827 Vulnerability Assessment Jobs - Page 15

Perform application/network penetration testing, vulnerability assessments and source code reviews. Profile an application/network, identifying threats, and developing test cases to target identified threats Identify and exploit vulnerabilities in applications and networks Manage project timelines, deadlines and expectations - including client interactions Prepare reports documenting identified issues based on internal templates Interact with clients to deliver results, provide feedback and remediation recommendations on findings. Research emerging security topics and new attack vectors Perform and review hardening of the systems and network devices. Monitoring of Critical Security alerts and reporting (IPS/ WAF/ Antivirus / Proxy Etc...) and performing log review from critical devices. Send advisories on new security alerts (Malware / Spywares etc..)

Location: Pune Experience Required: 5-7 years Company: Incred Money (www.incredmoney.com) Industry: Fintech / Financial Services About IncredMoney.com IncredMoney.com is a fast-growing digital wealth and investment platform empowering users with smart, simplified financial tools. We are passionate about financial inclusion, investor transparency, and secure digital experiences. As we scale, security remains central to our missionand thats where you come in. Role Summary We are looking for a dynamic and hands-on Senior Infosec Engineer who will be responsible for leading and implementing our information security and cyber-risk strategy. The ideal candidate will have strong experience in fintech or financial services, knowledge of regulatory frameworks (like RBI, SEBI), and the ability to build secure digital systems while enabling growth and innovation. Key Responsibilities Own and lead the company’s overall information security strategy. Build and implement policies, procedures, and controls aligned with industry best practices (e.g., ISO 27001, NIST, OWASP). Perform risk assessments, security audits, and regular vulnerability assessments of applications and infrastructure. Collaborate with engineering, DevOps, and product teams to embed security into the SDLC. Oversee data protection strategies (encryption, backups, data access) and ensure regulatory compliance (e.g., RBI, SEBI, GDPR, PCI-DSS if applicable). Manage internal and external security audits and ensure remediation of findings. Lead incident response planning and execution, including root cause analysis and post-mortem reviews. Evaluate and onboard security tools (e.g., SIEM, WAF, DLP, endpoint security). Build a security-first culture through training and awareness programs across teams. Serve as the primary point of contact for security with partners, auditors, and regulators. Key Requirements 4–7 years of progressive experience in Information Security, with at least 2 years in a leadership or ownership role. Strong understanding of cloud security (AWS preferred), web/mobile application security, and data privacy. Hands-on experience with firewalls, VPNs, intrusion detection/prevention systems, and endpoint protection tools. Familiarity with regulatory and compliance frameworks (especially RBI/SEBI guidelines for fintech). Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. Industry certifications like CISSP, CISM, CEH, or ISO 27001 LA are a strong plus. Excellent communication and stakeholder management skills. Preferred Skills Prior experience in fintech, wealth-tech, or BFSI domain. Experience leading security in a startup or early-stage company. Knowledge of DevSecOps practices and CI/CD pipeline security.

Review of latest vulnerabilities and if found more critical/exploitable pushfor faster remediation. Review of alerts/inputs/reports from Threat intelligence vendors (CurrentlyCyberInt) and take appropriate actions. Compile share/IOCs. Verify if these are applied/blocked at SOC/tools levels. New threats/IOC are added at tool level (e.g., any new file types to be blockedat Email/Zscaler etc.) Review any emerging threats, threat actors, specific attacks, OSINT/otherinformation sources. Interface with IT team/project team (in some case) for remediation ofvulnerabilities/threats Review, improve overall SLA compliance, SLA reporting. Share periodic inputs for the SOC monitoring enhancements. Review usage of third-party applications by end users and provide securityclearance as applicable and notify patching team and endpoint security team. Zscaler Proxy, SOC Monitoring, Cyber Threat Hunting, Cyber Security Assessment Consulting, Vulnerability Assessment, Vulnerability Mitigation, Penetration Testing. Review of latest vulnerabilities and if found more critical/exploitable push for faster remediation. Review of alerts/inputs/reports from Threat intelligence vendors (Currently CyberInt) and take appropriate actions. Compile share/IOCs. Verify if these are applied/blocked at SOC/tools levels. New threats/IOC are added at tool level (e.g., any new file types to be blocked at Email/Zscaler etc.) Review any emerging threats, threat actors, specific attacks, OSINT/other information sources. Interface with IT team/project team (in some case) for remediation of vulnerabilities/threats Review, improve overall SLA compliance, SLA reporting. Share periodic inputs for the SOC monitoring enhancements. Review usage of third-party applications by end users and provide security clearance as applicable and notify patching team and endpoint security team.

