120 Vapt Jobs - Page 2

As a Cyber Security Analyst you will be responsible for the administration, endpoint protection, vulnerability management, intrusion detection system, security information & event management, Active Directory, Domain Controller and Email Security.

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modeling: Ability to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

Hello Visionary! We know that the only way a business thrive is if our people are growing. That’s why we always put our people first. Our global, diverse team would be happy to support you and challenge you to grow in new ways. Who knows where our shared journey will take you We are looking for Product and Solution Security Expert (PSSE) How do you craft the future Smart BuildingsWe’re looking for the makers of tomorrow, the hardworking individuals ready to help Siemens transform entire industries, cities and even countries. Get to know us from the inside, develop your skills on the job. You’ll make a difference by: 1. Integration with SDLC: Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Perform security code reviews and analyze vulnerabilities during different SDLC phases. Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. 2. Security Activities: Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. 3. Stakeholder Interaction: Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization. 4. Security Tools and Technologies: Implement and manage security tools such as static and dynamic analysis tools, intrusion detection systems, and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance the organization's security posture. 5. Incident Response: Assist in the development and implementation of incident response plans and procedures. Participate in security incident investigations and provide expertise in resolving security breaches. 6. Training and Awareness: Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security. You’ll win us over by: 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred: Certified Secure Software Lifecycle Professional (CSSLP). Experience: Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. You’ll win us over by: Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. Minimum 5 years of experience in cybersecurity, with a focus on application security. We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Create a better #TomorrowWithUs! This role, based in Pune, is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow Find out more about the Digital world of Siemens here[1] www.siemens.com/careers/digitalminds Find out more about Siemens careers at[2] www.siemens.com/careers

Hello Visionary ! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. We are looking for a highly skilled and motivated Product & Solution Security Professional to join our team. The ideal candidate will be responsible for defining secure design principles and supporting cross-functional teams to ensure secure architecture, implementation, and testing of products and solutions. Key Responsibilities Integration with SDLC Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. Perform security code reviews and analyze vulnerabilities during different SDLC phases. 2. Security Activities Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. Stakeholder Interaction Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization . 4. Security Tools and Technologies Implement and manage security tools such as static and dynamic analysis tools and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance product’s security posture. 5. Training and Awareness Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security . Skills and Qualifications 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred CEH, Certified Secure Software Lifecycle Professional (CSSLP) or equivalent. Experience Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. 7 - 10 years of experience in cybersecurity, with a focus on application security. Make your mark in our exciting world at Siemens . This role, based in Bangalore , is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow We’ll support you with Hybrid working opportunities. Diverse and inclusive culture. Variety of learning & development opportunities. Attractive compensation package. Find out more about Siemens careers at www.siemens.com/careers

Job Summary We are seeking a seasoned professional to manage and enhance the operations of the Saviynt platform. The ideal candidate will bring strong technical expertise leadership capabilities and a proactive approach to platform stability process improvement and stakeholder engagement. Responsibilities Key Responsibilities Platform Monitoring & Maintenance Oversee the health and performance of the Saviynt Platform including Saviynt Connect Portal and Connectors. Monitor JML (Joiner-Mover-Leaver) processes aggregation tasks and access requests. Hands on with SOD workflows tasks rules forms custom object access reviews and updates of JML configurations access requests and certification workflows. Guide the team to implement best practices for Access Management & RBAC. Play a key role in identifying areas for implementing Automations. Enhancements & Troubleshooting Implement minor enhancements and workflow changes as needed. Coordinate with the Saviynt product team for resolution of critical issues. Documentation & Compliance Maintain up-to-date SOPs runbooks and procedural documentation. Ensure timely patching of the Saviynt platform and its components. Support DR (Disaster Recovery) testing. Integration & Performance Management Manage and resolve integration issues with systems such as Active Directory and ServiceNow and any custom integrations. Periodically tune performance parameters to ensure optimal system efficiency. Operational Oversight Share service health status report to customer on daily basis validate logs and verify backups. Provide Weekly/monthly reports on incidents changes service requests and problem tickets. Attend Weekly/monthly review calls tracking actions and work towards closure. Process & Stakeholder Engagement Identify process gaps and propose remediation aligned with product and security standards. Present changes in CAB meetings participate in major incident bridges and engage with customers for requirement gathering and escalation handling. Additional Skills Strong understanding of ITIL processes. Working knowledge of NetIQ IDM is a plus. Proficiency in Microsoft Office Suite for documentation and presentations. Excellent communication skills to liaise effectively between internal teams and customers. Basic knowledge on scripting using PowerShell AD & Exchange commands. Knowledge on Active Directory Entra AD Entra AD connect for synchronization

