr. Analyst Position Summary: We are looking for a professional having intermediate knowledge on Vulnerability assessment and penetration testing (web application, infra, mobile application, APIs) Compliance frameworks- ISO 27001:2022, NIST CSF, DPDA 2023. Skilled in identifying security risks, ensuring regulatory compliance, and implementing risk mitigation strategies. Proficient in MS Office suite for comprehensive documentation, reporting, and data analysis. Adept at collaborating with cross-functional teams to strengthen organizational security posture and maintain compliance with industry standards. Competencies/Certifications: ISO 27001:2022 or ISO 27001:2013 ISMS Lead Auditor CEH Understanding on Latest Security technologies & compliance standards Roles & Responsibilities: Develop and implement GRC frameworks and policies to ensure compliance with regulatory standards. Monitor and manage risk registers and mitigation plans. Perform security audits and gap analyses to assess compliance levels. Prepare detailed reports and documentation using MS Office tools. Collaborate with IT and business teams to address security vulnerabilities and compliance issues. Stay updated on emerging security threats and industry regulations. Assist in incident response and remediation activities. Train and educate staff on GRC policies and security best practices. Coordinate with external auditors and regulatory bodies during compliance assessments. Preparing Management presentations Managing & conducting Information security awareness session & training records Technological evaluation for tools to be on-boarded IT Security approvals Managing Phishing simulation campaigns

Role Overview We are seeking a Senior Sales Executive who will be responsible for driving revenue by acquiring new clients and expanding existing relationships. 38 years of B2B sales experience, preferably in cybersecurity, IT services, or SaaS .

Job Description - Pre-Sales Security Consultant Cybersecurity We’re building more than a cybersecurity product — we’re creating and leading the category of Continuous Automated Red Teaming (CART) and Automated Pen Testing . Our AI-based platform emulates real-world attacks across enterprise environments to proactively discover and prioritize exposures — before adversaries’ strike. Why This Role Matters: We are creating and leading the Continuous Automated Red Teaming (CART) and Attack Surface Management (ASM) categories with our AI-native platform, recognized in 40+ analyst reports worldwide. As a Pre-Sales Security Consultant , you will act as the technical and consultative bridge between customer requirements and client’s offensive security solutions. You will be responsible for guiding customers through the entire sales cycle —from requirement gathering, solution design, demonstrations, and objection handling, to running proof-of-concepts (POCs) and supporting delivery initiation. This role requires a self-su ffi cient cybersecurity professional with hands-on experience in penetration testing, red teaming, and VAPT , who can confidently represent client in front of clients, position our solution against alternatives, and clearly demonstrate its unique value. What You’ll Do: Partner with Account Executives to qualify opportunities and provide technical expertise throughout the entire sales cycle. Conduct customer discovery sessions to understand their security posture, business challenges, and requirements. Deliver impactful product demonstrations showcasing Client’s CART and ASM capabilities. Lead proof-of-concepts (POCs) independently, ensuring technical success and alignment with customer objectives. Prepare technical proposals, solution architectures, and RFP/RFI responses tailored to client needs. Confidently handle customer objections and technical queries, demonstrating strong subject-matter expertise. Map customer requirements (VAPT, penetration testing, red teaming) to client’s platform and highlight faster, more effective, and cost-efficient outcomes. Collaborate with product and engineering teams to incorporate client feedback into the roadmap. Support channel partners with enablement sessions, technical deep dives, and joint customer engagements. Stay updated on cybersecurity trends, offensive security techniques, and competitor solutions to strengthen consultative positioning. Ensure seamless handover to delivery teams post-sales closure, supporting smooth project initiation. What We’re Looking For: 5–10 years in pre-sales, solution consulting, or sales engineering, preferably in cybersecurity or enterprise SaaS. Hands-on background in penetration testing (both Infrastructure and Application) and red teaming (networks & applications). Solid understanding of reconnaissance, attack surface management (ASM), and offensive security techniques. Prior experience in VAPT services or consulting roles (service company background strongly preferred). Proven ability to build proposals and present solutions in customer-facing scenarios. Strong capability to conduct demos, lead POCs, and address customer objections effectively. Familiarity with cybersecurity tools (SIEM, EDR, scanners, threat intel, etc.) and basic scripting/automation skills (Python, Bash, etc.). Excellent documentation, proposal writing, and communication skills for technical and executive audiences. Bonus Points (Good-to-Have Skills): Certifications like OSCP, CEH, CISSP, AWS Security Specialty. Experience with AI/ML-driven security products. Exposure to regulated industries (BFSI, healthcare, telecom, etc.). Startup or high-growth SaaS environment experience.