Education Criteria (Must): B.Sc (IT/CS) / B.Tech in any Engineering background, BCA, MCA M.Sc. Information Technology, or related field. CEH, CISSP, CISA, CISM, CRISC (If any security related certification) 11-15 years of experience in Application Security, Network Security, and IT Risk Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. Lead and manage the AppSec team consisting of L1 and L2 resources. Serve as the primary point of contact between the Client and the team for all project-related activities. Monitor daily operations, ensure resource optimization, and address any issues that arise during the engagement. Application Security Review - Oversee the review of application security including web, mobile, API, and other banking applications. Perform comprehensive reviews of Network Architecture, Source Code, VAPT reports, and configuration audits. Review deliverables from L1 and L2 resources, ensuring completeness and quality. Compliance and Risk Management Reporting Stakeholder Management Skill-Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, OWASP ZAP, Ethical Hacking, Static/dynamic testing of mobile applications, Vulnerability Mitigation.

Consultant Company shall perform the following Core Services as requested byCantor Tech from time to time Application penetration testing Code reviews Network security testing Software composition analysis (SCA) of any and all software installed in CantorTechs servers and machines as indicated by Cantor Tech from time to time Secure code review for static application security testing (SAST) and anysecure code review Dynamic application security testing (DAST) for any and all applications, including web applications, APIs and microservice penetration testing, asindicated by Cantor Tech from time to time Secure SDLC, Static/dynamic testing of mobile applications, Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing. Consultant Company shall perform the following Core Services as requested by Cantor Tech from time to time Application penetration testing Code reviews Network security testing Software composition analysis (SCA) of any and all software installed in Cantor Techs servers and machines as indicated by Cantor Tech from time to time Secure code review for static application security testing (SAST) and any secure code review Dynamic application security testing (DAST) for any and all applications, including web applications, APIs and microservice penetration testing, as indicated by Cantor Tech from time to time

Hands-on experience on vulnerabilities and should know Life Cycle ofvulnerabilities, Perform data validation and prioritization The core team will work with the Program Manager for any emergency vulnerabilities and will work with all stakeholders with high-priority Validate the report for any anomalies Categorization of Vulnerabilities Validate Ageing of Vulnerabilities Validate Remediated Vulnerabilities Provide the patching Schedule, and classify based on criticality, OS, and Non-OS, and further sub-classify into config, registry and application vulnerabilities categories on a timely basis Prepare the teams shift roster based on the patching schedule Identify Vulnerabilities still shown as open despite remediation and raise withthe infosec team - update InfoSec Issue Trackers Identify Vulnerabilities and create Fixlets where solutions exist Work on and call out Known issues on KBs Provide technical solutions to all Vulnerabilities and engage with SMEfor any critical discussions Vulnerability Assessment, Vulnerability Mitigation, Static/dynamic testing of mobile applications, Cyber Security Assessment Consulting, Penetration Testing, Manual Penetration Testing using OWASP checklists. The core team will work with the Program Manager for any emergency vulnerabilities and will work with all stakeholders with high-priority

Assist in defining security Policies Standards and reference Architecture for Network design and deployment related to above technologies. Proactive analysis of Network for secure deployments, secure configurations against Global Security Best Practices. Assisting network design team with security inputs while designing an architecture for new offices/ branches/ data centres etc. for Security by Design. Developing network security standards and guiding network design to meet corporate requirements. Strategize and formulate high and low-level monitoring mechanism for security posture of network deployments and advise measures to improve them. Possess and maintain technical knowledge of aspects of DDoS mitigation, NAC, Internet Proxy, DNS etc. Conducting analysis of network security and Strategize and formulate high and low-level monitoring mechanism for DDoS mitigation, NAC, Internet Proxy, DNS. Taking proactive measures for enhancing the security posture of the Bank's network by studying the vulnerabilities issued/ published by various OEMs, internal and external agencies such as CERTetc. Working with internal and external business stakeholders on ensuring that IT infrastructure meet global network security standards. Produce and track metrics for the effectiveness and maturity of Secure network deployments.

