591 Metasploit Jobs

hackajob is collaborating with Comcast to connect them with exceptional tech professionals for this role. Comcast brings together the best in media and technology. We drive innovation to create the world's best entertainment and online experiences. As a Fortune 50 leader, we set the pace in a variety of innovative and fascinating businesses and create career opportunities across a wide range of locations and disciplines. We are at the forefront of change and move at an amazing pace, thanks to our remarkable people, who bring cutting-edge products and services to life for millions of customers every day. If you share in our passion for teamwork, our vision to revolutionize industries and our goal to lead the future in media and technology, we want you to fast-forward your career at Comcast. Job Summary Responsible for planning and designing new software and web applications. Analyzes, tests and assists with the integration of new applications. Oversees the documentation of all development activity. Trains non-technical personnel. Assists with tracking performance metrics. Provides guidance and support to other Engineers. Integrates knowledge of business and functional priorities. Acts as a key contributor in a complex and crucial environment. May lead teams or projects and shares expertise. Job Description Core Responsibilities Perform vulnerability scanning and penetration testing across diverse systems, applications, technologiesand environments. Identifyprogram improvement opportunities and develop processes to mature and scale the Pen Testing program. Present thought leadership in new and emerging advanced security trends, vulnerabilities and attack techniques. Lead security research and development efforts and provide technical leadership. Develop remediation strategies and architect solution to challenging cybersecurity gaps. Execute application penetration tests for APIs, mobile SDKs, cloud environments and web applications from both open and closed-box perspectives. Analyze and prioritize findings based on the Common Vulnerabilities and Exposures (CVE) database, the Common Vulnerability Scoring System (CVSS) and internal Risk Rating system. Contribute to and maintain the team’s tools, labs, and attack infrastructure; actively share knowledge through internal wikis and repositories. Effectively communicate findings and recommendations to both technical and non-technical stakeholders, preparing comprehensive reports and presentations. Stay informed on the latest cybersecurity trends, techniques, and vulnerabilities by following industry publications and threat feeds. Employees At All Levels Are Expected To 12+ years of experience in penetration testing with hands-on experience using tools like Burp Suite, Metasploit, Nessus, Nmap, etc. Extensive experience in strategic planning and executing large-scale, enterprise-wide security initiatives to address complex security challenges. Proven experience in leading security research and development initiatives. Contributions such as research publications, CVEs, CTF participation, and conference presentations are considered valuable additions. Demonstrated ability to work independently on complex assessments while collaborating with cross-functional teams. Proven expertise in mentoring and providing guidance to junior team members.Advanced proficiency in cloud platforms - AWS, GCP, Azure and mobile app security testing. Complete understanding of the OWASP Top 10, CVSS, and CVE databases. Strong scripting experience with Python, Bash, Ruby, C/C++, C#, or Java to automate testing processes and streamline remediation. Hands-on experience with Kubernetes and a solid understanding of hardware communication protocols (e.g., I2C, SPI, UART) are a plus. Strong analytical, problem-solving, and communication skills, with attention to detail and a proactive mindset. Strong presentation skills Certifications such as: OSCP, OSWA, OSWE or similar. Disclaimer This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications. Comcast is an EOE/Veterans/Disabled/LGBT employer. Comcast is proud to be an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law. Base pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits to eligible employees. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That’s why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality - to help support you physically, financially and emotionally through the big milestones and in your everyday life. Education Bachelor's Degree While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience. Relevant Work Experience 10 Years +

About the Role: Duration: 6 months Notice Period: (Immediate Joiner - Only) (General Shift & UK shift), 5days work from the Office, a Cab facility is there. Job responsibilities: Conducting and coordinating comprehensive Attack Surface Discovery, Penetration tests, and Cloud on system and network levels, employing advanced ethical hacking techniques. Application Penetration Testing (Browser-based, API, Mobile, IoT) Threat Modeling Source Code Review Perform penetration testing on web applications and APIs (internal and external) to identify, assess, and report on vulnerabilities in their applications. Perform red team exercises to determine weaknesses in the clients infrastructure and how it should be remediated. Organizing and delivering technical security operational briefings for both technical and non-technical audiences. Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics. Dynamic application security testing (DAST) scans on the identified targets without credentials. Perform credentialed DAST scans on known client URLs. Research to identify new attack vectors. Review and provide feedback for all Security Artifacts. Play a critical role in building an AppSec program that has a wide scope and impact. Researching open-source emerging technologies, developing required frameworks and capabilities to perform red team exercises on new technologies adopted by clients. Preparing and delivering clear, accurate, and concise written and oral technical reports for management. Job specifications: Qualification: Bachelors degree in Engineering or closely related coursework in technology development disciplines Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable Experience: Total Experience 4+ years Desired Skills: Knowledge and Experience: Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified Expert (OSCE). A thorough understanding of the Secure Development Life Cycle Have comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10), diverse application attack vectors, security testing processes, and both wired and wireless network security protocols. Have familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App Detective, Web Inspect, etc.) Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g., AWS, GCP, etc.) Mobile platform penetration testing tradecraft and methodologies across widely-used platforms (iOS and/or Android). Microservices testing Ability to find and exploit bugs in: C++, Java, JavaScript, Go, and Python Kubernetes, AWS, GCP, or Azure Memory management, namespaces, cgroups, etc. Passion for writing code to solve problems, combined with an interest in Offensive Security. Ability to demonstrate a strong background in one of the following languages: Golang, Python, Java, JavaScript, C++, C Personal Attributes: Self-starter and quick learner requiring minimal ramp-up Excellent analytical, written, oral, and interpersonal communication skills Highly self-motivated, self-directed, and attentive to detail Ability to effectively prioritize and execute tasks in a high-pressure environment Strong communications skills to comfortably work cross-functionally across the organization.

Dear All, We are hiring for one of our MNC Product Based Company in Bangalore location ... Please find below more about this job details Also, Please follow us on below given our company Linkedin URL for more daily job updates https://www.linkedin.com/company/hirednext-recruitment-service/ Penetration Tester Experience : 4 to 8 Yrs Skills :OSCP or CRTP Certified,Burp Suite, Metasploit,Nmap, Nikto, SQLmap, John the Ripper, Hydra,Python, Bash, PowerShell, MITRE ATT&CK, NIST, and STRIDE,Python, Bash, or PowerShell,linux,windows JD: Perform penetration testing and security assessments of web applications, APIs, Android, IOS, cloud infrastructure, embedded systems, and network environments. Conduct threat modelling and vulnerability assessments during different stages of the software development lifecycle (SDLC). Simulate real-world attacks to identify potential security weaknesses in enterprise and automotive systems. Provide detailed and well-documented reports of findings with actionable remediation guidance. Collaborate with development, architecture, DevOps, and infrastructure teams to mitigate vulnerabilities and strengthen security controls. Perform retesting to validate resolved vulnerabilities. Stay current on latest attack techniques, vulnerabilities, and tools in the cybersecurity domain. Contribute to internal knowledge bases, red team frameworks, and automation of recurring testing processes. Minimum 4-5 years of professional experience in penetration testing, ethical hacking, or red teaming. Mandatory certification: OSCP or CRTP. Solid experience using penetration testing tools such as: Burp Suite Metasploit Nmap, Nikto, SQLmap, John the Ripper, Hydra, etc. Proficiency in scripting languages like Python, Bash, or PowerShell for automation. Strong understanding of: OWASP Top 10 vulnerabilities Secure coding practices Network protocols and architecture Web and mobile application security Experience working in Linux and Windows environments. Familiarity with threat modelling and security frameworks like MITRE ATT&CK, NIST, and STRIDE. Best Regards, Prathyusha B pratyusha@hirednext.info Recruitment Executive