Job Summary IAM Architect Develop the overarching vision principles and architecture for the workload identity and access management system across all environments like Azure GCP hybrid on premises Responsibilities Define the types of workload identities e.g. Managed Identities Service Accounts SPIFFE identities their attributes and their lifecycle management processes. Design the framework and specific policies for controlling workload access to resources based on the principle of least privilege. Define and design secure methods for workloads to authenticate and communicate with each other. Design the integration points and processes for connecting the workload IAM system with Fords current IAM infrastructure e.g. Entra ID Drive the creation of the long-term workload IAM governance framework ensuring alignment with industry best practices and Fords policies. Serve as the subject matter expert on workload identity concepts technologies e.g. Entra Workload Identity SPIFFE-SPIRE and best practices. Assess and recommend appropriate workload identity features and tools available in Azure GCP and other relevant platforms. Design the system to meet relevant security and compliance requirements

Skills: Strong understanding of web application security and OWASP Top 10 Hands-on experience with VAPT and application security tools (e.g., Burp Suite Pro, Nessus, Acunetix) Proficient in writing technical reports and documentation Familiar with secure coding practices and patch management Experience with bug bounty programs and cybersecurity incident response Education: B.Tech / B.E. / BCA / BAC in Computer Science or IT Experience: 0-1 year in Vulnerability Assessment, Penetration Testing (VAPT), and Bug Bounty (professional experience preferred) Certifications: CEH or equivalent (preferred)

Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any certifications CEH(Mandatory), OSCP, CCSP Preferred Skills: Technology->Security Testing->Security Testing - ALL Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering

Area Head IT Security Specialist Analyst Engineer: About Company: CMR Green Technologies Limited is Indias largest producer of Aluminium and Zinc die-casting alloys with a combined annual capacity of over approx 4, 18, 000 MT per annum. Since its inception in 2006, it has maintained its fast-paced growth by leveraging latest technology and continuous improvement. CMR, which recycles aluminium scrap to make alloy, has 28-30 percent market share in India and is nearly three times larger than its nearest competitor. We are having strong presence at PAN India level (North, West & South) with 13 manufacturing units, 5000 strong workforce and supplies to major automotive industry in India including tier one OEMs like Maruti Suzuki , Honda Cars , Bajaj Auto , Hero MotoCorp and Royal Enfield Motors. We are seeking a skilled IT Security Specialist/Analyst/Engineer to join our IT team. In this role, you will be responsible for protecting our organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. You will work closely with IT and other departments to identify and mitigate IT security risks, ensuring that our systems and data remain secure. Position: Area Head IT Security Specialist/Analyst/Engineer Job Band/ Designation: B/ Dy. Manager/ Manager/ Sr. Manager No. of Post: 01 Department: Information Technology Reporting to: Chief Information Officer Qualifications: Essential: B.E./ B Tech / Bachelors degree in Computer Science, Information Technology, or related field . Desirable:- Relevant certifications (e.g., CISSP, CISM, CEH) are a plus. Experience: Proven 7-12 years of experience as an IT Security Specialist/Analyst/Engineer or similar role. Job Responsibilities: 1.Develop and enforce policies and procedures for data security, network access, and backup systems. 2.Identify vulnerabilities within our network and propose and implement security enhancements. 3.Coordinate with internal and external stakeholders to monitor network traffic for suspicious behavior. 4.Conduct regular system audits and manage the response to security incidents. 5.Lead cybersecurity awareness training for all staff. 6.Lead ISO 27001 certification for the organization 7.Stay up to date with the latest security systems, standards, authentication protocols, and products. 8.Create budget for security software and hardware and take buy-in from stakeholders. 9.Ensure compliance with the relevant laws and regulations regarding information security and privacy. functional competencies: Strong understanding of firewalls, VPNs, Data Loss Prevention, IDS/IPS, Web-Proxy, Zero Trust, DPDP Act, VAPT and Security Audits. CISSP certification is preferred. Experience with incident detection, incident response, and forensics. Key Personality Attributes: Effective Communication Knowledge sharing and learning. Execution Excellence General: Age -25-35 years. CTC 10 LPA-15 LPA approx. CTC is not a constraint for suitable candidate. Candidate should not be frequent job changer. Notice Period - Joining period Max 30 Days. We can buy notice period, if required Interested candidate those who are matching with our required, only can apply for the position. Location: Corporate office:-7th Floor, Tower 2, L & T Business Park, 12/4 Delhi Mathura Road (Near Delhi Badarpur Border) Faridabad, Haryana, 121003.