Zycus is looking for a passionate Cloud Application Security Architect with 12 to 18 years of experience in End-to-End Application Security, preferably from a development background. The Cloud Security Architect leads the design and development of innovative security architectures for protecting data deployed in various cloud and hybrid cloud environments. This position will directly contribute to the overall global enterprise cloud architecture and lead the security vision and strategy around SaaS-based applications across all layers Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). The Cloud Security Architect will serve as the central point of contact for Enterprise Security for other technology teams within Zycus on all matters related to cloud and application security. The role involves identifying opportunities and risks, developing security solutions that align with business goals, and protecting Zycuss intellectual property globally. Key Responsibilities Include: Security Architecture Design: Architect and develop security frameworks for cloud and hybrid environments, including AWS, Azure, and physical data centers. Design cloud-native solutions with appropriate security controls based on business needs. Leadership & Representation: Act as the ambassador and senior technical representative of Enterprise Security within cross-functional teams to ensure secure implementation of cloud-based applications. Collaboration & Integration: Work with Engineering, Infrastructure, and Application Development teams to recommend, select, and integrate secure technology solutions into Zycus environments. Standardization & Governance: Develop and maintain cloud and application security standards in collaboration with key stakeholders. Knowledge Sharing & Mentorship: Lead technical forums, mentor junior team members, and drive security awareness through formal and informal training initiatives. Customer & Sales Support: - Respond to RFPs (Request for Proposals), security questionnaires, and due diligence documents to address customer specific cloud and application security concerns. - Attend customer meetings and calls to represent Zycuss security posture and address technical security queries related to the cloud, application, infrastructure, and compliance frameworks. Technology Strategy: Contribute to the development of long-term cloud security technology roadmaps in collaboration with service and business teams. EXPERTISE AND QUALIFICATIONS 12 to 18 years of overall experience, with 68 years in Security Architecture or Engineering roles. Strong background in Cloud platforms (AWS preferred; Azure a plus). Experience with security assessment tools and methodologies including VAPT, Web Application Scanners (e.g., Veracode,IBM AppScan), Network Scanners (e.g., QualysGuard, Nessus). Familiarity with SIEM (QRadar), DLP (Digital Guardian), CASBs, firewalls (e.g., Palo Alto), sniffers (e.g., Wireshark), and other security tools.Hands-on experience with secure software development practices, threat modeling, IAM, cryptography, and certificate management. Knowledge of authentication mechanisms like OAuth, OpenID, SAML, etc. Strong understanding of compliance frameworks such as SSAE 16 SOC1, SOC2, and PCI-DSS. Proven experience in responding to customer security requirements and effectively communicating technical concepts to non-technical stakeholders. Ability to work independently and collaborate in cross-functional teams. Preferred Qualifications: Excellent Java EE development experience; knowledge of middleware and integration platforms (e.g., ESB). Familiarity with mobile platform architectures (iOS, Android) and their integration with cloud services. Deep understanding of SSL/TLS protocols and certificate-based authentication. Security certifications related to cloud and application security (e.g., CCSP, AWS Security Specialty, CISSP). Experience representing technical perspectives during customer audits, pre-sales calls, and vendor evaluations.