Experience: 5+ years Qualification: MCA/ BE/ BTech / ME/MTech (Preferably in Comp Sc/IT/ Cybersecurity) Technical Skills Required Mandatory: Expertise in web, mobile, and API security with a strong understanding of security-by-design principles. Proficiency in Python, Ruby, PowerShell, Bash, and Perl for security scripting. Solid foundation in network security and secure coding practices. 3+ years of experience in source code review and using static & dynamic analysis tools. Hands-on experience with security tools like Burp Suite, OWASP ZAP, SonarQube, Snyk, Checkmarx, and vulnerability scanners like Nessus, OpenVAS. Familiarity with Metasploit for penetration testing. Experience in security architecture reviews and enforcing secure coding guidelines. Skilled in incident analysis, root cause analysis, and risk assessment. Working knowledge of the STRIDE model and MITRE ATT&CK framework. Good to have: Experience in secure software development in .Net, Node.js, C, C++, and JavaScript. Knowledge of mobile security testing (MobSF) and cloud security. Familiarity with ISO 27001, industry standards, and product security certifications. Experience with threat modeling for VPN, VDI, MFA, and SSO products. Desirable Certifications: Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) Certified information systems security professional (CISSP) GIAC/GWAPT/GWEB Soft Skills Required Analytical thinking Problem solving Strong communication skills (written and verbal) Attention to detail Proactive, self-motivated Flexible/adaptable Role and Responsibilities: Lead and manage the application security program, including tools, assessments, and issue resolution. Integrate security into CI/CD pipelines and collaborate with development teams. Provide security training for developers, project managers, and product managers. Work with cross-functional teams to assess and resolve security issues within release cycles. Support security certifications like ISO27001, SOC2, CC, FIPS for Accops products. Conduct risk assessments, vulnerability analysis, and threat modeling. Review application design and architecture for security and compliance. Founded in 2012, Accops is a leading provider of secure remote access and digital workspace solutions, enabling organizations to maintain control and governance while offering flexibility to work from any device. Accops offers a comprehensive Digital Workspace suite that includes Zero Trust-based Application Access Gateway, End-User Computing (EUC) Virtualization via VDI, robust Identity & Access Management (IAM) solutions such as Multi-Factor Authentication (MFA) and Single Sign-On (SSO), and thin client hardware and software solutions. Accops addresses modern remote work challenges by delivering secure, instant access to business applications. Its solutions protect against network threats and unauthorized access, critical in today’s work-from-anywhere environment. Unlike traditional, multi-product approaches, Accops' pre-integrated suite reduces complexity and deployment time, ensuring faster and more agile implementation. Headquartered in Pune, Accops has become a significant player in the End-User Computing (EUC) virtualization domain, offering a one-stop solution for organizations seeking to deploy secure remote work infrastructures. Its products, including the Nano OS for secure containerization on BYOD devices, and extensive MFA and SSO capabilities, ensure robust data protection and strong identity management. Part of Jio Platforms Ltd, Accops continues to innovate and enhance digital workspace solutions with a focus on security, user experience, and operational efficiency. 𝘈𝘤𝘤𝘰𝘱𝘴 𝘪𝘴 𝘢𝘯 𝘦𝘲𝘶𝘢𝘭 𝘰𝘱𝘱𝘰𝘳𝘵𝘶𝘯𝘪𝘵𝘺 𝘦𝘮𝘱𝘭𝘰𝘺𝘦𝘳 𝘤𝘰𝘮𝘮𝘪𝘵𝘵𝘦𝘥 𝘵𝘰 𝘣𝘶𝘪𝘭𝘥𝘪𝘯𝘨 𝘢 𝘤𝘶𝘭𝘵𝘶𝘳𝘦 𝘸𝘩𝘦𝘳𝘦 𝘢𝘭𝘭 𝘦𝘮𝘱𝘭𝘰𝘺𝘦𝘦𝘴 𝘢𝘳𝘦 𝘷𝘢𝘭𝘶𝘦𝘥, 𝘳𝘦𝘴𝘱𝘦𝘤𝘵𝘦𝘥 𝘢𝘯𝘥 𝘰𝘱𝘪𝘯𝘪𝘰𝘯𝘴 𝘤𝘰𝘶𝘯𝘵. 𝘞𝘦 𝘦𝘯𝘤𝘰𝘶𝘳𝘢𝘨𝘦 𝘢𝘱𝘱𝘭𝘪𝘤𝘢𝘵𝘪𝘰𝘯𝘴 𝘧𝘳𝘰𝘮 𝘢𝘭𝘭 𝘴𝘶𝘪𝘵𝘢𝘣𝘭𝘺 𝘲𝘶𝘢𝘭𝘪𝘧𝘪𝘦𝘥𝘱𝘦𝘳𝘴𝘰𝘯𝘴 𝘪𝘳𝘳𝘦𝘴𝘱𝘦𝘤𝘵𝘪𝘷𝘦 𝘰𝘧, 𝘣𝘶𝘵 𝘯𝘰𝘵 𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘵𝘰, 𝘵𝘩𝘦𝘪𝘳 𝘨𝘦𝘯𝘥𝘦𝘳 𝘰𝘳 𝘨𝘦𝘯𝘦𝘵𝘪𝘤 𝘪𝘯𝘧𝘰𝘳𝘮𝘢𝘵𝘪𝘰𝘯, 𝘴𝘦𝘹𝘶𝘢𝘭 𝘰𝘳𝘪𝘦𝘯𝘵𝘢𝘵𝘪𝘰𝘯, 𝘦𝘵𝘩𝘯𝘪𝘤𝘪𝘵, 𝘳𝘦𝘭𝘪𝘨𝘪𝘰𝘯, 𝘴𝘰𝘤𝘪𝘢𝘭 𝘴𝘵𝘢𝘵𝘶𝘴, 𝘮𝘦𝘥𝘪𝘤𝘢𝘭 𝘤𝘢𝘳𝘦 𝘭𝘦𝘢𝘷𝘦 𝘳𝘦𝘲𝘶𝘪𝘳𝘦𝘮𝘦𝘯𝘵𝘴, 𝘱𝘰𝘭𝘪𝘵𝘪𝘤𝘢𝘭 𝘢𝘧𝘧𝘪𝘭𝘪𝘢𝘵𝘪𝘰𝘯, 𝘱𝘦𝘰𝘱𝘭𝘦 𝘸𝘪𝘵𝘩 𝘥𝘪𝘴𝘢𝘣𝘪𝘭𝘪𝘵𝘪𝘦𝘴, 𝘤𝘰𝘭𝘰𝘳, 𝘯𝘢𝘵𝘪𝘰𝘯𝘢𝘭 𝘰𝘳𝘪𝘨𝘪𝘯, 𝘷𝘦𝘵𝘦𝘳𝘢𝘯 𝘴𝘵𝘢𝘵𝘶𝘴, 𝘦𝘵𝘤. 𝘞𝘦 𝘤𝘰𝘯𝘴𝘪𝘥𝘦𝘳 𝘢𝘭𝘭 𝘢𝘱𝘱𝘭𝘪𝘤𝘢𝘵𝘪𝘰𝘯𝘴 𝘣𝘢𝘴𝘦𝘥 𝘰𝘯 𝘮𝘦𝘳𝘪𝘵 𝘢𝘯𝘥 𝘴𝘶𝘪𝘵𝘢𝘣𝘪𝘭𝘪𝘵𝘺 𝘵𝘰 𝘵𝘩𝘦 𝘳𝘰𝘭𝘦.

