345 Vapt Jobs - Page 2

You should have at least 3 years of experience in VAPT, ethical hacking, Red teaming, or security testing. Your main responsibilities will include conducting security assessments such as network, web, mobile, and cloud penetration testing. You will be expected to identify, exploit, and document vulnerabilities to evaluate the security status of systems. In addition, you will need to perform manual testing in conjunction with automated tools to conduct thorough security analysis. Your role will also involve preparing detailed security reports that outline findings, risk impact, and recommendations for mitigation. It will be crucial for you to effectively present these findings to technical teams and senior management in a clear and actionable manner. Collaborating with development and IT teams to address identified vulnerabilities will be a key part of your responsibilities. Moreover, you will be required to offer guidance on security best practices, secure coding, and infrastructure hardening. Any relevant certifications such as CEH, OSCP, CISSP, etc., will be considered a significant advantage in this role.,

Penetration Testing JD- In this role, you will assist in identifying, analyzing, and reporting security vulnerabilities across various systems. Youll perform penetration testing , security assessments , Mobile Testing and basic threat simulations to help improve our organizations security posture. Working alongside security engineers and development teams, youll contribute to making applications and networks more resilient against cyber threats. Key Responsibilities: Conduct security assessments Perform penetration testing and vulnerability scans on applications, networks, and cloud environments. Assist in threat simulations Help simulate potential cyberattacks to evaluate security controls. Utilize security tools Work with tools such as Burp Suite, Nmap, Metasploit, and Wireshark to identify vulnerabilities. Document findings and recommendations Prepare reports that outline security risks and suggested fixes. Collaborate with teams Work with security professionals and developers to enhance security practices. Stay informed Keep up with new security trends, attack techniques, and best practices. Experience - 5 to 9yrs Location- Hyderbad and Chennai Notice period - Immediate to 30 days Candidate who are interested please share your CV to r.keer@hcltech.com

Responsibilities: * Deliver risk assessments and advisory services. * Conduct ITGC audits and regulatory compliance checks. * Implement GRC frameworks and VAPT processes.

Designation: IT Risk manager 4+ Years Navi Mumbai (Juinagar) - WFO 5 Days (1st & 3rd Sat working) Immediate Joiners B)Skills: Proficient in VAPT tools for applications and infrastructure (e.g., Burp Suite, OWASP ZAP, Nessus, Nmap, Postman). Strong grasp of OWASP Top 10, API Security best practices, and secure coding principles. Experience in secure configuration reviews for firewalls, servers, endpoints, and API gateways. Familiar with DevSecOps, including integrating security. Understanding of API security frameworks: OAuth 2.0, JWT, API key management, rate limiting. Hands-on with incident response workflows (e.g., Splunk, CrowdStrike). Skilled in writing and maintaining security documentation, including SOPs and incident response plans. Awareness of regulatory standards: RBI Cybersecurity Framework, PCI DSS, NIST. Exposure to risk assessments, security audits, and third-party security evaluations. Ability to collaborate with Dev, Infra, and Compliance teams to ensure secure deployments. C)Qualifications: Graduation or Post Graduate D)Experience: Role relevance/Tenure/Industry 4 - 7 years of relevant experience in BFSI domain Sincerely, Sonia TS