Vulnerability Assessment, Vulnerability Mitigation, Manual Penetration Testing using OWASP checklists, Penetration Testing, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Cyber Security Perform comprehensive penetration testing and vulnerability assessments on enterprise networks, firewalls, routers, switches other infrastructure components Identify and exploit vulnerabilities to assess the security posture of network components Provide detailed reports with risk ratings, remediation steps, and security recommendations Work with IT DevOps teams to ensure timely resolution of vulnerabilities Utilize industry-standard tools such as Nessus, Nmap, Metasploit, Burp Suite, Wireshark, Open VAS Implement and manage vulnerability scanning solutions across the organization Collaborate with IT, DevOps security teams to ensure patches and mitigations are applied effectively Conduct security assessments for cloud environments (AWS, Azure, GCP) including configuration audits Identify misconfigurations, privilege escalations security risks in cloud infrastructure Implement continuous monitoring logging solutions for cloud security visibility

Atlas Energy - Cybersecurity Analyst Security Analyst - Threat Management and Vulnerability Assessment Seeking a skilled Security Analyst (4-6 years) specializing in threatmanagement and vulnerability assessments. The ideal candidate will haveexperience with Defender for Cloud (migration from L1 to L2), Rapid7, andIntune, and a foundational understanding of Operational Technology (OT)systems, particularly the Dragos platform. This role involves advanced threatdetection and remediation, vulnerability assessments, patching, and hardeningtasks. Qualifications: - Experience with Defender for Cloud and Rapid7. - Proficiency in vulnerability assessments, patch management, and systemhardening. - Familiarity with Intune and Rapid7 agent deployment issues. - Basic understanding of OT systems and security, particularly the Dragosplatform. - NIST controls implementation. - Excellent communication and documentation abilities. Shift Timing - US CST hours

Dedicated lead to work with the Happiest Minds Shared SOC team and ITteam to enhance the overall Incident response processes Run any critical incident response along with SOC and IT team Review and update the use caserepository as applicable to Happiest Minds Environment Work on root causeanalysis and remediations for alerts/incidents raised by customers Review andupdate existing automation playbooks Continuous updates of detectiontechniques Periodic threat hunting Use cases to prioritize based on thefindings from the threat and vulnerability management program

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Data Security Assessment Consulting Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies Prepare detailed reports on findings from simulations and suggest improvements Facilitate training sessions for internal teams on security awareness and breach response tactics

Windows, Linux OS We are looking for a skilled and proactive Security Analyst to join our Server and Vulnerability Management team The ideal candidate will possess expertise in identifying, assessing, and mitigating vulnerabilities across operating and non-operating systems The role requires proficiency in BigFix and Qualys, along with experience in providing solutions for vulnerabilities A strong background in scripting and the ability to conduct impact analysis for critical non-OS vulnerabilities is essential

Static Code analysis Static/dynamic testing of mobile applications Vulnerability Assessment Penetration Testing. SAST WebApp Penetration Testing vulnerability Assessment

Implementation and Deployment: - Design and deploy IDS (ARMIS)solutions tailored to OT environments. - Develop comprehensive deploymentarchitectures, ensuring seamless integration with existing systems. - Configure and optimize network andfirewall settings to support IDS deployments. Data Network Security - IDS, Cybersecurity.

Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, Static/dynamic testing of mobile applications, Static Code analysis Artifacts/Grey box Infra Activity (VA/CA) Windows Server - Performing Scanning and preparing reports - application Security Testing/ Infra VACA

Static Code analysis Static/dynamic testing of mobile applications Vulnerability Assessment Penetration Testing. SAST Penetration testing Vulnerability Assessment

Web App Pentesting SAST DAST and API. Static/dynamic testing of mobile applications Static Code analysis Vulnerability Assessment Penetration Testing

Aqua, Vulnerability Assessment, Vulnerability Mitigation - Applicants should possess 7+ years of demonstrated experience in cybersecurity, network engineering, and/or infrastructure engineering 5 of the years must include hands on experience in one or many of the following areas - threat intelligence, server vulnerability management and container vulnerability management - 3 plus years experience administering cloud container vulnerability solutions like Aqua or Wix is required Candidates without this experience will not be considered - 3+ years working with container technologies and container vulnerabilities is required Candidates without this experience will not be considered - Experience with scanning solutions such as Rapid7, Qualys, or Tenable scanning is desired - Understanding of MITRE ATTCK and OWASP frameworks is desired - Understanding of malware and common attack types is desired

Static/dynamic testing of mobile applications, Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, Cyber Security Assessment Consulting, Cloud Security Assessment 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms Notice: Immediate to 15 days

Penetration Testing, Manual Penetration Testing using OWASP checklists, Cloud Security Assessment, Security Configuration Review, Vulnerability Assessment, Vulnerability Mitigation, Cyber Security 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms

Headquartered in Canada with locations across the United States and around the globe with a footprint on six continents, Bulletproof, a GLI company has decades of technology, security, and compliance expertise. Bulletproofs work in the security space has been recognized nationally and globally with Microsofts global Security Partner of the Year in 2021 and five Microsoft Canada Impact Award wins from 2019 to present-day. At Bulletproof, our vision is to serve, secure, and empower the world through people and technology; one customer at a time. We believe everyone has the right to feel safe and secure. Our mission is to serve and protect organizations to ensure their success. What we have to offer : Challenging Work - We love solving highly complex problems. Across our teams and in all roles, every employee is empowered to bring their best ideas forward and to jump in and solve the problems they're passionate about. Great People - We are stronger, together, when we are open, honest, and above all, real. Every person is valued here and plays an important role in our shared success. Global Impact - As a global team spanning continents, boundaries, and cultures, every day we are inspired by the impact our work has on our colleagues, our customers, our communities, and the world at large. Diversity, Equity and Inclusion - We celebrate each others differences, continuously strive for equality and recognize that inclusion makes us stronger as individuals, a company and a global citizen. Position Summary: This position will work with Bulletproof employees to extract internal requirements for the configuration of an Audit Automation Platform. The candidate will need to define the best approach to configure those requirements within the chosen Audit Automation platform. This includes, but it is not limited to implementing checklists starting from a given technical standard, implementing report and audit plan templates and define workflow logic. Those requirements need to be maintained within the platform as the number of checklists served is increasing and as the audit methodology evolves. This position's main duties are regarding the configuration and maintenance of a chosen Audit Automation Platform. Responsibilities: Configure audit templates and checklists in the Audit Automation Platform Translate compliance frameworks (e.g., ISO 27001, NIST, SOC 2) into structured audit workflows Maintain and update templates based on evolving audit needs Support internal users and troubleshoot platform issues Document configuration guidelines and best practices Liaise with auditors and IT/security stakeholders to ensure audit readiness Develops and reviews security audit reports for quality assurance. Collaborating with clients to develop appropriate remediation plans. Collaborating with colleagues in other lines of services in support of client needs for Information Security Services. Follows, maintains and suggests improvements to standard operation procedures (SOP) Follows, maintains and suggests improvements to workflow and Audit Automation Platform interface Provides clients with exceptional service in a professional, courteous and timely manner. Perform other related duties as assigned. Defines the scope for information security audit assignments. Support the team technical development (e.g. through service development or research) and contribute to technical processes overall. Required Education / Credentials / Qualifications: Degree in Computer Science, Information Systems, Engineering or related major from an accredited University or equivalent College Diploma and related experience. Prior experience with audit or compliance automation tools (experience with AuditBoard, Vanta, Drata or Intact Platform is a plus) Familiarity with IT/IS audit and compliance standards (ISO 27001, NIST, SOC 2, etc.) Strong skills in configuring structured templates and workflows Ability to understand and map audit requirements into platform configurations Detail-oriented, organized, and self-motivated Clear written and verbal communication in English Must have in-depth experience designing and implementing information security solutions. The following skills are preferred but not required: Basic scripting or low-code experience (depending on customization features) Experience working with internal IT or security teams Familiarity with other GRC tools or platforms