Position Title: QA Tester Location: Gurugram (Onsite) Employment Type: Full-time Job Description: We are seeking a skilled QA Tester with expertise in Vulnerability Testing to ensure the security, functionality, and reliability of our applications. The ideal candidate will have experience in penetration testing, security testing methodologies, automation, and compliance standards. Key Responsibilities: Develop and execute test cases, scripts, and security test plans for applications and APIs. Perform vulnerability assessments and penetration testing on web, mobile, and cloud-based applications. Identify security loopholes, conduct risk analysis, and provide actionable recommendations. Work closely with development and DevOps teams to ensure secure coding practices. Automate security testing and integrate it into CI/CD pipelines. Test applications for OWASP Top 10 vulnerabilities, SQL injection, XSS, CSRF, SSRF, etc. Utilize security tools such as Burp Suite, OWASP ZAP, Metasploit, Kali Linux, Nessus, etc. Conduct API security testing and validate authentication & authorization mechanisms. Document security vulnerabilities and collaborate with teams for remediation. Ensure compliance with industry standards like ISO 27001, GDPR, HIPAA, PCI-DSS where applicable. Required Skills & Qualifications: 3+ years of experience in Quality Assurance with a focus on Security & Vulnerability Testing. Strong knowledge of penetration testing tools and security frameworks. Experience with automated security testing in CI/CD (Jenkins, GitHub Actions, GitLab CI, etc.). Proficiency in manual and automated security testing of web and mobile applications. Familiarity with scripting languages like Python, Bash, or JavaScript for automation. Experience working with cloud platforms such as AWS, Azure, or GCP is a plus. Strong understanding of HTTP, APIs, authentication protocols (OAuth, JWT, SAML, etc.). Knowledge of network security, firewalls, and intrusion detection systems (IDS/IPS). Certifications like CEH, OSCP, CISSP, or Security+ are an added advantage. Educational Qualifications: Bachelor's degree in Computer Science, Information Technology, or related fields.

At least 7 year of experience as a penetration tester Proven abilities to approach a black box and white box testing. Proven hands on experience in manual pen testing as major part of work profile Hands-on experience with vulnerability scanners (static and/or dynamic) and frameworks, including but not limited to Burp Suite, Checkmark, OWASP ZAP, Burp, Nmap, Nessus, Metasploit Framework Good hands on experience with API penetration testing of Rest/SOAP based interfaces Perfect knowledge of OWASP methodology and web vulnerabilities – you can easily explain and show how it works Python or any other scripting language. Comfortable using and working linux/unix environments Desirable skills to have PCI, NIST guidelines including PII, ISO2700x, cloud security, virtualization, SecDevOps, containerized deployment. Extremely committed and self-motivated individual with ability to deliver in challenging situations Excellent written and oral communication Assessing application and solution security controls against black box», grey box» and white box» attacks using both manual and automated (DAST) penetration techniques Assessment of penetration test results with development teams, contribution to risk mitigation actions Source code analysis (client/server/database) for vulnerabilities with scanning tools - SAST Roles and Responsibilities Discovering all information on system and solution exploitability ( of Top 10 vulnerabilities categorized by OWASP, CWE/CVE like XSS, CSRF, CRLF, SQLi, XXE and uncommon HTTP Request Smuggling/Splitting, other) and security weaknesses from a variety of sources ( technical documentation, source code, communication with project and development teams) Assessing application and solution security controls against black box», grey box» and white box» attacks using both manual and automated (DAST) penetration techniques Assessment of penetration test results with development teams, contribution to risk mitigation actions Source code analysis (client/server/database) for vulnerabilities with scanning tools - SAST Analysis of customer and 3rd party penetration test results and communicating security results to the customer Vulnerability assessment using various commercial and open source tool Software Composition Analysis of product open source libraries using various tools Contribution in enhancing penetration testing process, tools and automation of SAST/DAST tools in CI/CD pipelines

: We are seeking an experienced and highly skilled Penetration Tester with expertise in mobile application security, specifically for both Android and iOS platforms. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in mobile applications, networks, APIs, and other critical systems. Your primary responsibility will be performing thorough security assessments, including reverse engineering, malware analysis, and incident forensics, to ensure the security and resilience of mobile applications and systems. The ideal candidate should have hands-on experience with penetration testing tools, mobile application testing, and advanced exploitation techniques. You will also be expected to collaborate with various teams, including Red Teams, to develop strategic security initiatives and offer expert-level recommendations for security improvements. Key Responsibilities: Mobile Application Penetration Testing: Conduct in-depth security assessments of mobile applications for both Android and iOS platforms, identifying vulnerabilities and recommending remediation strategies. Red Team Activities: Participate in Red Team exercises to simulate real-world attacks, uncover hidden threats, and assess the effectiveness of security controls. Security Assessments: Perform penetration testing on applications, networks, mobile platforms, APIs, cloud environments, and critical systems to identify advanced threats and vulnerabilities. Custom Exploit Development: Develop custom exploit code and scripts to demonstrate potential security risks to stakeholders and stakeholders, providing hands-on demonstrations of vulnerabilities. Reverse Engineering & Malware Analysis: Use reverse engineering techniques and tools to analyze complex threats, malware, and incidents, providing detailed reports on findings. Collaboration with Leadership: Collaborate with executive leadership and senior management to develop and execute strategic security initiatives and roadmaps to mitigate security risks. Security Architecture Guidance: Provide expert-level guidance on secure coding practices, cryptography, architecture design principles, and implementation to mitigate risks effectively. Tool Development & Automation: Develop custom penetration testing tools and scripts to automate testing processes and enhance capabilities for thorough assessments. Incident Forensics: Lead efforts to analyze and investigate security incidents, determining the root causes and recommending improvements for better prevention. Required Skills and Qualifications: Mobile Pen Testing Expertise: Strong experience in mobile application penetration testing for both Android and iOS platforms. Penetration Testing Tools: Expertise in tools and frameworks such as Metasploit, Burp Suite, Nessus, NMAP, and custom/open-source tools. Red Teaming & Advanced Exploitation: Advanced proficiency in red teaming, black box testing, and using advanced exploitation techniques to identify vulnerabilities. Malware Analysis & Reverse Engineering: Experience in malware analysis and reverse engineering to assess complex threats and incidents. Cryptography & Secure Coding: In-depth knowledge of cryptography, secure coding practices, and secure architecture design principles. Custom Tools & Scripting: Hands-on experience in developing custom scripts and tools to automate testing processes and enhance the effectiveness of assessments. Penetration Testing Methodologies: Expertise in applying penetration testing methodologies, including both network and application-level security assessments. Certifications (Preferred): o OSCP (Offensive Security Certified Professional) o CRTP (Certified Red Team Professional) o eLearn Security Certified Professional Penetration Tester V2.0 o Any other relevant certifications are a plus. Required Experience: Overall Experience: 12+ years in penetration testing, security assessments, and threat analysis. Relevant Experience: 10 years of hands-on experience specifically in penetration testing for mobile applications (Android & iOS), network security, cloud environments, and APIs. Experience working in Red Team environments is a plus.