Job Description: Prudent Technologies and Consulting is hiring for a fast-growing Cybersecurity team that supports a customer base including the worlds largest organizations. We have an immediate opening for a Senior Application Security Consultant. The role requires an experienced offensive consultant who understands application security testing methodologies, frameworks, tools and reporting. As a Senior Consultant you will perform and lead technical teams to conduct thorough security assessments as well as perform field related research. Candidates should be familiar with a variety of technologies including web, mobile, API, AI/LM, cloud, desktop, single sign-on and OAuth. Responsibilities: Consult with technical and non-technical client stakeholders Collaborate with Sales teams to assist in scoping efforts Lead projects and mentor less experienced consultants Perform advanced comprehensive penetration tests, adhering to industry-standard best practices Conduct penetration testing across diverse environments, including desktop applications, mobile applications, web applications, cloud environments, on-prem environments, APIs and AI/LM Document and report vulnerabilities, show proof-of-concepts where applicable, and provide detailed explanations to highlight severity, business impact, and tailored remediation steps Manages priorities and tasks to achieve utilization targets Participate in research and development efforts to improve the Cybersecurity practice Qualifications: Required Qualifications: 8+ years of direct experience performing manual penetration testing assessments on desktop applications, mobile applications, web applications, cloud environments, API and AI/LM Proficient at using penetration testing tools such as Burp Suite, DAST scanners, Metasploit and Nessus to identify and exploit vulnerabilities Able to write deliverable reports, including executive summaries and presentations, and status reports for clients Understanding of industry-standard security frameworks (e.g., OWASP and MITRE ATT&CK) Excellent project management, leadership, time management, and client consulting skills Preferred Qualifications: Bachelors degree in computer science, information security, or related field Good to have (preferred) relevant certifications (e.g., OSCP and/or OSWE) Experience with scripting languages such as Python and Bash Experience with application development, systems engineering, or similar Published CVE/CWE contributions, participation in CTF events and independent research projects Education: Direct work experience performing application penetration testing assessments; ability to begin testing immediately with guidance on Prudents specific approach and methodology

>>Technical Skills Expertise in cyber security including standards such as ISO27001, PCI-DSS, ISO22301, Privacy etc. Knowledge of technical domains such as Cloud security, VAPT, Application security, Risk and control assessment, Technology risk assessments, IT or OT compliance, Data privacy, and Network security Knowledge of concepts such as Shadow IT, Vendor risk, Country specific legal and regulatory requirements, outsourcing/ technology regulations, OWASP top 10 vulnerabilities, review of reports such as SOC, Penetration Test, Code Scan and Cloud compliance Strong GRC and Gap Assessment / Auditing, VAPT skills are desirable >>Soft Skills Strong problem solving and logical approach skills Excellent written and verbal communication skills Global client experience ability to manage stakeholders Consistent display of technical proficiency Ability to work well in teams and lead team when required Ability to work under pressure – stringent deadlines and tough client conditions which may demand extended working hours Willingness to travel within India for project/assignments. Demonstrate integrity, values, principles, and work ethic and lead by example >>Certifications Industry certifications – ISO-27001 Lead Auditor, CEH, OSCP, GIAC, CISA, CCSP, and any Cloud certifications >> QUALIFICATION BE/BTech/MBA

Job Summary: We are seeking a skilled and motivated Assistant Manager – VAPT with expertise in Cloud Security to support the organization’s cybersecurity initiatives through comprehensive vulnerability assessments and penetration testing. The ideal candidate will have hands-on experience in identifying security weaknesses in systems, applications, networks, and cloud environments, and provide actionable recommendations to mitigate risks. Key Responsibilities: Conduct regular Vulnerability Assessments and Penetration Tests on web applications, mobile applications, networks, cloud infrastructure (AWS, Azure, GCP), and APIs. Identify, analyze, and document security flaws and vulnerabilities using manual techniques, custom scripts, and automated tools. Perform cloud security assessments to identify misconfigurations, vulnerabilities, and risks associated with cloud services (AWS, Azure, GCP). Work closely with IT, cloud infrastructure, and development teams to validate findings, suggest remediation steps, and verify the implementation of fixes. Collaborate with third-party vendors for external testing and audits. Prepare detailed technical reports and executive summaries of findings and recommendations. Ensure compliance with internal policies and external regulatory requirements (e.g., ISO 27001, PCI-DSS, GDPR, SOC2). Stay updated with the latest vulnerabilities, exploits, and security news, particularly in the cloud security domain, through continuous learning and threat intelligence feeds. Assist in security incident response efforts related to vulnerabilities discovered in cloud environments and on-prem systems. Required Skills & Qualifications: Bachelor’s degree in Computer Science, Information Technology, or a related field. 4+ years of experience in VAPT or a similar cybersecurity role, with hands-on experience in cloud security . Proficiency in tools such as Nessus, Burp Suite, Nmap, Metasploit, Wireshark, Kali Linux , and cloud security tools (e.g., AWS Inspector, Azure Security Center, GCP Security Command Center ). Strong knowledge of OWASP Top 10 , SANS 25 , and secure coding practices. Hands-on experience in securing cloud environments (AWS, Azure, GCP), including network security, identity and access management (IAM), and infrastructure-as-code (IaC) security. Familiarity with scripting languages (Python, Bash, PowerShell) for automation and custom testing is a plus. Industry certifications such as OSCP, CEH, GPEN, or eJPT and cloud security certifications like AWS Certified Security Specialty , Azure Security Engineer are highly desirable. Strong analytical, problem-solving, and communication skills.