About the job: Key Responsibilities: 1. Perform application security testing/penetration testing across: a. Web applications b. Thick clients c. Web services d. Mobile (Android & iOS) e. Network infrastructure 2. Conduct API security testing to identify weaknesses and recommend fixes. 3. Track and document security defects; collaborate closely with development teams to ensure timely remediation. 4. Deliver detailed VAPT reports with clear risk ratings, PoCs, and mitigation guidance. 5. Work with stakeholders to improve secure coding practices. 6. Stay updated with the latest threat vectors, exploits, and security tools. Who can apply: Only those candidates can apply who: have minimum 1 years of experience are Computer Science Engineering students Salary: ₹ 3,00,000 - 5,00,000 /year Experience: 1 year(s) Deadline: 2025-10-02 23:59:59 Other perks: 5 days a week Skills required: Ethical Hacking, VAPT and Web Application Security Other Requirements: 1. Strong hands-on expertise with tools such as: a. Burp Suite, Wireshark, Nmap, Metasploit, Nessus b. Code Analysis Tools (Checkmarx, Fortify, or similar) 2. Strong analytical mindset with the ability to simulate real-world attack scenarios. 3. Excellent English communication skills (verbal & written). 4. Ability to prepare client-ready technical and executive-level security reports. About Company: Sarvang Infotech India Limited, an ISO-certified company, was established in June 2005 and is a part of Sarvang - AGG. Our company is progressing on the road to success and has crossed milestones to reach its current status as a 'public limited company'. A strong and focused workforce led the company to become a public limited company in April 2011. Presently, our company has become one of the leading IT companies of Central India, besides its global presence in different countries, namely the United States and Nigeria. Sarvang Infotech India Limited offers its services of mobile application development, software development, web solutions, portal development, IT consultancy, and data & voice marketing in various sectors.

IT Audit and Compliance Program Manager We are seeking an experienced IT Audit and Compliance Program Manager to lead our financial audit initiatives, emphasizing IT controls, compliance frameworks, and risk management. In this role, you will ensure our IT operations meet industry compliance standards and regulatory requirements, safeguarding the integrity and security of our financial systems. Your expertise will be crucial in identifying risks and vulnerabilities within our IT infrastructure and implementing effective controls to mitigate them. You will collaborate with cross-functional teams to foster a culture of compliance and accountability while driving initiatives to enhance our audit processes. Key Responsibilities: - Manage Audit Programs: Oversee execution of IT financial audits, ensuring compliance with frameworks such as ITGC, VAPT, and SOC 2. Conduct Risk Assessments: Identify and address vulnerabilities in the IT infrastructure. Create mitigation strategy coordinated with Product and Technology teams. Coordinate Audits: Facilitate collaboration with internal and external auditors for efficient audits and timely resolution of findings. Develop Policies: Create and maintain IT audit policies in line with industry standards. Drive adherence to those policies at regular periods, including monthly and quarterly reviews. Prepare Reports: Deliver clear audit reports to senior management, highlighting findings and recommendations. Engage Stakeholders: Work with IT, Finance, and Compliance teams to align on audit objectives. Qualifications: - Bachelors degree in IT, Finance, Accounting, or related field; Masters preferred. 2-3 years of experience in IT audit or compliance in a startup or MNC environment. Working knowledge of ITGC, VAPT, SOC 2, and related IT compliance frameworks. Proficient in basic SQL for extracting and analyzing data to support audit processes. Preferred certifications: CISA, CISSP, or equivalent. Excellent analytical and communication skills. If you are passionate about IT Audit and driving Regulatory Compliance and have a proven track record, we invite you to join our dynamic team!