We are looking for a Penetration Tester. This position is available for Chennai Location. Youll make a difference by: Having experience in performing advanced penetration testing on networks, web & mobile applications, and systems. Having ability to Identify vulnerabilities, exploit weaknesses, and assess the security posture of various assets. Having ability to develop and maintain automated testing tools and scripts. Creating detailed reports outlining findings, risks, and recommended actions. Having Extensive experience in penetration testing, vulnerability assessment, and ethical hacking. Having Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Nessus, and others. Strong understanding of network protocols, web and mobile applications, and operating systems. Maintaining documentation of testing methodologies, tools, and processes. Knowledge of scripting and programming languages (e.g., Python, Bash). Youll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 3-4 Years of relevant experience as Penetration Tester. Having Good command over English language (spoken & written) is non-negotiable. Working closely with business partners to understand their needs and translate them into technical requirements. Communicating findings, risks, and remediation strategies to both technical and non-technical stakeholders. Foster strong relationships with business units to ensure security measures align with business goals. Certification Preferred: Entry level certifications like CEH, eJPT, eWPT. Other certifications like eWPTX, OSCP is an advantage. Well support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities.

Job Title : Cybersecurity Engineer / Analyst Location : Mumbai / Noida Experience : 3 - 6 Years Employment Type : Full-time Job Description We are seeking a skilled and proactive Cybersecurity Engineer / Analyst to join our security team. The ideal candidate will have hands-on experience with SOC tools (Splunk), threat hunting, penetration testing, and incident response. You will be responsible for monitoring, analyzing, and responding to security events, identifying vulnerabilities, and strengthening our security posture. Key Responsibilities Monitor, investigate, and analyze security alerts using SIEM/SOC tools (Splunk, ELK, etc.). Perform threat hunting to proactively detect advanced threats and anomalous activities. Conduct penetration testing, vulnerability assessments, and security audits across applications, networks, and systems. Lead incident response activities, including containment, eradication, recovery, and post-incident analysis. Develop and maintain security detection rules, playbooks, and automation scripts. Analyze malware, phishing, and intrusion attempts to improve detection and defense strategies. Collaborate with IT, DevOps, and business teams to implement security best practices and hardening measures. Prepare detailed security reports, dashboards, and recommendations for management. Stay updated with the latest cybersecurity threats, exploits, and compliance requirements. Required Skills & Qualifications 3- 6 years of hands-on experience in cybersecurity operations or analysis. Strong knowledge of SOC tools (Splunk, QRadar, ELK, etc.) and log analysis. Expertise in threat hunting methodologies, malware analysis, and penetration testing tools (Burp Suite, Metasploit, Nessus, Nmap). Proven experience in incident detection, triage, and response. Familiarity with network security, endpoint security, firewalls, IDS/IPS, and SIEM integration. Knowledge of security frameworks such as MITRE ATT&CK, NIST, ISO 27001. Strong analytical and problem-solving skills with the ability to work in fast-paced environments. (ref:hirist.tech)

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology, and management consulting, tax, and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. USI is a member of RSM International, the sixth largest global network of independent accounting, tax, and consulting firms. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top-quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments. Risk Consulting helps clients across various industries by addressing the increasingly complex strategic, operational, compliance, and governance challenges faced by those responsible for managing or overseeing dynamic businesses. Risk Consulting major offerings includes AML & Regulatory Compliance; ERP Advisory; Automation and Analytics; Enterprise Risk Management; Internal Audit; SOX Advisory; Contract Compliance; Credit Reviews; Information & Technology Audits; Cybersecurity risk management; Third-party risk management; IT due diligence; SOC1 / SOC2; Security and Privacy Risk; Governance Risk and Compliance; PCI; Cyber Transformation; Manage Security Services; Secure Architecture Solutions; Cyber Testing; Digital Forensics and Incident Response; and Cyber Threat Intelligence. Qualification and Minimum Entry Requirements Bachelor or Master degree in computer science with a minimum of 10 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Good knowledge of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST , aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing. Technical Requirements Web application penetration testing experience - familiarity with Burp, OWASP Top 10, etc Ability to recognize and validate significant findings past initial scanning/recon Web Services penetration testing (RESTful, CURL and SOAP) API penetration testing experience Conducts periodic scans of networks to find and detect vulnerabilities Lead scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements Conduct IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing) Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach Maintain a firm grasp on the industry and anticipate trends and movements while balancing maturity and timing Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools Expert knowledge of tools used for wireless, web application, and network security testing Working knowledge of CI/CD and SDLC deployment lifecycles and mechanisms Motivated self-starter who loves to solve challenging problems and feels comfortable working directly with customers Excellent oral, written communication, and presentation skills with an ability to present client security sessions and security workshops to C-Level Executives and non-technical audience Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment Ability to approach customer and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver Comfortable managing multiple and changing priorities, and meeting deadlines in an entrepreneurial environment Nice to have: Mobile application penetration testing experience Nice to have: Cloud penetration testing experience (AWS and Azure) Soft Skills Requirement Ability to work independently under minimal supervision and within a team. Manage project tasks and deadlines within a multi-time zone remote culture. 5-10 years of customer-facing consulting experience Ability to communicate complex vulnerability results and demonstrate proof of concepts for diverse audiences. 5+ years of experience managing a diverse team of technical testers Proven experience improving technical quality of the team Report regularly to management on improvements and team challenges 7-10 years of experience working in a global environment with multiple time zones and adjusting to client needs in other countries Ability to train others and improve technical skills of a team At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology, and management consulting, tax, and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. USI is a member of RSM International, the sixth largest global network of independent accounting, tax, and consulting firms. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top-quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments. Risk Consulting helps clients across various industries by addressing the increasingly complex strategic, operational, compliance, and governance challenges faced by those responsible for managing or overseeing dynamic businesses. Risk Consulting major offerings includes AML & Regulatory Compliance; ERP Advisory; Automation and Analytics; Enterprise Risk Management; Internal Audit; SOX Advisory; Contract Compliance; Credit Reviews; Information & Technology Audits; Cybersecurity risk management; Third-party risk management; IT due diligence; SOC1 / SOC2; Security and Privacy Risk; Governance Risk and Compliance; PCI; Cyber Transformation; Manage Security Services; Secure Architecture Solutions; Cyber Testing; Digital Forensics and Incident Response; and Cyber Threat Intelligence. Qualification and Minimum Entry Requirements Bachelor or Master degree in computer science with a minimum of 10 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Good knowledge of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST , aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing. Technical Requirements Web application penetration testing experience - familiarity with Burp, OWASP Top 10, etc Ability to recognize and validate significant findings past initial scanning/recon Web Services penetration testing (RESTful, CURL and SOAP) API penetration testing experience Conducts periodic scans of networks to find and detect vulnerabilities Lead scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements Conduct IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing) Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach Maintain a firm grasp on the industry and anticipate trends and movements while balancing maturity and timing Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools Expert knowledge of tools used for wireless, web application, and network security testing Working knowledge of CI/CD and SDLC deployment lifecycles and mechanisms Motivated self-starter who loves to solve challenging problems and feels comfortable working directly with customers Excellent oral, written communication, and presentation skills with an ability to present client security sessions and security workshops to C-Level Executives and non-technical audience Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment Ability to approach customer and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver Comfortable managing multiple and changing priorities, and meeting deadlines in an entrepreneurial environment Nice to have: Mobile application penetration testing experience Nice to have: Cloud penetration testing experience (AWS and Azure) Soft Skills Requirement Ability to work independently under minimal supervision and within a team. Manage project tasks and deadlines within a multi-time zone remote culture. 5-10 years of customer-facing consulting experience Ability to communicate complex vulnerability results and demonstrate proof of concepts for diverse audiences. 5+ years of experience managing a diverse team of technical testers Proven experience improving technical quality of the team Report regularly to management on improvements and team challenges 7-10 years of experience working in a global environment with multiple time zones and adjusting to client needs in other countries Ability to train others and improve technical skills of a team At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