This will be an Individual Contributor role to start and can evolve over time based on how this function matures. You will play a critical role in the companys tech infrastructure, processes which will be fully aligned with regulatory, security and business continuity standards. Key Responsibilities Draft, coordinate monitor IT processes policies to ensure compliance as per IT Act, regulatory bodies (e.g. RBI, SEBI, GDPR, UIDAI etc.), info security (ISM) guidelines and other applicable laws with respect to Technology, in coordination with internal external stakeholders Prepare update business-wise IT infra details required by the Compliance/Legal teams for regulatory filings and 3rd party audits Conduct vendor risk assessment audits ensure identified gaps are proactively filled Introduce new processes policies by conducting market studies surveys relevant to our business Plan, formulate, coordinate, implement monitor the cyber crisis management plan (CCMP) Incident Management and resolution Interface with external auditors and set up processes to ensure all Infosec audits go smoothly Formulate, implement, review monitor BCP Requirements 4-6 years of experience, including being SPOC for Infosec audits In-depth knowledge of technology, security, risk, and compliance best practices Strong capability in interfacing with both technology and business teams Detailed understanding of security monitoring, threat intelligence vulnerability management A self-driven attitude with a strong sense of ownership Experience with RBI and/or SEBI (preferred) audits is a big plus Assisting the team to conduct Technology Committee Assisting the Risk Officer to conduct independent assessments of the business functions Provide timely data for Risk Management Committee

You are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following: o Understand and be compliant with the Service Level Agreements defined for the DevSecOps services; o Understand and deep knowledge of application security engineering principles, and helping clients development team and function to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes; o Well versed with the application deployment and configuration baselines, and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations; o Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service; o Perform manual and automated security assessment of the applications; o Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets; o Be a liaison between the Application development and infrastructure team, and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; o Identifying, researching and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and o Performing active monitoring and tracking of application related threat actors and tactics, techniques and procedures (TTPs), that could likely cause an impact to client organization

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps.

As a Product Security Engineer, you'll to ensure the security of GRAVTY throughout the development lifecycle. In this role, you will work closely with Engineering, DevOps, and Product teams to design and implement security controls, identify vulnerabilities, and drive secure coding practices. Your responsibilities will include and not limited to Conduct Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, API, and infrastructure. Think like an attacker and simulate advanced threat scenarios to proactively identify security gaps. Utilize leading security tools such as Burp Suite, Acunetix, OWASP ZAP, Snyk, Wiz, and others. Leverage offensive security platforms and toolkits like Wireshark, Metasploit, Kali Linux, and more. Perform API and mobile platform security testing, including vulnerability discovery and exploit validation. Execute and document Open-Source Intelligence (OSINT) investigations. Collaborate closely with DevOps/Engineering to integrate security tools into CI/CD pipelines and promote DevSecOps best practices. Contribute to secure coding reviews and vulnerability triage, and assist in patch, compliance, and access control management. Monitor and respond to production security alerts and assist with security incident handling. To be successful in this role, you should have A bachelors degree in Engineering, preferably CS/IT. 3-6 years of proven experience in penetration testing and vulnerability management. Minimum of 1-3 years of experience in Red Teaming Strong coding/scripting proficiency in Python, Java, Ruby, or similar. Familiarity with AWS cloud, Linux systems, Docker containers, and infrastructure security practices. Exposure to DevSecOps, including implementing security tools in CI/CD, and production environment protection. Experience in Secure Development Lifecycles, access controls, and patch compliance frameworks. Industry-recognized certifications like CEH, eWPT, eWPTX, or equivalent are a plus. Excellent analytical, communication, and collaboration skills. A curious mind, a passion for security, and a knack for staying one step ahead of adversaries.