Responsibilities: Technical documentation about the security breaches and the processes. Configuration reviews for implemented solutions like firewalls, WAF, PAM/PIM, DLP, SIEM Etc Data encryption programs to safeguard organizations vital data. Red teaming, VA-PT, source code reviews, Mobile app reviews Work directly with the ISG team and coordination with stakeholders Risk assessment and risk management processes Understand the processes and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services Review and Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance. Coordinate, measure and report on the technical aspects of security posture. Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements. Manage and coordinate operational components of incident management, including detection, response, documentation and reporting. Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations. Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk. Mitigate the compliance requirements as per regulatory guidelines Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements. Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks. Requirements: Diploma /Degree in a technology-related field required. Professional security analyst certification Minimum of five to 7 years of hands on experience in VA-PT, configuration reviews and data protection Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST. Excellent written and verbal communication skills and high level of personal integrity. Experience with Cloud computing/Elastic computing across virtualized environments.

About The Role This role involves the development and application of engineering practice and knowledge in designing, managing and improving the processes for Industrial operations, including procurement, supply chain and facilities engineering and maintenance of the facilities. Project and change management of industrial transformations are also included in this role. About The Role - Grade Specific Focus on Industrial Operations Engineering. Develops competency in own area of expertise. Shares expertise and provides guidance and support to others. Interprets clients needs. Completes own role independently or with minimum supervision. Identifies problems and relevant issues in straight forward situations and generates solutions. Contributes in teamwork and interacts with customers.

Position Overview The Chief Information Security Officer (CISO) is responsible for driving the organizations cyber security strategy and ensuring compliance with applicable regulatory and statutory requirements, including the Reserve Bank of India (RBI) guidelines, ISO 27001, and other relevant standards. The CISO enforces policies to protect the organizations information assets, coordinates cyber security-related matters internally and externally, and ensures the effective operation of security technologies and processes. The role involves oversight of the Security Operations Centre (SOC), leading cyber security projects, and reporting on the organizations cyber security posture to senior management and the Board. Key Responsibilities Drive the organizations cyber security strategy in alignment with business and regulatory requirements . Ensure compliance with RBIs extant regulatory/statutory instructions on information and cyber security. Enforce and oversee implementation of information security policies and frameworks to safeguard information assets. Coordinate cyber security-related matters within the organization and with relevant external agencies/regulators. Act as a permanent invitee to the IT Strategy Committee (ITSC) and IT Steering Manage and monitor the Security Operations Centre (SOC) to ensure effective detection, response, and resolution of cyber threats. Lead and drive cyber security-related projects and Ensure effective functioning and continuous improvement of deployed security solutions (e.g., SIEM, EDR, DLP, firewalls, email gateways). Place a quarterly review of cyber security risks, arrangements, and preparedness before the Board, Risk Management Committee of the Board (RMCB), and ITSC. Oversee incident management and breach reporting in line with regulatory Skills & Competencies Strong understanding of RBIs cyber security guidelines, ISO 27001, NIST CSF, and other security frameworks. Proven leadership and stakeholder management Expertise in cyber risk assessment, vulnerability management, and incident Strong analytical, problem-solving, and decision-making Excellent communication and presentation abilities for Board and regulatory Ability to manage large-scale security operations and Pre-Requisites: Education: Bachelor or Master degree in Computer Science, Information Technology, Cybersecurity, or a related field. Certifications: CISSP, CISM, CISA, CRISC, ISO 27001 LA/LI, or equivalent (preferred). Experience: Minimum 1015 years of IT/Information Security experience, with at least 5 years in a senior leadership role handling cyber security, governance, risk, and compliance functions, preferably in the financial services sector and capability to manage IT Infrastructure.