Job Description Role Profile: The Cyber and IT Audit Manager will oversee IT and cybersecurity audits, managing a team of auditors to assess IT processes and Operational Technology (OT) environments. The manager will ensure audits are aligned with the company’s strategic objectives and regulatory requirements, with a focus on delivering value and identifying critical risks in IT and cybersecurity. This role includes responsibility for overseeing security assessments and implementing audit methodologies that support continuous improvement. Responsibilities ' Manage and execute a portfolio of IT and cybersecurity audits, focusing on complex audits related to IT general controls, cybersecurity frameworks, and OT environments. Oversee medium complexity security assessments for IT and OT systems, ensuring comprehensive audit coverage. Collaborate with the CAE, IT audit Director and IT stakeholders to build an audit pipeline, addressing emerging risks and identifying areas for process improvement. Lead the development of audit programs and methodologies, ensuring alignment with industry best practices and regulatory frameworks (e.g., NIST, COBIT, IEC 62443). Manage audit staff, providing guidance and ensuring adherence to professional standards (IIA, ITGC). Present audit findings to senior management, communicating risks, recommendations, and opportunities for improvement. Qualifications ' 7+ years of experience in IT auditing, cybersecurity, and OT systems. Proven experience managing audits and teams, with a focus on IT governance, cybersecurity, and risk management. Expertise with security assessment tools (e.g., Nmap, Nessus, Kali Linux, Metasploit, Burp Suite) and audit methodologies for IT and OT systems. Strong understanding of industry frameworks (NIST, COBIT, ISO 27001, MITRE ATT&CK) and IEC 62443 for OT environments. OT knowledge and experience is highly desirable. Certifications such as CISSP, CISA, CISM, OSCP, OSWP, CRTP, CEH, HTB CPTS, HTB CBBH, HTB CWEE are preferred. Bachelor’s or Master’s degree in Information Technology, Cybersecurity, or related disciplines. Strong leadership, project management, and communication skills, with the ability to influence stakeholders at all levels. At Nextracker, we are leading in the energy transition, providing the most comprehensive portfolio of intelligent solar tracker and software solutions for solar power plants, as well as strategic services to capture the full value of solar power plants for our customers. Our talented worldwide teams are transforming PV plant performance every day with smart technology, data monitoring and analysis services. For us at Nextracker, sustainability is not just a word. It's a core part of our business, values and our operations. Our sustainability efforts are based on five cornerstones: People, Community, Environment, Innovation, and Integrity. We are creative, collaborative and passionate problem-solvers from diverse backgrounds, driven by our shared mission to provide smart solar and software solutions for our customers and to mitigate climate change for future generations. Culture is our Passion