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Primary Skills : Manual Penetration Testing using OWASP checklists, Penetration Testing, Cloud Security Assessment, Cybersecurity, Security Configuration Review, Source Code Review Job Description: 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API & Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms. Notice: Immediate to 15 days Location: ENBD Bangalore or ENBD Chennai or Dubai Location: Bangalore/Chennai/Dubai Experience: 4-6 Years Thanks & Regards, Ankita Ghosh

Job Summary: We are hiring an experienced Application Security Engineer specializing in Java ADF and Jasper Reports, with a strong track record of resolving Vulnerability Assessment and Penetration Testing (VAPT) findings. The ideal candidate must have secured complex enterprise applications, including online payments and eCommerce systems, particularly on legacy stacks such as Java 1.7, MySQL 5.5, and JBoss 7.1. This role is hands-on and remediation-focused, requiring deep understanding of secure development and hardening in deprecated environments. Key Responsibilities: Lead remediation of high-priority VAPT findings in large-scale enterprise systems. Secure passwords and PII data at all stages: At view/input: masking, form validation, secure front-end patterns In transit: TLS, secure headers, HTTPS enforcement At rest: encryption, proper salting and hashing (e.g., bcrypt, SHA-256) Fix injection attacks (SQLi, XSS, LDAPi, command injection), CSRF, clickjacking, IDOR, and other OWASP Top 10 issues. Apply secure API integration practices: auth tokens, rate limiting, input validation. Harden session and cookie management (HttpOnly, Secure, SameSite attributes, session fixation prevention). Review and fix insecure code in ADF Faces, Task Flows, Bindings, BC4J, and Jasper Reports. Secure Jasper Reports generation and access (parameter validation, report-level authorization, export sanitization). Work hands-on with legacy platforms: Java 1.7, MySQL 5.5, JBoss 7.1 applying secure remediation without disrupting production. Strengthen security of online payment/eCommerce systems with proven compliance (e.g., PCI-DSS). Maintain detailed remediation logs, documentation, and evidence for audits and compliance (GDPR, DPDPA, STQC, etc.). Technical Skills: Java EE, Oracle ADF (ADF Faces, Task Flows, BC4J), Jasper Reports Studio/XML Strong debugging skills in Java 1.7, MySQL 5.5, JBoss 7.1 Secure development lifecycle practices with a focus on legacy modernization Strong grounding in OWASP Top 10, SANS 25, CVSS, and secure coding principles Experience in PII handling, data masking, salting, and hashing Proficiency in OAuth2, SAML, JWT, and RBAC security models Performance improvement and application profiling Expertise in analyzing application, system, and security logs to identify and fix issues Ability to ensure application stability and high availability Be the champion/lead and guide the team to fix the issues PHP experience is a plus, especially in legacy web app environments Required Experience: 5–10+ years in application development and security Demonstrated experience remediating security vulnerabilities in eCommerce and payment platforms Ability to work independently in production environments with deprecated technologies Preferred Qualifications / Plus: B.E./B.Tech/MCA in Computer Science, IT, or Cybersecurity Use of AI tools for identification and fixing the issues is real plus Any VAPT or Application Security Certification is a plus (e.g., CEH, OSCP, CSSLP, GWAPT, Oracle Certified Expert) Familiarity with compliance standards: PCI-DSS, GDPR, DPDPA, STQC Proficiency with security tools: Fortify, ZAP, SonarQube, Checkmarx, Burp Suite Soft Skills: Strong problem-solving and diagnostic capabilities, especially in large monolithic codebases Good documentation and communication skills for cross-functional collaboration Able to work under pressure, troubleshoot complex issues, and deliver secure code fixes rapidly