Responsibilities: * Ensure compliance with cybersecurity standards through VAPT assessments. * Collaborate on DevOps initiatives within IT service management framework. * Conduct VAPT to identify and mitigate security gaps. Health insurance Provident fund

Responsibilities Perform manual penetration testing on networks, web-based and mobile applications Run scheduled Nessus Scan and other network scans Produce high-quality technical reports and presentations and suggest remediation for the vulnerabilities Work closely with the development teams and support in fixing security vulnerabilities Engage with prospective clients to understand in scope applications and plan out the assessment of their applications or infrastructure Work as a single point of contact for existing and potential clients and manage internal and external VAPT assignments Drive information security awareness and training to promote a secure environment and an effective security culture Support and guide the VAPT team for internal and third-party VAPT assignments for web and mobile applications Provide guidance to Junior security experts on complex projects that require your experience and expertise. Support pre-sales and sales team with security-related RFP questionnaires and provide ad-hoc support to business units on security-related matters Requirements Strong fundamentals in network security, application security, and cloud security concepts and controls Understanding of the Secure Software Development Life Cycle and DevSecOps principles Must be updated with the latest security vulnerabilities Good experience with mobile and web VAPT assignments and knowledge of OWASP top 10, WASC, SANS 25 Hands-on experience with BurpSuite, SqlMap, Nmap, Nessus, Kali Linux, and various paid open-source tools Certifications such as CEH, OSCP, or any similar certification would be an added advantage Self-directed technical lead, willing to take ownership and drive results, propose technical directions, make decisions and resolve issues Excellent interpersonal skills, ability to navigate through challenging situations, and good analytical skills Excellent verbal and written communication skills and the ability to interact with senior managers, subject matter experts, regulatory authorities, and client's Information Security Offices

Responsibilities: * Conduct vulnerability assessments using Burp Suite & Nessus. * Execute penetration tests on networks, web apps & mobile devices. * Identify security risks through VAPT, PEN testing & scanning tools. Annual bonus

Security Analyst/ Pen Tester Join us as a Security Analyst at Dedalus , one of the Worlds leading healthcare technology companies, at our team in Chennai, India to do the best work of your career and make a profound impact in providing better care for a healthier planet. LINK TO APPLY : https://tinyurl.com/2x9mn999 What youll achieve As a Security Analyst , you will be part of our highly successful team, utilising your skills for Security Vulnerability Analysis/ Penetration Testing where you will test, assess, exploit & report the security vulnerabilities in the software application, infrastructure and provide recommendations for the suitable solution/ remedy. Working with an extended highly skilled team, you will be making a profound impact throughout the healthcare sector. You will: Security Vulnerability Analysis/ Threat Modelling & Risk Assessment Executing static code review using automated SAST tools & False Positive Analysis Performing dynamic testing (DAST) using automated tools like Burp-suite, Invicti/ Nessus Manual Penetration Testing and Ethical Hacking technics to exploit vulnerabilities Prepare assessment & validation report on the vulnerabilities & risks with impact, artifacts, recommended solution/ mitigation and POCs Explain threats & present assessment reports to Developer/ Architect community Take the next step towards your dream career. At Dedalus Life flows through our software. Every day we do something special by helping caregivers and health professionals deliver better care to their served communities. Take the next step in your career that will make a profound impact. Heres what youll need to succeed: Essential Requirements: 4-8 Years experience in security vulnerability analysis and Pen testing (VAPT) on cloud services, web products/ enterprise applications. Ability to execute Appsec tools; Mandatory to know industry standard tools like Burp-suite, Invicti & Fortify (or any SAST tool), Cloud-Native tools and open-source tools like - Kali, Nmap, Wireshark, Metasploit, ZAP, Echo Mirage. Technical Knowledge on SDLC and implementation essentials of various application types - Desktop, Web, API, Mobile (Hybrid/ Native) & Cloud (AWS, Azure, or GCP). Ability to understand & review Java or .NET (must have), Angular (nice to have) code with respect to security vulnerability. Clear understanding on OWASP, GDPR/ ISO Security standards. Exposure to DevAppSec automation & scripting is preferred. Valid Certification in VAPT/ Ethical Hacking in Mobile /Web /Cloud security is must. Knowledge of AI tools & securing Docker containers like Kubernetes are advantages. Understanding of real world threats & data protection acts are preferred We are Dedalus, come join us Dedalus is committed to providing an engaging, rewarding work experience that reflects the passion our employees bring to our mission of helping clinicians and nurses deliver better care to their served communities. Our company fosters a culture where employees are encouraged to learn and innovate, and to enable and enhance clinical co-operation and processes while making a meaningful difference for millions of people around the world. Each person is the end point and the starting point of the Groups activities and the ultimate beneficiary. For this reason, we are so proud of doing our very special jobs each day. Our company is enriched by a diverse population of 7,600 people in more than 40 countries that work together to innovate and drive better healthcare options for millions of patients around the world. We are the people of Dedalus. Application Closing date: 26th September 2025 Our Diversity & Inclusion Commitment sets out Dedalus’ approach to ensuring respect, inclusion and success for all our colleagues and the wider communities we operate in. It is imperative for us to share our commitment and dedication to ensure an inclusive and diverse workplace. We recognise that we have improvements to make and on this journey, we must remain authentic and realistic but also ambitious. Our diversity & inclusion commitment – Dedalus Global Life Flows Through Our Software