We are seeking an experienced and highly skilled Penetration Tester with expertise in mobile application security, specifically for both Android and iOS platforms. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in mobile applications, networks, APIs, and other critical systems. Your primary responsibility will be performing thorough security assessments, including reverse engineering, malware analysis, and incident forensics, to ensure the security and resilience of mobile applications and systems. The ideal candidate should have hands-on experience with penetration testing tools, mobile application testing, and advanced exploitation techniques. You will also be expected to collaborate with various teams, including Red Teams, to develop strategic security initiatives and offer expert-level recommendations for security improvements. Key Responsibilities: Mobile Application Penetration Testing: Conduct in-depth security assessments of mobile applications for both Android and iOS platforms, identifying vulnerabilities and recommending remediation strategies. Red Team Activities: Participate in Red Team exercises to simulate real-world attacks, uncover hidden threats, and assess the effectiveness of security controls. Security Assessments: Perform penetration testing on applications, networks, mobile platforms, APIs, cloud environments, and critical systems to identify advanced threats and vulnerabilities. Custom Exploit Development: Develop custom exploit code and scripts to demonstrate potential security risks to stakeholders and stakeholders, providing hands-on demonstrations of vulnerabilities. Reverse Engineering & Malware Analysis: Use reverse engineering techniques and tools to analyze complex threats, malware, and incidents, providing detailed reports on findings. Collaboration with Leadership: Collaborate with executive leadership and senior management to develop and execute strategic security initiatives and roadmaps to mitigate security risks. Security Architecture Guidance: Provide expert-level guidance on secure coding practices, cryptography, architecture design principles, and implementation to mitigate risks effectively. Tool Development & Automation: Develop custom penetration testing tools and scripts to automate testing processes and enhance capabilities for thorough assessments. Incident Forensics: Lead efforts to analyze and investigate security incidents, determining the root causes and recommending improvements for better prevention. Required Skills and Qualifications: Mobile Pen Testing Expertise: Strong experience in mobile application penetration testing for both Android and iOS platforms. Penetration Testing Tools: Expertise in tools and frameworks such as Metasploit, Burp Suite, Nessus, NMAP, and custom/open-source tools. Red Teaming & Advanced Exploitation: Advanced proficiency in red teaming, black box testing, and using advanced exploitation techniques to identify vulnerabilities. Malware Analysis & Reverse Engineering: Experience in malware analysis and reverse engineering to assess complex threats and incidents. Cryptography & Secure Coding: In-depth knowledge of cryptography, secure coding practices, and secure architecture design principles. Custom Tools & Scripting: Hands-on experience in developing custom scripts and tools to automate testing processes and enhance the effectiveness of assessments. Penetration Testing Methodologies: Expertise in applying penetration testing methodologies, including both network and application-level security assessments. Certifications (Preferred): o OSCP (Offensive Security Certified Professional) o CRTP (Certified Red Team Professional) o eLearn Security Certified Professional Penetration Tester V2.0 o Any other relevant certifications are a plus. Required Experience: Overall Experience: 12+ years in penetration testing, security assessments, and threat analysis. Relevant Experience: 10 years of hands-on experience specifically in penetration testing for mobile applications (Android & iOS), network security, cloud environments, and APIs. Experience working in Red Team environments is a plus.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology, and management consulting, tax, and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. USI is a member of RSM International, the sixth largest global network of independent accounting, tax, and consulting firms. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top-quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments. Risk Consulting helps clients across various industries by addressing the increasingly complex strategic, operational, compliance, and governance challenges faced by those responsible for managing or overseeing dynamic businesses. Risk Consulting major offerings includes AML & Regulatory Compliance; ERP Advisory; Automation and Analytics; Enterprise Risk Management; Internal Audit; SOX Advisory; Contract Compliance; Credit Reviews; Information & Technology Audits; Cybersecurity risk management; Third-party risk management; IT due diligence; SOC1 / SOC2; Security and Privacy Risk; Governance Risk and Compliance; PCI; Cyber Transformation; Manage Security Services; Secure Architecture Solutions; Cyber Testing; Digital Forensics and Incident Response; and Cyber Threat Intelligence. Qualification And Minimum Entry Requirements Bachelor or Master degree in computer science with a minimum of 10 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Good knowledge of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST, aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing. Technical Requirements Web application penetration testing experience - familiarity with Burp, OWASP Top 10, etc Ability to recognize and validate significant findings past initial scanning/recon Web Services penetration testing (RESTful, CURL and SOAP) API penetration testing experience Conducts periodic scans of networks to find and detect vulnerabilities Lead scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements Conduct IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing) Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach Maintain a firm grasp on the industry and anticipate trends and movements while balancing maturity and timing Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools Expert knowledge of tools used for wireless, web application, and network security testing Working knowledge of CI/CD and SDLC deployment lifecycles and mechanisms Motivated self-starter who loves to solve challenging problems and feels comfortable working directly with customers Excellent oral, written communication, and presentation skills with an ability to present client security sessions and security workshops to C-Level Executives and non-technical audience Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment Ability to approach customer and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver Comfortable managing multiple and changing priorities, and meeting deadlines in an entrepreneurial environment Nice to have: Mobile application penetration testing experience Nice to have: Cloud penetration testing experience (AWS and Azure) Soft Skills Requirement Ability to work independently under minimal supervision and within a team. Manage project tasks and deadlines within a multi-time zone remote culture. 5-10 years of customer-facing consulting experience Ability to communicate complex vulnerability results and demonstrate proof of concepts for diverse audiences. 5+ years of experience managing a diverse team of technical testers Proven experience improving technical quality of the team Report regularly to management on improvements and team challenges 7-10 years of experience working in a global environment with multiple time zones and adjusting to client needs in other countries Ability to train others and improve technical skills of a team At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

Position: Cybersecurity Trainer Location: Kohat Enclave, Pitampura, New Delhi Employment Type: Full-Time (Onsite Only) Working Days: 6 Days Working About Ducat India: Ducat India is a premier IT training institute offering industry-oriented courses across technologies like Software Development, Data Science, Cloud Computing, Networking, Cybersecurity and more. With 9 training centers across NCR including Noida, Greater Noida, New Delhi, Gurugram and Faridabad. We are committed to bridging the gap between academic learning and professional employment through quality education and skill development. About the Role: We are looking for a skilled and enthusiastic Cybersecurity Trainer to join our training team in Delhi. If you're passionate about Cybersecurity, Ethical Hacking, Linux and Networking and love to share your knowledge – this is the right platform for you to make an impact. Key Responsibilities: - Deliver in-depth classroom sessions on Cybersecurity, Ethical Hacking, Linux and CCNA. - Design lab exercises, case studies and project-based learning modules. - Stay updated with industry trends and certifications to keep content relevant. - Engage learners with interactive and practical training methods. Required Skills & Experience: - Atleast 3 years of experience in cybersecurity roles or training delivery. - Proficiency in Linux OS, Ethical Hacking tools and core networking concepts. - Sound knowledge of CCNA (certification preferred). - Strong communication and interpersonal skills. - Ability to simplify complex technical concepts for learners. Preferred Skills: - CEH, CompTIA Security+ or any other relevant certifications. - Hands-on experience with tools like Kali Linux, Wireshark, Metasploit, etc. - Prior experience in teaching or mentoring in an IT training setup. Apply Now: Send your updated resume to hr@ducatindia.com Contact us at +91-9205783661. Job Type: Full-time Pay: ₹20,000.00 - ₹45,000.00 per month

Key Responsibilities : Experience in web application security assessments, hands on techniques for identifying SQL injections, XSS, CSRF, authentication, OWASP top issues, Good knowledge of security technologies for secure software development such as e-commerce apps, apis, authentication techniques and protocols etc. Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP, d Experience in BEEF, MetaSploit and other exploitation framework Technical Experience : a Looking for candidates with Platform experience especially on enterprise platformb Proven experience in identifying and exploiting business logic and framework related vulnerabilities c Vast experience in removing false positives, analyzing dynamic scan webinspect, appscan reportsd Knowledge of Secure SDLC and Security standards like OWASP, CWE, NIST, OSSTMMd Provide expert advice and recommendation to application development team as well as vendor Professional Attributes : Expect to have good verbal and written communication and a good team player Job Type: Full-time Pay: Up to ₹10,000.00 per month Ability to commute/relocate: Motera, Ahmedabad, Gujarat: Reliably commute or planning to relocate before starting work (Required) Experience: total work: 4 years (Preferred) Work Location: In person

Job Title: Ethical Hacking Trainer – Jetking Indore Location: Jetking Indore Learning Centre, Indore, Madhya Pradesh Job Type: Full-Time / Part-Time / Freelance Experience Level: 1+ Years in Cyber Security / Ethical Hacking Salary: Competitive + Performance Incentives About Jetking Indore Jetking Indore is a leading IT training institute committed to empowering students with job-oriented skills in cyber security, cloud computing, and digital marketing. With a 100% job guarantee model and industry-aligned curriculum, we’re shaping the next generation of tech professionals. Role Overview We’re seeking a dynamic and knowledgeable Ethical Hacking Trainer who can inspire, educate, and mentor students in the field of cyber security. If you're passionate about penetration testing, network security, and ethical hacking tools—and love sharing your expertise—this is your stage. Key Responsibilities Deliver engaging and hands-on training sessions on ethical hacking, penetration testing, and cyber security fundamentals Design and update course materials aligned with current industry standards (CEH, CompTIA Security+, etc.) Conduct practical labs, simulations, and assessments to reinforce learning Mentor students on career paths, certifications, and real-world applications Stay updated with emerging threats, tools, and techniques in the cyber security domain Required Skills & Qualifications Bachelor’s degree in Computer Science, IT, or related field (preferred) Certified Ethical Hacker (CEH) or equivalent certification Minimum 2 years of experience in cyber security or ethical hacking Strong command over tools like Kali Linux, Metasploit, Wireshark, Burp Suite, Nmap, etc. Excellent communication and presentation skills Prior teaching or mentoring experience is a plus Why Join Jetking Indore? Work with a passionate team focused on skill-building and employability Flexible work options (full-time, part-time, freelance) Opportunity to shape the future of cyber security professionals Access to cutting-edge labs and training infrastructure Competitive compensation and growth opportunities Job Types: Full-time, Part-time, Permanent, Fresher, Freelance Pay: ₹28,290.33 - ₹35,071.38 per month Expected hours: 48 per week Language: English (Preferred) Work Location: In person Expected Start Date: 01/09/2025

Job Title: Director – Risk Advisory (Cybersecurity) Location: Mumbai Experience Required: 12+ Years Department: Cyber Risk & VAPT Services Employment Type: Full-time About the Role We are seeking an experienced and dynamic Director – Risk Advisory (Cyber) to lead our cybersecurity consulting practice with a strong focus on Vulnerability Assessment & Penetration Testing (VAPT) . The ideal candidate will bring deep technical expertise, proven leadership skills, and the ability to manage high-impact client engagements in the cybersecurity domain. Key Responsibilities Strategic Leadership & Practice Development Lead the cybersecurity risk advisory vertical with a focus on VAPT , threat management, and overall cyber resilience. Develop and drive strategies for cybersecurity consulting services aligned with business goals. Establish frameworks, methodologies, and innovative approaches for cybersecurity risk management. Manage P&L, business development, and client portfolio growth for the cyber risk practice. Client Engagement & Delivery Management Lead end-to-end VAPT engagements including scoping, planning, execution, and reporting. Advise clients on threat detection, vulnerability remediation, and improving security posture. Build and maintain strong relationships with CXO-level stakeholders and technical teams. Ensure delivery excellence on all client engagements with measurable business outcomes. Technical Expertise Provide subject matter expertise on VAPT, red teaming, threat modeling, and incident response . Oversee testing methodologies for web applications, mobile apps, cloud environments, APIs, IoT, and network infrastructure . Ensure timely identification of security vulnerabilities and recommend actionable mitigation strategies. Stay ahead of the evolving cybersecurity threat landscape and regulatory requirements. Team Leadership Lead, mentor, and grow a high-performing cybersecurity consulting team. Conduct knowledge-sharing sessions, technical workshops, and training programs. Drive talent acquisition and capability building within the cybersecurity practice. Required Skills & Qualifications Education & Certifications Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field. Preferred certifications: OSCP, OSWE, CREST, CEH, CISSP, CISM, ISO 27001 LA, CRTP, or equivalent . Technical Expertise 12+ years of experience in cyber risk advisory, VAPT, and security consulting . Proven experience in handling enterprise-scale VAPT projects across BFSI, Telecom, and other domains. Hands-on understanding of tools like Burp Suite, Nessus, Qualys, Metasploit, Nmap, Kali Linux, Wireshark , etc. Deep knowledge of cloud security, container security, and emerging technologies. Leadership & Business Skills Experience in managing large cybersecurity programs and multiple client portfolios. Strong business acumen with the ability to contribute to revenue growth. Excellent stakeholder management, negotiation, and presentation skills.

Position: Cybersecurity Intern Company: INLIGHN TECH Location: Remote (100% Virtual) Duration: 3 months Top Interns Stipend: 15,000 Potential for Full-Time Employment: Based on performance; Certificate of Internship provided About INLIGHN TECH: INLIGHN TECH provides hands-on experience to students and recent graduates. Our unpaid Cybersecurity Internship offers practical exposure to threat analysis, vulnerability assessment, and security operations. Responsibilities: Assist in identifying and mitigating security vulnerabilities. Conduct penetration testing and ethical hacking assessments. Monitor and analyze security incidents and threats. Support in developing security policies and best practices. Qualifications: Enrolled in/recent graduate of Cybersecurity, Computer Science, or a related field. Basic knowledge of cybersecurity concepts, network security, and threat analysis. Familiarity with ethical hacking tools (Metasploit, Burp Suite, Wireshark, etc.) (preferred). Strong analytical and problem-solving skills. Benefits: ✅ Hands-on experience with real cybersecurity projects. ✅ Internship Certificate & Letter of Recommendation. ✅ Build your cybersecurity portfolio and gain industry exposure. 🚀 Apply now and start your journey in Cybersecurity!

Key Responsibilities : Experience in web application security assessments, hands on techniques for identifying SQL injections, XSS, CSRF, authentication, OWASP top issues, Good knowledge of security technologies for secure software development such as e-commerce apps, apis, authentication techniques and protocols etc. Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP, d Experience in BEEF, MetaSploit and other exploitation framework Technical Experience : a Looking for candidates with Platform experience especially on enterprise platformb Proven experience in identifying and exploiting business logic and framework related vulnerabilities c Vast experience in removing false positives, analyzing dynamic scan webinspect, appscan reportsd Knowledge of Secure SDLC and Security standards like OWASP, CWE, NIST, OSSTMMd Provide expert advice and recommendation to application development team as well as vendor Professional Attributes : Expect to have good verbal and written communication and a good team player Job Type: Full-time Pay: Up to ₹10,000.00 per month Ability to commute/relocate: Motera, Ahmedabad, Gujarat: Reliably commute or planning to relocate before starting work (Required) Experience: total work: 4 years (Preferred) Work Location: In person

Job Title: Ethical Hacking Trainer – Jetking Indore Location: Jetking Indore Learning Centre, Indore, Madhya Pradesh Job Type: Full-Time / Part-Time / Freelance Experience Level: 1+ Years in Cyber Security / Ethical Hacking Salary: Competitive + Performance Incentives About Jetking Indore Jetking Indore is a leading IT training institute committed to empowering students with job-oriented skills in cyber security, cloud computing, and digital marketing. With a 100% job guarantee model and industry-aligned curriculum, we’re shaping the next generation of tech professionals. Role Overview We’re seeking a dynamic and knowledgeable Ethical Hacking Trainer who can inspire, educate, and mentor students in the field of cyber security. If you're passionate about penetration testing, network security, and ethical hacking tools—and love sharing your expertise—this is your stage. Key Responsibilities Deliver engaging and hands-on training sessions on ethical hacking, penetration testing, and cyber security fundamentals Design and update course materials aligned with current industry standards (CEH, CompTIA Security+, etc.) Conduct practical labs, simulations, and assessments to reinforce learning Mentor students on career paths, certifications, and real-world applications Stay updated with emerging threats, tools, and techniques in the cyber security domain Required Skills & Qualifications Bachelor’s degree in Computer Science, IT, or related field (preferred) Certified Ethical Hacker (CEH) or equivalent certification Minimum 2 years of experience in cyber security or ethical hacking Strong command over tools like Kali Linux, Metasploit, Wireshark, Burp Suite, Nmap, etc. Excellent communication and presentation skills Prior teaching or mentoring experience is a plus Why Join Jetking Indore? Work with a passionate team focused on skill-building and employability Flexible work options (full-time, part-time, freelance) Opportunity to shape the future of cyber security professionals Access to cutting-edge labs and training infrastructure Competitive compensation and growth opportunities Job Types: Full-time, Part-time, Permanent, Fresher, Freelance Pay: ₹28,290.33 - ₹35,071.38 per month Expected hours: 48 per week Language: English (Preferred) Work Location: In person Expected Start Date: 01/09/2025

Position: Cybersecurity Trainer Location: Kohat Enclave, Pitampura, New Delhi Employment Type: Full-Time (Onsite Only) Working Days: 6 Days Working About Ducat India: Ducat India is a premier IT training institute offering industry-oriented courses across technologies like Software Development, Data Science, Cloud Computing, Networking, Cybersecurity and more. With 9 training centers across NCR including Noida, Greater Noida, New Delhi, Gurugram and Faridabad. We are committed to bridging the gap between academic learning and professional employment through quality education and skill development. About the Role: We are looking for a skilled and enthusiastic Cybersecurity Trainer to join our training team in Delhi. If you're passionate about Cybersecurity, Ethical Hacking, Linux and Networking and love to share your knowledge – this is the right platform for you to make an impact. Key Responsibilities: - Deliver in-depth classroom sessions on Cybersecurity, Ethical Hacking, Linux and CCNA. - Design lab exercises, case studies and project-based learning modules. - Stay updated with industry trends and certifications to keep content relevant. - Engage learners with interactive and practical training methods. Required Skills & Experience: - Atleast 3 years of experience in cybersecurity roles or training delivery. - Proficiency in Linux OS, Ethical Hacking tools and core networking concepts. - Sound knowledge of CCNA (certification preferred). - Strong communication and interpersonal skills. - Ability to simplify complex technical concepts for learners. Preferred Skills: - CEH, CompTIA Security+ or any other relevant certifications. - Hands-on experience with tools like Kali Linux, Wireshark, Metasploit, etc. - Prior experience in teaching or mentoring in an IT training setup. Apply Now: Send your updated resume to hr@ducatindia.com Contact us at +91-9205783661. Job Type: Full-time Pay: ₹20,000.00 - ₹45,000.00 per month

You should have expertise in Full Stack Development, Data Science, and Cybersecurity to create comprehensive training programs. Your strong communication, presentation, and facilitation skills will be essential to engage and teach diverse teams effectively. Additionally, your ability to assess training needs will play a crucial role in designing impactful training sessions. As a Full Stack Developer, you should be proficient in HTML/CSS, JavaScript, React, Node.js, Express, MongoDB, MySQL, and RESTful API. For Data Science tasks, you should have experience with Python, R, SQL, Pandas, Numpy, Scikit-learn, Tableau, and Power BI. As a Cybersecurity Specialist, your skills should include familiarity with Wireshark, Metasploit, Nessus, IDS/IPS, SIEM tools, firewall management, and network traffic analysis. With a minimum of 4 years of experience in the field, you are expected to hold a degree in BE, B.Tech, MCA, M.Sc, B.Sc, or BCA in relevant fields, preferably in Computer Science, Information Technology, or related disciplines.,

Job Description: We are seeking software developers who are enthusiastic about developing and strengthening Linux-based platforms. Your responsibilities will include integrating various software and security patches into build systems, backporting key features/bug-fixes to the customers" product line distribution or kernel, performing security audits on customer BSP, and implementing hardening measures on the BSP. Additionally, you will design, develop, test, deploy, maintain, and enhance software, manage project priorities, deadlines, and deliverables, and serve as a system-SW generalist to tackle technical challenges and offer solutions. Mentoring and advising developers on best practices will also be part of your role. To be successful in this position, you should have 3+ years of experience in building and delivering embedded systems using Linux, a strong proficiency in C, knowledge of security features like SELinux and verified/secure boot, familiarity with cryptography fundamentals and Public Key Infrastructure, excellent communication skills, the ability to handle multiple projects concurrently within tight schedules, a keen sense of urgency, and a strong commitment to quality work and team success. Preferred qualifications include experience with build environments such as Yocto, Buildroot, OpenEmbedded, and Android, proficiency in Git, engagement with the open-source community to enhance software, scripting and automation skills with Python, bash, or similar languages, and familiarity with security tools like metasploit, nmap, and nessus. Working with us offers an opportunity to engage with cutting-edge open-source technologies, a diverse range of challenging projects, and a relaxed work environment.,

You will be hired as a Cybersecurity Penetration Testing Senior at a renowned US top Accounting and Tax Advisory firm located in Bangalore. Your primary responsibilities will include conducting network penetration testing using tools like Nessus, Nmap, and Metasploit. You will also be required to perform web application testing, leveraging advanced features of Burp Suite Pro, and possess a strong understanding of TCP/IP networking to troubleshoot connectivity issues. Additionally, you will be responsible for testing clients" web and/or mobile applications and APIs to identify security vulnerabilities, ensuring test quality, and resolving any issues that may hinder the testing process for large or complex projects. To qualify for this role, you should hold a Bachelor's degree in business administration, cybersecurity, information technology, computer science, or a related field, or possess equivalent experience. You must have at least 3 years of experience in TCP/IP networking and endpoint attacks at a network level, as well as 3 years of experience in Penetration Testing. Moreover, you should have 3 years of experience in an internal or external cybersecurity role, or a similar role such as threat/penetration testing, ethical hacking, OWASP top 10, or AppScan. Effective communication and collaboration with team members are essential skills for this position. Desired certifications for this role include Offensive Security Certified Professional (OSCP), GPEN: GIAC Certified Penetration Tester, OffSec Web Assessor (OSWA), OffSec Web Expert (OSWE), API Security Certified Professional (ASCP), and Certified API Security Analyst (CASA). Proficiency in tools like Burp Suite, Nessus, and the Kali Linux environment is also expected.,