Manage Data center Facility, Server Infra, Backups, File Server, DB Admin of server env– HP-Unix, Clustering, Virtual Server env (Hyper-V, VMWare, KVM), Linux (RedHat, SUSE, CentOS) Hands on Clustering, Virtualization, Storage Protocol, DC & DR ops Required Candidate profile Min 5 yrs of hands-on exp as System Administrator Perform root cause analysis for problems and major incidents Candidate with Certification of Unix, Linux, VMware & Storage System will be preferred

Skills Required : Application Security, Web Application Security, Penetration Testing, OWASP, Network Penetration Testing, Vulnerability Assessment, Application Security Testing, security engineering, Vapt

Job Description: Sr. Security Engineer - VAPT & Compliance Position: Sr. Security Engineer - VAPT & Compliance Working Days: 5 days (Rotational Shifts)Experience : 6+ yearsLocation: Noida Sector-62 ( Work from office) Role Overview : We are seeking a skilled and driven Sr. Security Engineer with a strong background in penetration testing (web, mobile, and network) and an understanding of security compliance standards such as SOC 2, ISO 27001, and GDPR. The ideal candidate will have hands-on experience identifying and exploiting vulnerabilities, preparing technical and compliance reports, and guiding clients or internal teams on remediation and governance. Key Responsibilities : • Conduct penetration testing of web applications, mobile apps (iOS/Android), and internal/external networks. • Perform vulnerability assessments and risk evaluations across client environments. • Create detailed technical and executive reports with prioritized remediation strategies. • Assist in SOC 2 readiness assessments, ISO 27001 implementation, and GDPR compliance checks. • Collaborate with cross-functional teams for remedial activities to improve the security posture. • Stay updated with the latest exploits, tools, and compliance updates. Required Qualifications : • 6+ years of experience in cybersecurity with a focus on penetration testing and compliance. • Proficiency in tools like Burp Suite, Nmap, Metasploit, Nessus, MobSF, and manual testing techniques. • Strong knowledge of OWASP Top 10, secure coding practices, network protocols, and common attack vectors. • Understanding of SOC 2, ISO 27001, GDPR, and associated implementation or audit processes. Certifications (Preferred) • CEH (Certified Ethical Hacker) • ISO/IEC 27001 Lead Auditor / Lead Implementer • Other relevant certs: e.g., CompTIA Security+, eWPT, eCPPT, GPEN Nice-to-Have Skills : • Familiarity with DevSecOps pipelines, source code reviews, or CI/CD security integration. • Client-facing consulting experience or report presentation skills. • Cyber Security vibe is a must. If interested then share your updated CV on agarwal.saumya@thinksys.com