>>Technical Skills Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, Privacy etc. Knowledge of technical domains such as Cloud security, VAPT, Application security, Risk and control assessment, Technology risk assessments, IT or OT compliance, Data privacy, and Network security Knowledge of concepts such as Shadow IT, Vendor risk, Country specific legal and regulatory requirements, outsourcing/ technology regulations, OWASP top 10 vulnerabilities, review of reports such as SOC, Penetration Test, Code Scan and Cloud compliance Strong GRC and Gap Assessment / Auditing, VAPT skills are desirable >>Soft Skills Strong problem solving and logical approach skills Excellent written and verbal communication skills Global client experience ability to manage stakeholders Consistent display of technical proficiency Ability to work well in teams and lead team when required Ability to work under pressure stringent deadlines and tough client conditions which may demand extended working hours Willingness to travel within India for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example >>Certifications Industry certifications ISO-27001 Lead Auditor, CEH, OSCP, GIAC, CISA, CCSP, and any Cloud certifications >> QUALIFICATION BE/BTech/MBA Location – Gurgaon Experience – Associate Consultant, Consultant, – ( 5yrs – 6yrs only ) __

As a Junior Pre-Sales Engineer / Pre-Sales Intern at our company based in Trivandrum, India, you will play a crucial role in bridging technology and business needs. Your primary responsibility will be to collaborate with the sales team, understand customer requirements, and propose customized solutions. Your strong IT background and communication skills will enable you to deliver technical presentations, product demos, and Proof of Concept (PoC) sessions effectively. You will be expected to explain the functionalities and benefits of various security products such as SIEM, EDR, XDR, Security Data Lake, Firewalls, and Email Security. Additionally, you will support security services like VAPT and other assessments, prepare technical proposals and documentation, and assist in responding to technical queries. Staying updated with industry trends and competitors will be crucial, and you will work closely with the technical team to provide post-sales support. To excel in this role, you should hold a Bachelor's degree in IT, Computer Science, Cybersecurity, or a related field. A sales/business-oriented master's degree will be a bonus. Your knowledge of IT concepts, networking, and cybersecurity fundamentals, along with your ability to simplify technical information for clients, will be essential. Awareness of security solutions and a willingness to adapt to new technologies and sales strategies are also key requirements. Preferred qualifications include industry certifications like CompTIA Security+, CISSP, CEH, as well as prior experience in pre-sales, technical support, or IT consultancy. An understanding of security solutions and architecture will be advantageous for this role. If you are enthusiastic about kickstarting your career in Pre-Sales Engineering and possess the required qualifications and skills, we encourage you to apply now by sending your resume to us. Join us in this exciting opportunity to make a difference in the field of cybersecurity and technology sales.,