About The Role Project Role : Security Delivery Practitioner Project Role Description : Assist in defining requirements, designing and building security components, and testing efforts. Must have skills : Mobile Security Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Practitioner, you will assist in defining requirements, designing and building security components, and testing efforts. A typical day involves collaborating with cross-functional teams to ensure that security measures are integrated into the development process, conducting assessments to identify vulnerabilities, and providing recommendations for enhancements. You will also engage in discussions to share insights and contribute to the continuous improvement of security practices within the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct security assessments and audits to identify potential vulnerabilities.- Collaborate with development teams to integrate security best practices into the software development lifecycle. Professional & Technical Skills: - Must To Have Skills: Proficiency in Mobile Security.- Good To Have Skills: Experience with application security testing tools.- Strong understanding of secure coding practices and methodologies.- Familiarity with threat modeling and risk assessment techniques.- Knowledge of compliance standards and regulations related to security. Additional Information:- The candidate should have minimum 3 years of experience in Mobile Security.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Application Security group is responsible for ensuring that Fidelity applications are designed, developed and deployed securely. The role will involve working closely with development groups to ensure secure design, development and implementation of services and components. As Technical Specialist, person would be responsible to understand complex technical and architectural issues from security perspective and the ability to understand the implications associated with the chosen technical strategy * Conduct Vulnerability Assessments of Network and Security Devices using various open source and commercial tools * Map out a network, discover ports and services running on the different exposed network and security devices * Analyze scan reports and suggest remediation / mitigation plan * Keep track of new vulnerabilities on various network and security devices for different vendors * Review software posture and work with operations to plan code version upgrade requirements of supported security and network devices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise * 2-4 years’ experience in Cybersecurity * Knowledge on VA tool such as Tenable * Should be able scan devices using VA tool * Should be able to prepare report based on VA tool * Should have knowledge on Web Penetration & Network Penetration testing. * Should have a skill to conduct Gray box & black box testing * Should worked on various PT tools such as Burp Suite, Acunetix, etc. Preferred technical and professional experience Preferred OEM Certified SOAR specialist + CEH

The role supports full end to end software development cycle, from initial client engagement, through assessments and road-mapping, to longer term engagement in an advisory capacity. As an Application Security Consultants, the person should leverage the technical expertise of the security competencies, varied product and delivery capabilities. Hands on experience in Secure SDLC, DAST, SAST, HP Fortify and Burp Suite Provide strategic advice and insights to clients based on deep domain knowledge and industry best practices. Identify potential risks and develop mitigation strategies to ensure project success and client satisfaction. Lead and coordinate incident response activities, including investigation, containment, and remediation of security incidents. Provide security training and awareness programs to developers on security policies, procedures, and best practices. Ensure applications team adhere to relevant security standards, regulatory requirements, and industry best practices (e.g., OWASP, NIST, PCI DSS). Provide support for regulatory and internal audits, diligently tracking reported observations through to closure Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE/Btech/MCA/M.Tech. 5-7 yrs hands on experience.Hands on experience in Secure SDLC, DAST, SAST, HP Fortify and Burp SuiteEnsure applications team adhere to relevant security standards, regulatory requirements, and industry best practices (e.g., OWASP, NIST, PCI DSS). Preferred technical and professional experience OEM certification from one of the following, HP Fortify and Burp Suite