Hi , As per response to your profile which is uploaded in Job portals. We have an excellent job openings for Application Security-Techno Manager -Mumbai Location in IT MNC If your already received email or not looking for job change/ irrelevant - please ignore it. Note: Apply for only Relevant & interested candidates.(Apply for only Immediate to 30 days joiners) Job Description: Please find the Key skills for AppSec Lead - 10-18 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. skill: Vulnerability Assessment,Manual Penetration Testing using OWASP checklists,Penetration Testing,OWASP Top 10,OWASP ZAP,Ethical Hacking,Static/dynamic testing of mobile applications,Vulnerability Mitigation, any Certificates like CISSP, CISA, CISM, CRISC. Educational criteria: B.Sc (IT/CS/Security) / B.Tech/BE in Computer Science,BCA/MCA/MS/MSC/M TECH,ME Those who have relevant experience and Skills, as mentioned above please revert back soon. It"s a kind request, Please provide the below mentioned details in Ur CV/mail before u send it to us. Total Exp: Relevant Exp:- Current Company: Current CTC: Expected CTC: Current Location: Preferred location: Mumbai Only Notice Period: Apply only for Immediate to 30 days NP. DOB: Degree: Many Thanks Regards Sreenivas Sreenivasa.k@happiestminds.com

HCL Tech uses Qualys tools for various roles, including those in security, infrastructure management, and penetration testing. Job descriptions often specify experience with Qualys tools, such as vulnerability scanning and configuration management , and may also require proficiency in other security technologies and certifications like CEH. 1. Security Roles: Vulnerability Assessment and Penetration Testing (VAPT): HCL Tech uses Qualys tools for identifying vulnerabilities in systems and applications. VAPT Testers need experience with Qualys and other penetration testing tools. Security Operations Engineer: This role involves implementing and managing security measures, including those related to vulnerability management and cloud security posture management (CSPM) using Qualys. Tools/Qualys: This role involves administering and operating Qualys, potentially alongside other PKI solutions like ADCS or AppViewX. 2. Infrastructure Management: Administration and Operations of PKI: Qualys is sometimes used in conjunction with PKI solutions to manage certificates and related configurations, including CSR creation, certificate push, and secure connections. 3. General Requirements: Security Domain Experience: Many roles require experience in managing security infrastructure, including vulnerability management and configuration management, where Qualys is often utilized. In summary, HCL Tech utilizes Qualys tools for various security-related tasks, including vulnerability assessment, infrastructure management, and cloud security posture management. Specific requirements vary depending on the role, but experience with Qualys is often a valuable asset

SUMMARY Our client is IT MNC part of one of the major insurance groups based out of Germany and Europe. The Group is represented in around 30 countries worldwide, with Over 40,000 people worldwide, focusing mainly on Europe and Asia. Our client offers a comprehensive range of insurances, pensions, investments and services by focusing on all cutting edge technologies majorly on Could, Digital, Robotics Automation, IoT, Voice Recognition, Big Data science, advanced mobile solutions and much more to accommodate the customers future needs around the globe thru supporting millions of internal and external customers with state of-the-art IT solutions to everyday problems & dedicated to bringing digital innovations to every aspect of the landscape of insurance. Job Location: Hiranandani Gardens, Powai, Mumbai Mode: Work from Office Requirements Roles & Responsibilities: Define project scope, objectives, and deliverables in collaboration with stakeholders. Develop comprehensive project plans, including timelines, budgets, and resource allocation. Manage and coordinate project teams, including security engineers, analysts, and other technical resources. Track project progress, identify and manage risks and issues, and implement effective mitigation strategies. Ensure adherence to project management methodologies and best practices. Stay up-to-date with the latest cyber security trends and technologies. Skill & Competencies: Strong track record of delivering IT projects in a large, complex environment. (7 years), especially experience in the implementation of financial and regulatory requirements in the CFO context in Group-wide systems and their integration Proven 5+ years experience as a PM Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience (typically 5+ years) managing IT projects, with a significant focus on cyber security initiatives.