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Preferred Skills: Technology->Security Testing->Security Testing - ALL

As a Cyber Security Expert with 10-18 years of experience, you will be responsible for ensuring that the Client IT systems are secure, efficient, and compliant with relevant regulations and industry standards. Your role will involve understanding project requirements, technical specifications, and scope of work. You will be designing and maintaining security-compliant IT infrastructure architecture and systems. Conducting thorough audits of IT systems, processes, and controls will be a key aspect of your responsibilities to identify weaknesses, vulnerabilities, and areas for improvement in design. You will also be assessing risks associated with IT systems and identifying potential threats to data integrity, confidentiality, and availability. In addition, you will be responsible for compliance management to ensure that IT systems and processes comply with relevant laws, regulations, and industry standards. You will support in the preparation of ATP documents, SoP documents, and other security-related documentation. Implementing and maintaining effective security measures to protect IT assets from cyber threats, including malware, phishing, and unauthorized access will be crucial. You will evaluate the effectiveness of existing IT controls and recommend enhancements or new controls to mitigate risks and improve security posture. Your role will involve preparing detailed audit reports documenting findings, recommendations, and remediation plans for management and stakeholders. Providing training and awareness programs to educate employees about IT security best practices and compliance requirements will also be part of your responsibilities. Continuous monitoring of IT systems and processes to detect and respond to security incidents and compliance breaches in a timely manner is essential. Collaboration with other departments to address IT-related risks and compliance issues effectively will be required. You will also support in Vulnerability Assessment and Penetration Testing (VAPT). You will play a crucial role in helping the Client maintain the integrity, confidentiality, and availability of their information systems while ensuring compliance with regulatory requirements and industry standards and best practices. Facilitating the integration of additional security solutions and suggesting requirements for future security needs will also be part of your duties. If you are an experienced Cyber Security Expert with the required certifications and skills, we invite you to apply for this position and be a valuable asset in ensuring the security and compliance of our IT systems. Regards, Kirti Rustagi hr1@raspl.com,

Job Summary: We are seeking a skilled and proactive VAPT/Penetration Tester/Red Team/Code review analyst to join our cyber security team. The ideal candidate will be responsible for identifying vulnerabilities in our systems, networks, and applications through comprehensive assessments and simulated attacks, ensuring the robustness and integrity of our digital assets. Key Responsibilities: Conduct thorough vulnerability assessments and penetration tests on various systems, networks, Code Review, and applications. Identify, exploit, and document security vulnerabilities and weaknesses. Develop and execute testing methodologies and tools to simulate real-world attacks. Collaborate with IT and development teams to provide actionable recommendations for remediation. Prepare detailed reports outlining findings, risk assessments, and suggested mitigations. Stay updated with the latest security threats, vulnerabilities, and testing techniques. Assist in developing and maintaining security policies, procedures, and best practices. Required Qualifications: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Proven experience in vulnerability assessment and penetration testing. Proficiency with tools such as Metasploit, Burp Suite, Nmap, Nessus, and Wireshark. Strong understanding of network protocols, operating systems (Windows, Linux), and web application security. Familiarity with scripting languages like Python, Bash, or PowerShell. Excellent analytical, problem-solving, and communication skills. Preferred Qualifications: Relevant certifications such as OSCP, CEH, GPEN, or similar. Experience with cloud security assessments (AWS, Azure, GCP). Knowledge of secure coding practices and DevSecOps methodologies. Familiarity with compliance standards like ISO 27001, PCI DSS, or NIST.

Job Title: Information Security Officer (ISO) Company Overview: Fourth Partner Energy Limited (FPEL) is a leading renewable energy company in India, with a proven track record of delivering high-quality solar projects. With over 1 GW of installed capacity and more than 1800 projects executed, Fourth Partner Energy Limited is committed to providing innovative and sustainable energy solutions. FPEL has targeted to reach more than 3 GW of capacity by 2025. The company utilizes assets and software from reputed companies such as Microsoft (MS Dynamics D365, MS Office 265, MS SharePoint, Azure cloud, MS Intune), Acronis (data backup software), AWS (cloud services), HP (Endpoints), Sophos (Firewall and Anti-Virus) Job Overview: The Information Security Officer (ISO) will be responsible for leading the company's information security program and ensuring the confidentiality, integrity, and availability of the company's information assets. The ISO will report directly to the Head Digital Transformation and work closely with the executive team to develop and implement security strategies that align with the company's overall business objectives. Responsibilities: Develop and implement a comprehensive information security strategy, policies, and guidelines in accordance with the Cyber Security Guidelines issued by CEA and NCIIPC to protect the organization's information assets including IT & OT. Oversee the design, implementation, and maintenance of the company's information security architecture. Conduct regular risk assessments and vulnerability scans to identify potential security threats and vulnerabilities and develop mitigation strategies. Develop and implement the company's Cyber crisis management Plan, Critical information infrastructure protection plan, incident response plan and disaster recovery plans. Develop and maintain a security awareness and training program for employees, security team and other stakeholders. Ensure compliance with all regulatory and legal requirements related to information security, including CEA's Cyber Security Guidelines, NCIIPC guidelines, ISO standards and data privacy and protection laws (DPDPA Act). Establish and maintain strong working relationships with internal and external stakeholders, including regulatory bodies, auditors, and external security vendors and service providers. Manage and oversee the security operations team, including the security operations centre (SOC), security analysts, and security engineers. Develop and maintain metrics and reports to monitor the organization's information security posture and communicate security-related information to senior management and the board of directors. Identify, mitigate and monitor information security risks to the company's operations, assets, and reputation and accordingly implement improvement initiatives. Manage the company's information security budget and ensure that resources are allocated effectively. Qualifications: Bachelors or Master's degree in Computer Science, Information Technology, or a related field. Preferred to have professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Ethical Hacker (CEH). 7+ years of experience in information security, with at least 2 years in a leadership role. Experience in developing and implementing information security strategies, policies, and guidelines in accordance with regulatory requirements and industry best practices, including Cyber Crisis Management Plan (CCMP), Vulnerability Assessment & Penetration Testing (VAPT) and procedure for identification of Critical Information Infrastructure (CII) , to deal with Cyber crises, contingencies and disasters, attack on IT & OT systems etc. In-depth knowledge of the power sector's cyber security guidelines, including CEA's Cyber Security Guidelines and NCIIPC guidelines. Experience in common information security management frameworks, such as ISO/IEC 27001, and NIST including cyber security standards for operational technology (OT) such as ISA/IEC 62443, and ISO/IEC 27019. Strong communication and leadership skills, with the ability to effectively manage a team and communicate complex information to non-technical stakeholders. Experience in managing information security audits, reviews, log analysis and coordinating responses with internal and external stakeholders. Familiarity with relevant regulatory and legal requirements related to information security, including IT Act, data privacy, protection laws and associated Rules. Strong analytical and problem-solving skills, with the ability to identify and mitigate potential security threats and vulnerabilities. Experience with Renewable Energy (Solar, Wind, Hybrid) Operational and IT infrastructure and its security management.

Location: Pune Experience Required: 4-5 years Company: Incred Money (www.incredmoney.com) Industry: Fintech / Financial Services About IncredMoney.com IncredMoney.com is a fast-growing digital wealth and investment platform empowering users with smart, simplified financial tools. We are passionate about financial inclusion, investor transparency, and secure digital experiences. As we scale, security remains central to our missionand thats where you come in. Role Summary We are looking for a dynamic and hands-on Senior Infosec Engineer who will be responsible for leading and implementing our information security and cyber-risk strategy. The ideal candidate will have strong experience in fintech or financial services, knowledge of regulatory frameworks (like RBI, SEBI), and the ability to build secure digital systems while enabling growth and innovation. Key Responsibilities Own and lead the companys overall information security strategy. Build and implement policies, procedures, and controls aligned with industry best practices (e.g., ISO 27001, NIST, OWASP). Perform risk assessments, security audits, and regular vulnerability assessments of applications and infrastructure. Collaborate with engineering, DevOps, and product teams to embed security into the SDLC. Oversee data protection strategies (encryption, backups, data access) and ensure regulatory compliance (e.g., RBI, SEBI, GDPR, PCI-DSS if applicable). Manage internal and external security audits and ensure remediation of findings. Lead incident response planning and execution, including root cause analysis and post-mortem reviews. Evaluate and onboard security tools (e.g., SIEM, WAF, DLP, endpoint security). Build a security-first culture through training and awareness programs across teams. Serve as the primary point of contact for security with partners, auditors, and regulators. Key Requirements 4–5 years of progressive experience in Information Security, with at least 2 years in a leadership or ownership role. Strong understanding of cloud security (AWS preferred), web/mobile application security, and data privacy. Hands-on experience with firewalls, VPNs, intrusion detection/prevention systems, and endpoint protection tools. Familiarity with regulatory and compliance frameworks (especially RBI/SEBI guidelines for fintech). Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. Industry certifications like CISSP, CISM, CEH, or ISO 27001 LA are a strong plus. Excellent communication and stakeholder management skills. Preferred Skills Prior experience in fintech, wealth-tech, or BFSI domain. Experience leading security in a startup or early-stage company. Knowledge of DevSecOps practices and CI/CD pipeline security.

Design, implement, and manage security solutions, tools, and processes to protect infrastructure and data. Monitor systems for security breaches, threats, abnormal activities. Conduct vulnerability assessments, penetration testing, and risk analysis

Your Career We are looking for a highly motivated and customer-focused professional. As part of the global Cortex XDR support team, you will serve our customer base providing technical support, by answering incoming support inquiries and managing escalations, phone calls, and emails in an effective, efficient, and friendly manner within defined service level agreements. Your Impact Respond to user-reported issues in adherence to established Service Level Agreements Triage customer reported issues and respond to them via ticketing system, phone or remote sessions Perform advanced troubleshooting at the application level and OS level, using your knowledge and relevant expertise Identify the area of fault (code, environment, or configuration) and work with the appropriate team(s) implementing the fix Provide timely feedback into the development process on customer-reported product problems Document actions to effectively communicate information internally and to customers Facilitate root cause investigations and manage the implementation of corrective and preventative measures Qualifications Your Experience BE/B.Tech engineering, equivalent technical degree or equivalent or equivalent military experience required Minimum 3+ years of relevant experience in network or security products Able to troubleshoot and be a problem solver with analytical proficiency Vast knowledge on Security Technologies, Endpoint prevention Excellent customer service skills Previous experience in at least one customer-facing technical support position as Support Engineer or as Escalations Engineer in Cybersecurity Must have knowledge and experience in network/Cybersecurity industry Additional Information The Team Our technical support team is essential to our success and mission. As part of this team, you enable customer success by providing support to clients after they have purchased our products. Our dedication to our customers doesn't stop once they sign - it just evolves. Our technical team provides the behind-the-scenes support to meet our customer's needs. As threats and technology evolve, we stay in step to accomplish our mission. You'll be involved in implementing new products, transitioning from old products to new, and will fix integrations and critical issues as they are raised - in fact, you'll seek them out to ensure our clients are safely supported. We fix and identify technical problems, with a pointed focus of providing the best customer support in the industry. We're a fast-growing, immensely successful organization because of our people and products (built and supported by our people). We work the frontlines against cyberthreats and attacks, protecting every day transactions in the digital environment. It means we're good at scaling quickly to new threats, get fulfillment from resolving new problems, and think about things just plain differently.

- Information Security Manager shall be primarily responsible to : - Run and manage the BAU security infosec operations - Create and maintain ISMS Policy and Process documents - Ensure Infosec compliance with RBI and other regulatory agencies - Participate in IT Infosec Audits and ensure closure of observations within given timeliness - Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations - Identifying and evaluating new IT security technologies and services and implementing it - Ensure cyber security related polices and technologies are in place - Conducting regular Inforsec Awareness within users in the organization - The person needs to work closely with the CISO and other stakeholders Risk, IT and Audit teams. - The position will based at CreditAccess Grameen HQ in Bangalore, and may require short term travel on need basis to other CAGL offices. Key Accountability: - Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security - Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level - Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness -Tracking and reporting key risk indicators defined for IT processes - Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements - Create Review ISMS policy and process - Implement Strategic IT Infosec projects to strengthen the overall IT Security posture at CAGL. Mandatory Key Skills Information Security Manager,Infosec Audit,VAPT,cyber security,IT security management,system administration,Information Security*

Your Career We are looking for a highly motivated and customer-focused professional. As part of the global Cortex XDR support team, you will serve our customer base providing technical support, by answering incoming support inquiries and managing escalations, phone calls, and emails in an effective, efficient, and friendly manner within defined service level agreements. Your Impact Respond to user-reported issues in adherence to established Service Level Agreements Triage customer reported issues and respond to them via ticketing system, phone or remote sessions Perform advanced troubleshooting at the application level and OS level, using your knowledge and relevant expertise Identify the area of fault (code, environment, or configuration) and work with the appropriate team(s) implementing the fix Provide timely feedback into the development process on customer-reported product problems Document actions to effectively communicate information internally and to customers Facilitate root cause investigations and manage the implementation of corrective and preventative measures Qualifications Your Experience BE/B.Tech engineering, equivalent technical degree or equivalent Minimum 3+ years of relevant experience in network or security products Able to troubleshoot and be a problem solver with analytical proficiency Vast knowledge on Security Technologies, Endpoint prevention Excellent customer service skills Previous experience in at least one customer-facing technical support position as Support Engineer or as Escalations Engineer in Cybersecurity Must have knowledge and experience in network/Cybersecurity industry

Your Role We are seeking a highly skilled Product Security Specialist with 6 - 15 years years of experience to join our Cybersecurity team for Pan India location . The ideal candidate will play a critical role in embedding security into the product development lifecycle, ensuring compliance, and driving strategic risk management across platforms. Evaluate software/product architecture to ensure security is embedded from the design phase. Develop cybersecurity artifacts such as threat models and lead mitigation discussions. Support engineering teams in triaging and resolving product vulnerabilities. Coordinate internal and external security assessments, including VAPT. Assist in implementing product security and privacy policies, standards, and procedures. Ensure compliance with security and privacy requirements and verify protection measures. Guide resolution of audit findings and ensure timely closure. Provide strategic advisory support for product and information security. Participate in incident response and assess risk and impact of breaches. Review engineering changes and feature requests for security implications. Collaborate with tech leads and architects to ensure secure product development. Your Profile Strong experience in application, mobile, network, OS, and cloud security Proficiency in AWS security, including AWS Solution Architect Associate and Security Specialty certifications. Hands-on expertise in static/dynamic code analysis, container security, and Kubernetes. Familiarity with security frameworks and standards like NIST 800-53, CIS/STIG, HI-TRUST, and SOC2. Knowledge of cryptography, PKI, OAUTH, 2FA, and secure software development lifecycle (SDLC). What you'll love about working here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. At Capgemini, you can work oncutting-edge projectsin tech and engineering with industry leaders or createsolutionsto overcome societal and environmental challenges.

Role & responsibilities Current knowledge of application security best practices, common exploits and threat landscape. Assess an organization's risk posture based on the resident vulnerabilities and prioritize courses of action to risk. Experience with application threat modeling or other risk identification techniques>Good Knowledge of security management, network & protocols, data and application security solutions. Manage the life cycle of application security vulnerabilities, from identification to validation ,remediation and perform a deep technical analysis of vulnerabilities and associated exploits. Provide technical support to system owners to propose mitigation and remediation solutions to identified vulnerability and security issues for different security tools. Application Code review and reporting of the vulnerabilities and Experience with one or more enterprise vulnerability scanning tools. Solid Understanding of vulnerability and threat management and importance of strong process and documentation of VM Workflow. Identifying opportunities for automation, process integration, and Excellent written and verbal communication skills to draft and present comprehensive vulnerability assessment reports.>Nice to have knowledge about Kubernetes, along with the container build pipeline and repository platform. Identify, test, and report security weaknesses in networks, systems and applications. Preferred candidate profile 1) Participation in Bug Bounty or Hackathons (Registered Through BugCrowd, hacker rank, hacker one, Yes We Hack) 2) CEH Certified (Preferred) 3) Public publishes on VA/PT etc (Website, LinkedIn, Social Media) Perks and benefits

Roles and Responsibilities : Conduct penetration testing (penetration testing) of IoT devices and systems to identify vulnerabilities and weaknesses. Develop and execute custom scripts using Python programming language for automating tasks related to VAPT (Vulnerability Assessment & Penetration Testing). Collaborate with cross-functional teams, including development, operations, and security teams to ensure effective implementation of cybersecurity measures. Analyze results from pen tests and provide detailed reports on findings, recommendations for remediation, and mitigation strategies. Job Requirements : 3-10 years of experience in IT services & consulting industry with expertise in cyber security, IoT testing, OSCP certification preferred. Strong understanding of penetration testing methodologies and tools such as Nmap, Nessus, Metasploit etc. . Proficiency in Python programming language with knowledge of scripting languages like Bash/Shell Scripting.

T o ensure youre set up for success, you will bring the following skillset & experience: 3+ years of experience in penetration testing, SAST, DAST, VAPT, Threat Modelling , OWASP. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services

Information Security Manager shall be primarily responsible to : - Run and manage the BAU security infosec operations - Create and maintain ISMS Policy and Process documents - Ensure Infosec compliance with RBI and other regulatory agencies - Participate in IT Infosec Audits and ensure closure of observations within given timeliness - Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations - Identifying and evaluating new IT security technologies and services and implementing it - Ensure cyber security related polices and technologies are in place - Conducting regular Inforsec Awareness within users in the organization The person needs to work closely with the CISO and other stakeholders Risk, IT and Audit teams. The position will based at CreditAccess Grameen HQ in Bangalore, and may require short term travel on need basis to other CAGL offices. Key Accountability: Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness Tracking and reporting key risk indicators defined for IT processes Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements Create Review ISMS policy and process Implement Strategic IT Infosec projects to strengthen the overall IT Security posture at CAGL Mandatory Key Skills BAU,ISMS Policy,IT Infosec Audits,VAPT,cyber security,CISO,Risk,IT Audit,Information Security.

Experience: 8+ YearsJob Description Identity & Access Management (IAM) Manage and support identity platforms including Active Directory, Azure AD, and Okta Implement RBAC, least privilege principles, and automated provisioning/deprovisioning Conduct periodic access reviews and support access certification processes Integrate IAM controls into application and cloud environments Security Engineering & Tooling Administer and optimize Mimecast, OKTA, Microsoft Defender, Intune, and other endpoint/cloud security tools Manage SIEM tools including rule tuning, log ingestion, and correlation Implement and automate application code reviews using security scanning tools (eg, SAST, DAST) Perform application security testing and contribute to threat modeling and risk evaluations Lead cloud control monitoring, data protection measures, and compliance reporting