Are you interested in automating the build and deployment process of the application with ensuring the application security? If yes, then Payatu is the place for you. We are always in search of passionate people to expand our renowned Bandit family at Payatu. In the quest for Bandits, here is an excellent opportunity we would like to share with you. Who we are? Payatu is an ISO certified company where we strive to create a culture of excellence, growth and innovation that empowers our employees to reach new heights in their careers. We are young and passionate folks driven by the power of the latest and innovative technologies in IoT, AI/ML, Blockchain, and many other advanced technologies. We are on the mission of making Cyberworld safe for every organization, product, and individual. What we look for outside work parameters? Your expertise is your primary qualification, not your degree or certification. Your publicly known contributions are your credentials. Papers you have written, tools you have developed are your references. Your write-up reflects your interests and ethics. Your published exploits, your CTF scores, and hall of fame listings are the testimonies of your work. Your research paper was published and presented at conferences. You are learning from the community and enthusiastically contributing back. You are a perfect technical fit if: Strong fundamental of application and network protocols. Stronghold on Web application security concept and penetration testing skill. Good command of at least one programming language. Good understanding of OWASP Top 10 and other web-related vulnerabilities as well as logic flaws. Hands-on experience in performing penetration testing of web-based applications preferably in the financial domain. Good to have experience in working alongside the development/QA teams. Good report writing and presentation skills. Should be able to suggest optimum security improvements to application components. You Have All Our Desired Qualities, if: Experience in web application and web service security assessment. You have a history of publishing or presenting good research. You have the knack of finding security bugs in everything you touch. You like automating stuff. You like writing tools. You have excellent written and verbal communication skills and the ability to express your thoughts clearly. You have the skill to articulate and present technical things in business language. You can work independently as well as within a team and meet project schedules and deadlines. You have strong problem solving, troubleshooting, and analysis skills. You are passionate about your area of expertise and self-driven. You are comfortable working in a dynamic and fast-paced work environment. You are Self-driven, proactive, hardworking, team-player. You are working on something on your own in your field apart from official work. Your everyday work will look like: Security assessment of web application and web service on various platforms. Back your findings with Proof-of-concept exploits. Collect evidence and maintain a detailed write-up of the findings. Understand and explain the results with impact on business and compliance status. Explain and demonstrate vulnerabilities to application/system owners. Provide appropriate remediation and mitigations of the identified vulnerabilities. Individually or collaboratively review the system designs, source code, configurations, communications for security gaps. Deliver results within stipulated timelines. Sharpen your saw with continuous research, learning, training on the latest tools and techniques, keeping up with new research, and sharing the same with the ecosystem. Communicate well using verbal and written skills, within and out of the team.

The selected candidates will be responsible for performing VAPT on the web, mobile, infrastructure, and API, doing a secure code review, and analyzing any security incidents that strike within our SecureNexus division.

CyberShelter is looking for a hands-on and detail-oriented Offensive Security Tester to execute vulnerability assessments, penetration testing, and assist in red team operations under the guidance of senior team members. This role is ideal for individuals who are technically sound, passionate about ethical hacking, and eager to grow in the offensive security domain. Key Responsibilities Conduct technical assessments across: Web applications, mobile apps, APIs, thick clients and network infrastructure systems Execute standard VAPT tasks including reconnaissance, scanning, enumeration, exploitation, and post-exploitation. Prepare draft reports with findings, risk ratings, and remediation suggestions. Collaborate with senior team members during red team engagements, source code reviews, and architecture review assessments. Maintain test logs, tool outputs, and evidence for quality and compliance checks. Stay informed on new vulnerabilities, CVEs, and attack techniques. Qualifications Experience: 2 to 4 years of experience in offensive security, ethical hacking, or VAPT roles. Technical Skills: Familiar with OWASP Top 10, common CVEs, and exploit scenarios Basic scripting knowledge (Python, Bash, or PowerShell) preferred Exposure to security testing methodologies and reporting standards Certifications: OSCP, eJPT, CEH, or equivalent are a plus. Soft Skills: Eagerness to learn, ability to follow guidance, and good communication. Preferred Attributes Strong willingness to develop deep offensive security expertise Ability to work collaboratively in a fast-paced team environment Attention to detail and strong documentation habits

CyberShelter is seeking a Senior Offensive Security Tester to perform and oversee advanced security testing across applications, infrastructure, and cloud environments. As a senior member of the offensive security team, this role requires strong hands-on expertise in VAPT, red teaming exercises, and security assessments, along with leadership in task execution and mentorship of the testers. Key Responsibilities Conduct advanced vulnerability assessments and penetration tests on: Web applications, Mobile Apps (iOS/Android), APIs Network and infrastructure (on-prem and cloud) Thick client Execute red team exercises simulating real-world attack scenarios and lateral movement techniques. Perform source code reviews, threat modeling, and architecture review as required. Document findings with clear PoCs and detailed impact analysis for business stakeholders. Support the Offensive Security Lead in managing technical execution and ensuring adherence to methodology. Mentor and guide junior testers and analysts in tool usage, attack simulation, and reporting standards. Stay updated on emerging threats, exploits, and offensive tooling enhancements. Participate in client walkthroughs, support remediation discussions, and align assessments with business context. Qualifications Experience: 57 years of experience in offensive security testing, VAPT, or red teaming roles. Technical Skills: Strong understanding of OWASP Top 10, SANS/CWE, MITRE ATT&CK Familiarity with source code analysis and scripting (Python, Bash, PowerShell) Certifications: OSCP preferred; other certifications like eCPPT, CRTP, OSEP, or CREST Practitioner are a plus. Soft Skills: Good reporting skills, team collaboration, and attention to detail. Preferred Attributes Passionate about ethical hacking and continuous skill development Able to work independently on assigned tasks and manage priorities effectively Comfortable operating in a fast-paced, customer-facing environment Role & responsibilities

CyberShelter is seeking a passionate and experienced Offensive Security Lead to spearhead our offensive security initiatives, including VAPT, red teaming, source code reviews, and advanced security assessments across a diverse range of platforms. This role requires strong technical leadership, hands-on expertise, client engagement, and the ability to guide and mentor a specialized team. Key Responsibilities Lead and manage the offensive security team responsible for: Vulnerability Assessment & Penetration Testing (Web, Mobile, APIs, Network, Infrastructure, Thick Clients) Red Teaming and adversary simulation Source code review, threat modeling, and secure architecture assessments Configuration reviews, segmentation testing, and wireless security assessments Own end-to-end project lifecycle including planning, execution, reporting, and customer walkthroughs. Review and validate findings, risk ratings, and ensure quality assurance across all deliverables. Collaborate with clients to understand business context, prioritize findings based on impact, and advise on remediation strategies. Drive threat-based assessment approaches aligned with MITRE ATT&CK, OWASP, and other frameworks. Stay current with evolving threat landscapes, tools, and industry best practices. Qualifications Experience: 810 years of hands-on experience in offensive security, red teaming, and advanced security assessments. Technical Skills: Expertise in manual and automated VAPT techniques across full tech stack Deep understanding of OWASP Top 10, SANS Top 25, NIST SP 800-115, etc. Exposure to DevSecOps, CI/CD security, and modern application stacks Certifications: OSCP, OSCE, OSEP, CRTP, CREST or equivalent (preferred) Soft Skills: Strong communication, leadership, client-facing experience, and documentation skills. Preferred Attributes Passionate about offensive security and continuous learning Ability to manage multiple concurrent projects and mentor junior team members Strategic mindset with strong operational execution capabilities

Job Description: Strategic Leadership: Develop and execute the organization's cybersecurity and information management strategy, aligning it with business objectives and industry best practices. Collaborate with executive leadership to integrate security into all aspects of the company's operations and decision-making processes. Risk Management: Identify, assess, and prioritize cybersecurity risks and vulnerabilities, taking proactive measures to mitigate and manage them effectively. Establish a robust incident response plan and lead the response efforts in the event of a security breach. Security Governance: Oversee the development and implementation of information security policies, standards, and procedures. Ensure compliance with relevant regulatory requirements and industry standards (e.g., SEBI, RBI, DPDP, ISO 27001). Representation in various Committee and forums as required. Security Awareness and Training: Promote a strong cybersecurity culture across the organization through training, awareness campaigns, and ongoing education. Foster a sense of shared responsibility for security among employees and contractors. Security Architecture and Technology: Evaluate, recommend, and implement cutting-edge security technologies, tools, and practices. Oversee the design and maintenance of a secure and scalable IT infrastructure. Security Monitoring (SOC 24*7) and Incident Response: Implement continuous monitoring systems to detect and respond to security threats in real-time. Lead investigations into security incidents, documenting findings, and implementing remediation actions. Vendor and Third-Party Risk Management: Assess the security posture of third-party vendors and partners, ensuring they meet the company's security standards. Establish and maintain relationships with external security organizations and industry peers. Application Security and VAPT Budget and Resource Management Role and Responsibilities : Chief Information Security role comprehends the experience in ISMS implementation & audit management to strategize, improve and streamline information security governance within the organization. The role will be responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise information security management program and protect the organization from cyber security and data breaches. Core Competencies : Technical & Functional Expertise Business & Commercial Acumen Market Intelligence Execution Excellence Strategic Orientation Decision Making Preferred Skills: Deep knowledge of cybersecurity technologies, risk management, and compliance requirements. Excellent Spoken & Written Communication. Analytical Ability. Stakeholder management.

Sr. Manager Technology: Sr. Manager Technology is responsible for monitoring the efficiency and performance of the company's technology and oversee the overall Information Technology Operations. He makes sure that the processes defined are adhering and working as per the policies designed to meet the requirement of security and compliance standards of the Organization. KRAs (Technical) Managing and maintaining the overall IT infrastructure of the Organization. End user support as per the SLAs defined. Monitoring and measuring the performance of team members through metrices for the weekly reports. Handling escalations from the business stakeholders/Departments. Oversee the technological changes for the Organization. VAPT (Vulnerability and Penetration testing) / Security rating of the company. Automated Firewalls backup, Server backups, configuration backups. O365 security implementation, SPAM/Security policies to resist the SPAM. O365/SharePoint administration, MS Teams administration. Thorough understanding of end point security like Dell Carbon black and security policies. Technical understanding of Windows/Linux Server administration, Security hardening. MAC OS, iOS platform knowledge. A very good understanding of VOIP infrastructure and Telecom providers for the VOIP services. Hands on to an ITIL/ITSM compliant tool like Fresh Service to manage and maintain the inventory. Knowledge of best security practices and tools to backtrack any security issues like Spamming/Phishing/email headers etc. VPN, IPsec tunnels, security policies implemented at Org level (may include URL filtration as well) Technical exposure to routers/switches/Access points and wireless technologies. Security patching, version control, Change management. Vendor management to choose the right product/services. KRAs (Compliances) Prior experience to work and collaborate as an auditee for ISO 9001 -27001, GDPR, SOC2 Type 2, CPRA, and RFPs filling. Well versed with the security policies as per the ISMS standards. Main auditee for the internal/external audits for the Organization. Ambitious to map the controls with the defined security policies. Good writing skills to draft the policies and procedures. Maintain compliance documents archives and document libraries for different stakeholders/Departments in MS Teams, SharePoint/NAS. Maintain and review the access approvals/approval mechanism aligned with the polices. Maintain the physical security of IT Assets as per compliance and security standards. KRAs (Team Management) A mentor to motivate the team by not only managing the team but showing them the path to achieve the Objectives defined by the Management. Working in a direction with a mutual goal set by the Management. Team player to guide the team for the betterment of the Department/Organization. Positive mindset to handle the conflicts and to guide the team members. A good speaker demonstrating the leadership qualities to motivate the team. Desirable (Communication skills) Must have a fluent speaker to interact with the US folks and top management. Should have an advanced level writing and office grammar skills. Strong PowerPoint presentation skills to present the decks/business cases in the management meetings. Ready to represent the Department in the events/public meetings. Additional skillsets: Microsoft Partnership portal management, Channel partnership management, Software licenses, Azure administration for D365, SendGrid for bulk email sending, mail chimp, MS Visio knowledge for layout diagrams.

? Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails