73 Sqlmap Jobs

Dear All, We are hiring for one of our MNC Product Based Company in Bangalore location ... Please find below more about this job details Also, Please follow us on below given our company Linkedin URL for more daily job updates https://www.linkedin.com/company/hirednext-recruitment-service/ Penetration Tester Experience : 4 to 8 Yrs Skills :OSCP or CRTP Certified,Burp Suite, Metasploit,Nmap, Nikto, SQLmap, John the Ripper, Hydra,Python, Bash, PowerShell, MITRE ATT&CK, NIST, and STRIDE,Python, Bash, or PowerShell,linux,windows JD: Perform penetration testing and security assessments of web applications, APIs, Android, IOS, cloud infrastructure, embedded systems, and network environments. Conduct threat modelling and vulnerability assessments during different stages of the software development lifecycle (SDLC). Simulate real-world attacks to identify potential security weaknesses in enterprise and automotive systems. Provide detailed and well-documented reports of findings with actionable remediation guidance. Collaborate with development, architecture, DevOps, and infrastructure teams to mitigate vulnerabilities and strengthen security controls. Perform retesting to validate resolved vulnerabilities. Stay current on latest attack techniques, vulnerabilities, and tools in the cybersecurity domain. Contribute to internal knowledge bases, red team frameworks, and automation of recurring testing processes. Minimum 4-5 years of professional experience in penetration testing, ethical hacking, or red teaming. Mandatory certification: OSCP or CRTP. Solid experience using penetration testing tools such as: Burp Suite Metasploit Nmap, Nikto, SQLmap, John the Ripper, Hydra, etc. Proficiency in scripting languages like Python, Bash, or PowerShell for automation. Strong understanding of: OWASP Top 10 vulnerabilities Secure coding practices Network protocols and architecture Web and mobile application security Experience working in Linux and Windows environments. Familiarity with threat modelling and security frameworks like MITRE ATT&CK, NIST, and STRIDE. Best Regards, Prathyusha B pratyusha@hirednext.info Recruitment Executive

Key Responsibilities : Experience in web application security assessments, hands on techniques for identifying SQL injections, XSS, CSRF, authentication, OWASP top issues, Good knowledge of security technologies for secure software development such as e-commerce apps, apis, authentication techniques and protocols etc. Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP, d Experience in BEEF, MetaSploit and other exploitation framework Technical Experience : a Looking for candidates with Platform experience especially on enterprise platformb Proven experience in identifying and exploiting business logic and framework related vulnerabilities c Vast experience in removing false positives, analyzing dynamic scan webinspect, appscan reportsd Knowledge of Secure SDLC and Security standards like OWASP, CWE, NIST, OSSTMMd Provide expert advice and recommendation to application development team as well as vendor Professional Attributes : Expect to have good verbal and written communication and a good team player Job Type: Full-time Pay: Up to ₹10,000.00 per month Ability to commute/relocate: Motera, Ahmedabad, Gujarat: Reliably commute or planning to relocate before starting work (Required) Experience: total work: 4 years (Preferred) Work Location: In person

Key Responsibilities : Experience in web application security assessments, hands on techniques for identifying SQL injections, XSS, CSRF, authentication, OWASP top issues, Good knowledge of security technologies for secure software development such as e-commerce apps, apis, authentication techniques and protocols etc. Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP, d Experience in BEEF, MetaSploit and other exploitation framework Technical Experience : a Looking for candidates with Platform experience especially on enterprise platformb Proven experience in identifying and exploiting business logic and framework related vulnerabilities c Vast experience in removing false positives, analyzing dynamic scan webinspect, appscan reportsd Knowledge of Secure SDLC and Security standards like OWASP, CWE, NIST, OSSTMMd Provide expert advice and recommendation to application development team as well as vendor Professional Attributes : Expect to have good verbal and written communication and a good team player Job Type: Full-time Pay: Up to ₹10,000.00 per month Ability to commute/relocate: Motera, Ahmedabad, Gujarat: Reliably commute or planning to relocate before starting work (Required) Experience: total work: 4 years (Preferred) Work Location: In person

a Bit About Us Appknox is one of the top Mobile Application security companies recognized by Gartner and G2. A profitable B2B SaaS startup headquartered in Singapore & working from Bengaluru. The primary goal of Appknox is to help businesses and mobile developers secure their mobile applications with a focus on delivery speed and high-quality security audits. Appknox has helped secure mobile apps at Fortune 500 companies with Major brands spread across regions like India, South-East Asia, Middle-East, US, and expanding rapidly. We have secured 300+ Enterprises globally. We are a 30+ incredibly passionate team working to make an impact and help some of the biggest companies globally. We work in a highly collaborative, very fast-paced work environment. If you have what it takes to be part of the team, we are excited, and let’s speak further. The Opportunity To join the security team engaging with multiple clients, helping them with end-to-end security audits, also researching new topics and vulnerabilities to be added to the scanner, present research at conferences. What An Ideal Candidate Would Look Like Anyone pursuing their graduation or post-graduation related to IT security Skills - Application Penetration Testing, Knowledge or experience of IoT testing, and source code audits are plus points Responsibilities: Engage with clients for scoping call, perform security audits, and remediation call with clients to patch the issues Minimum Requirements Must be comfortable with tools like burp suite, nmap, sqlmap, r2 etc Strong Analytical Skills Strong grasp of fundamentals of information security Strong Grasp of Web, API and mobile Pen-Testing Self-taught learner willing to read and keep up-to-date on technological changes and how they could be used Can accurately define an issue and create detailed Proof-of-concept and write-up of the findings. Provide appropriate remediation and mitigations of the identified vulnerabilities. Basic understanding of cloud platforms like AWS or GCP. Security knowledge in this domain is a plus. Responsibilities Security assessment of web and mobile applications. Understand and explain the results with impact on business and compliance status Continuously learning and training on latest tools and techniques Personality traits we really admire A confident and dynamic working persona, which can bring fun to the team, and a sense of humor, is an added advantage. Great attitude to ask questions, learn and suggest process improvements. Has attention to details and helps identify edge cases. Highly motivated and coming up with fresh ideas and perspectives to help us move towards our goals faster. Follow timelines and absolute commitment to deadlines. Interview Process Round 1 CTF Round - Profile and skill Evaluation Round 2 - Technical Interview with security team member Round 3 - Technical Interview with the Team Lead Round 4 - HR Round Why Join Us Great Stipend& PPO: We keep up with the market standards & provide stipend/pay packages considering updated standards. Also as Appknox continues to grow, you’ll have a great opportunity to earn more & grow with us. Moreover, we also PPO for our top interns. Freedom & Responsibility: If you are a person who enjoys challenging work & pushing your boundaries, then this is the right place for you. We appreciate new ideas & ownership as well as flexibility with working hours. Holistic Growth: We foster a culture of continuous learning and take a much more holistic approach to train and develop our assets: the employees. We shall also support you all on that journey of yours. Transparency: Being a part of a start-up is an amazing experience, one of the reasons being open communication & transparency at multiple levels. Working with Appknox will give you the opportunity to experience it all first-hand. Skills:- Vulnerability assessment, Penetration testing, Vulnerability scanning, Information security, Web application security, Mobile security and Mobile App Testing (QA)

The VOC VI & ASM Analyst will be part of a team responsible for monitoring and identifying vulnerabilities as well as proactively assessing their threat . The team also provides comprehensive feedback and guidance on detected vulnerabilities to assist Security Officers and Application Manager on the remediation part. This role takes a holistic approach to identifying newly published vulnerabilities and contextualizing them to company environment as well as tracking potential external entry points to systems and data. The VOC VI & ASM Analyst is responsible for: Vulnerability Intelligence (VI): o Monitor new vulnerabilities and assess their criticality and risk severity based on threat, exploit availability, ease of exploit, impact, … o Communicate and publish an assessment on vulnerabilities related to software o Maintain timely, high-quality vulnerability bulletins, prioritizing issues against the Group’s asset exposure o Update on a regular basis our software inventory in the scope of Vulnerability Assessment Service o Keep the vulnerability database up to date; enrich each CVE and security bulletin with QDS, EPSS, CVSS metrics, … Attack Surface Management (ASM): o Operate continuous monitoring of external assets via ASM Security tools o Update on a regular basis the coverage of ASM tools, by adding known domains and IP ranges o Assess the severity of the findings and confirm their presence (review, challenge, FP assessment, o Track and report exposure trends; escalate high-risk findings to Blue-Team remediation owners o Build and use the external footprint to proactively identify new threats and new vulnerabilities o Leverage ASM tools to proactively identify external assets subject to newly published vulnerabilities BlackBox Pentesting: o Drive proactive follow-up on detected vulnerabilities, engaging system owners and tracking remediation to closure o Active follow up with Application managers to onboard new application in the BlackBox Pentesting service Vulnerability Management: o Vulnerability review, recategorization, and false positive identification o Proactive vulnerability testing and replay o Pre-analyze and consolidate vulnerability data from various scanning tools o Prepare concise syntheses of available vulnerabilities o Offer guidance to the SO and CISO on vulnerabilities o Collaborate with key stakeholders to develop strategies for vulnerability management Scripting and automation: o Automate data extraction and data push from VI and ASM tools to DataLake tools o Build automation workflows to streamline vulnerability identification, assessment, and reporting o Collaborate with the offensive and defensive teams to enhance vulnerability assessment and testing Bachelor degree in Computer Science, Information Security, EXTC or related field; relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are a plus  Proven experience (6+ years) working within the Cybersecurity field, with emphasis on security platform implementation & administration  Experience on Penetration testing actions (web application, infrastructure, …)  Experience with security scanning tools  Experience with VI and ASM tools  Experience in investigating newly published vulnerabilities and assessing their risks and severity  Experience with scripting languages (e.g., Python, Bash, Powershell, C#, …) for automation and customization of security processes is a plus  Experience with Pentester tools (Burp, SQLmap, Metasploit, Kali environment, …)  Strong technical skills with an interest in open-source intelligence investigations  Knowledge of NIST CVE database, OWASP Top 10, Microsoft security bulletins  Excellent writing skills in English and ability to communicate complicate technical challenges in a business language to a range of stakeholders. Personal Skills  Has a systematic, disciplined, and analytical approach to problem solving with Thorough leadership skills & experience  Excellent ability to think critically under pressure  Strong communication skills to convey technical concepts clearly to both technical and non-technical stakeholders  Willingness to stay updated with evolving cyber threats, technologies, and industry trends  Capacity to work collaboratively with cross-functional teams, developers, and management to implement robust security measures

Full Time Hyderabad, Telangana Job Title: Cyber Security Engineer Experience: 5 years Location: Hyderabad Job Summary: We (RMES) are seeking a seasoned Cyber Security Engineer with a minimum of five (5) years’ hands-on experience in Vulnerability Assessment & Penetration Testing (VAPT) and security testing across web applications, APIs, networks, and databases. The ideal candidate will combine strong technical skills in programming and scripting with deep familiarity with industry-standard security standards, tools and methodologies. Key Responsibilities Vulnerability Assessment & Penetration Testing Plan and execute black-box, white-box, and gray-box penetration tests. Identify, analyze, and report security vulnerabilities in web applications, REST/SOAP APIs, network infrastructures, and database systems. Security Testing Perform security code reviews and static/dynamic analysis on application source code. Execute automated and manual security test cases, including OWASP Top 10, SANS Top 25, and API-specific risks. Tooling & Automation Develop and maintain custom scripts and tooling to automate reconnaissance, scanning, exploitation, and reporting. Integrate security testing into CI/CD pipelines and DevSecOps workflows. Risk Analysis & Reporting Assess business impact and prioritize vulnerabilities by severity and exploitability. Produce clear, actionable reports and work with development teams to validate fixes. Collaboration & Advisory Liaise with developers, DevOps, and IT/network teams to remediate security findings. Provide guidance on secure coding practices, hardening configurations, and security best practices. Providing assistance to other teams (project, commercial, product, customer success) in answering cyber security related questions raised by/in customer/project tenders. Required Qualifications Bachelor’s degree in computer science, Information Security, or related field. 3+ years of professional experience in VAPT and security testing. Technical Skills Programming & Scripting: Proficient in at least two of: Python, Java, C#, Ruby, Go, or JavaScript/TypeScript. Shell scripting (Bash/PowerShell) for automation. Security Tools & Frameworks : Web/API testing: Burp Suite, OWASP ZAP, Postman, SoapUI. Network scanning: Nmap, Nessus, OpenVAS. DB security: SQLMap, DbProtect, manual SQL injection testing. Static/Dynamic analysis: SonarQube, Trivy, Fortify, Checkmarx, Veracode. Protocols & Technologies: HTTP/S, REST, SOAP, TCP/IP, DNS, LDAP, OAuth/OIDC, JWT. Database platforms: MySQL, PostgreSQL, SQL Server, Oracle. Standards & Compliance: Familiarity with OWASP Top 10, SANS Top 25, PCI-DSS, ISO 27001/27002, NIST. Preferred Skills Experience with cloud security testing (AWS, Azure, GCP). Familiarity with container and orchestration security (Docker, Kubernetes). Certification(s): OSCP, CEH, CISSP, CISM, or similar. Hands-on in DevSecOps integration and security automation frameworks (e.g., Jenkins,bGitLab CI, Terraform). Soft Skills Strong analytical and problem-solving abilities. Excellent written and verbal communication for clear reporting and stakeholder engagement. Ability to work independently and as part of a cross-functional team. About Company: Rugged Monitoring is a company that specializes in providing advanced fibre optic-based sensing solutions for harsh and challenging environments. We offer a range of products and solutions designed to monitor critical parameters such as temperature, pressure, strain, and vibration in applications where traditional electrical sensors may not be suitable or reliable. We also design and develop the Intelligent Electronic Devices (IEDs) to monitor the different type of electrical machines (e.g., Transformer, Motor, Generator, Circuit Breaker etc.) and provides the software services to collect and analyse the acquired data for condition-based monitoring (CBM) at enterprise level. Our R&D centre is in Hyderabad, India and head office is at Québec, Canada Job Features Job Category Cyber Security Experience 5 years

Job description As a Vulnerability Assessment and Penetration Testing (VAPT) Security Professional, you will lead comprehensive security evaluations to identify, exploit, and remediate vulnerabilities across networks, applications, and systems. You will simulate real-world cyberattacks using ethical hacking methodologies to assess the security posture and help safeguard critical business assets of the clients. Your role involves collaborating with IT and Security teams of the clients to recommend effective security controls, preparing detailed technical reports, and staying current with emerging threats and tools. Key Responsibilities: · Conduct thorough vulnerability assessments and penetration tests on infrastructure, web applications, APIs, and cloud environments. · Analyze security findings and provide actionable remediation recommendations. · Develop and execute detailed test plans aligned with business and compliance requirements. · Simulate social engineering and physical security assessments as part of comprehensive testing. · Document methodologies, findings, and mitigation strategies in clear, professional reports for technical and non-technical stakeholders. · Continuously update knowledge on latest vulnerabilities, attack techniques, and security tools. · Mentor junior team members and contribute to security awareness initiatives. Qualifications: · Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field. · Relevant certifications such as: o Certified Ethical Hacker (CEH) o Offensive Security Certified Professional (OSCP) o GIAC Penetration Tester (GPEN) o Certified Information Systems Security Professional (CISSP) (preferred) · Strong understanding of network protocols, operating systems (Windows, Linux), and web technologies. · Proficiency with penetration testing and vulnerability assessment tools like Metasploit, Burp Suite, Nmap, OWASP ZAP, Nessus, SQLMap, Wireshark, and others. · Knowledge of security frameworks, standards, and regulatory compliance (e.g., SEBI, compliance). · Experience with scripting or programming languages (Python, PowerShell) to develop custom testing tools or automate tasks. · Excellent analytical, problem-solving, and communication skills. Experience: · Minimum 1-3 years of hands-on experience in penetration testing and vulnerability assessment. · Proven track record of conducting end-to-end penetration tests and vulnerability assessments in enterprise environments. · Experience in testing a variety of environments including on-premises networks, cloud platforms, web and mobile applications. · Familiarity with social engineering techniques and physical security assessments is a plus. · Experience in preparing detailed technical reports and presenting findings to diverse audiences.

Full Time Hyderabad, Telangana Job Title: Cyber Security Engineer Experience: 5 years Location: Hyderabad Job Summary: We (RMES) are seeking a seasoned Cyber Security Engineer with a minimum of five (5) years’ hands-on experience in Vulnerability Assessment & Penetration Testing (VAPT) and security testing across web applications, APIs, networks, and databases. The ideal candidate will combine strong technical skills in programming and scripting with deep familiarity with industry-standard security standards, tools and methodologies. Key Responsibilities Vulnerability Assessment & Penetration Testing Plan and execute black-box, white-box, and gray-box penetration tests. Identify, analyze, and report security vulnerabilities in web applications, REST/SOAP APIs, network infrastructures, and database systems. Security Testing Perform security code reviews and static/dynamic analysis on application source code. Execute automated and manual security test cases, including OWASP Top 10, SANS Top 25, and API-specific risks. Tooling & Automation Develop and maintain custom scripts and tooling to automate reconnaissance, scanning, exploitation, and reporting. Integrate security testing into CI/CD pipelines and DevSecOps workflows. Risk Analysis & Reporting Assess business impact and prioritize vulnerabilities by severity and exploitability. Produce clear, actionable reports and work with development teams to validate fixes. Collaboration & Advisory Liaise with developers, DevOps, and IT/network teams to remediate security findings. Provide guidance on secure coding practices, hardening configurations, and security best practices. Providing assistance to other teams (project, commercial, product, customer success) in answering cyber security related questions raised by/in customer/project tenders. Required Qualifications Bachelor’s degree in computer science, Information Security, or related field. 3+ years of professional experience in VAPT and security testing. Technical Skills Programming & Scripting: Proficient in at least two of: Python, Java, C#, Ruby, Go, or JavaScript/TypeScript. Shell scripting (Bash/PowerShell) for automation. Security Tools & Frameworks : Web/API testing: Burp Suite, OWASP ZAP, Postman, SoapUI. Network scanning: Nmap, Nessus, OpenVAS. DB security: SQLMap, DbProtect, manual SQL injection testing. Static/Dynamic analysis: SonarQube, Trivy, Fortify, Checkmarx, Veracode. Protocols & Technologies: HTTP/S, REST, SOAP, TCP/IP, DNS, LDAP, OAuth/OIDC, JWT. Database platforms: MySQL, PostgreSQL, SQL Server, Oracle. Standards & Compliance: Familiarity with OWASP Top 10, SANS Top 25, PCI-DSS, ISO 27001/27002, NIST. Preferred Skills Experience with cloud security testing (AWS, Azure, GCP). Familiarity with container and orchestration security (Docker, Kubernetes). Certification(s): OSCP, CEH, CISSP, CISM, or similar. Hands-on in DevSecOps integration and security automation frameworks (e.g., Jenkins,bGitLab CI, Terraform). Soft Skills Strong analytical and problem-solving abilities. Excellent written and verbal communication for clear reporting and stakeholder engagement. Ability to work independently and as part of a cross-functional team. About Company: Rugged Monitoring is a company that specializes in providing advanced fibre optic-based sensing solutions for harsh and challenging environments. We offer a range of products and solutions designed to monitor critical parameters such as temperature, pressure, strain, and vibration in applications where traditional electrical sensors may not be suitable or reliable. We also design and develop the Intelligent Electronic Devices (IEDs) to monitor the different type of electrical machines (e.g., Transformer, Motor, Generator, Circuit Breaker etc.) and provides the software services to collect and analyse the acquired data for condition-based monitoring (CBM) at enterprise level. Our R&D centre is in Hyderabad, India and head office is at Québec, Canada Job Features Job Category Cyber Security Experience 5 years

Job Description We are looking for a motivated junior cybersecurity professional with a keen interest in offensive security to join our team in simulating real-world attacks on a wide range of honeypots — from web frontends and APIs to backends and databases. The ideal candidate has basic penetration testing skills, experience with common security tools, and a curiosity for learning attacker techniques to help test and strengthen our detection strategies. Responsibilities Simulate attacks on honeypots representing diverse technologies: web frontends (React, Angular, etc.), backends (Node.js, Python, Java, Go), databases, APIs, and more. Use open-source penetration testing tools (e.g., Burp Suite Community, OWASP ZAP, SQLmap, Nikto, nmap) and basic scripting to probe for, identify, and exploit common vulnerabilities (XSS, SQLi, auth bypass, SSRF, misconfigurations, etc.). Research public vulnerability databases (CVE, Exploit-DB), try PoCs, and suggest new attack vectors. Meticulously document each attack test, payload used, and observed outcomes. Participate in team reviews to improve honeypot effectiveness and realism. Technical Skills Required: Proficiency with Linux CLI (file navigation, editing files, running scripts). Basic knowledge of networking (TCP/IP, HTTP/S, DNS). Familiarity with at least one scripting language (Python or Bash preferred). Experience using penetration testing tools (Burp or ZAP, nmap, Metasploit basics). Understanding of web security basics (request structure, cookies, sessions). Security Experience: 1+ years personal or academic hands-on experience with Capture The Flag (CTF) challenges, bug bounty programs, or security labs. Knowledge of OWASP Top 10, with basic understanding of how web and API vulnerabilities are discovered and exploited. Exposure to reading and following security advisories or public writeups. Demonstrated curiosity about how attackers operate, even if mostly self-taught or from classroom projects. Qualifications Bachelor's degree or equivalent experience in Computer Science with 1-3 years of industry experience. Strong verbal and written communication Proficiency in documentations. Job Type: Full-time Pay: ₹362,923.96 - ₹1,674,598.40 per year Benefits: Health insurance Provident Fund Work Location: In person Expected Start Date: 01/09/2025

Black Duck Software, Inc. assists organizations in developing secure and high-quality software, reducing risks and enhancing speed and productivity. As a pioneer in application security, Black Duck offers Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST) solutions to help teams swiftly identify and rectify vulnerabilities and defects in proprietary code, open source components, and application behavior. By leveraging industry-leading tools, services, and expertise, Black Duck empowers organizations to optimize security and quality in DevSecOps and across the software development life cycle. At Black Duck, the Software Security and Quality business focuses on accelerating the development of secure software. This involves utilizing static analysis, software composition analysis, and dynamic analysis to infuse security and quality into the core of code at every stage of the software development process and throughout the supply chain. The primary objective is to minimize risks and expedite application development. We are currently seeking a full-time Security Senior Staff Consultant to join our Professional Services Consulting team. In this role, your responsibility will be to proactively address software insecurities, eliminate bugs, and rectify flaws wherever they are detected. Our consultants play a vital role in establishing themselves as indispensable advisors to our clients, fostering relationships that lead to additional assignments. As a subject matter expert (SME) in various domains of application and infrastructure security, you will be tasked with delivering high-quality assessments and recommendations to clients. In this role, you will lead the end-to-end delivery of multiple concurrent security projects, ensuring the timely achievement of milestones and actionable outcomes for clients. You will serve as a trusted advisor to clients, aiding them in comprehending and implementing secure software development practices. Additionally, you will act as an SME in security domains like Web Application & API Penetration Testing, Mobile Application Security Testing, Infrastructure Pentesting, Source Code Review (SAST), Software Composition Analysis (SCA), Cloud Config Reviews, Architecture Security Reviews, Pentest of AI/ML integrated applications, and more. Your responsibilities will include providing technical oversight to project teams, ensuring adherence to defined methodologies, quality standards, and best practices. You will actively engage in client presentations, delivery review meetings, and strategic planning sessions related to application security. Furthermore, you will contribute to the development of internal tools, templates, methodologies, and the technical knowledge base while mentoring and supporting junior consultants in technical skills and client communication. As a Senior Staff Consultant, you are expected to possess practical expertise in various technical skills such as Web/API/Web Services Penetration Testing, Mobile Application Penetration Testing, Infrastructure Pentest and Hardening, Red Team Analysis, Secure Code Analysis, Cloud Security, Architecture Security Analysis, and more. Additionally, you should have hands-on knowledge of tools like Burp Suite, NMAP, Kali Linux, Nessus, and SQLMap. The ability to interface with clients, negotiate effectively, work autonomously, meet deadlines, and possess strong communication skills is essential for this role. Key qualifications include a Bachelor's degree in Computer Science, Engineering, or equivalent (Master's degree preferred) and relevant certifications such as OSCP, CISSP, CEH, CRTP, among others. The ideal candidate will have 8 to 12 years of experience in a similar role and be willing to travel occasionally.,

About Company: Garmin Ltd. is an American multinational technology company founded in 1989 by Gary Burrell and Min Kao in Lenexa, Kansas, United States, with headquarters in Olathe, Kansas. Since 2010, the company is incorporated in Schaffhausen, Switzerland. The company specializes in GPS technology for automotive, aviation, marine, outdoor, and sport activities. At Garmin, we like to work hard and play hard. It comes easy when you work on cool products with hard-working individuals who share the same passion. We make products that are engineered on the inside for life on the outside. We do this so our customers can make the most of the time they spend pursuing their passions. We think every day is an opportunity to innovate and a chance to beat yesterday. See more at www.garmin.com. POSITION SUMMARY: Performing comprehensive penetration testing, vulnerability assessments, and risk analysis across Garmin’s global computer systems, products, and software covering web, API, infrastructure, mobile, and hardware security through ethical hacking engagements. Responsible for ensuring adherence to Garmin’s information security strategy, programs and best practice. Design, develop, and implement solutions and metrics to successfully integrate and monitor new information security and identity management systems with the existing architecture. In addition, deploy security policies, investigate and evaluate alerts for malicious file execution attempts, and design enhanced protocols aligned with protecting corporate wide production systems. The Cyber Security Engineer II will also lead root-cause analysis efforts to determine improvement opportunities when failures occur. ESSENTIAL FUNCTIONS: • Perform in-depth penetration and security assessment testing for Garmin computer systems, products, and software on a global scale • In-depth expertise with industry trusted infrastructure and development penetration tools • In-depth expertise with security, infrastructure, software development, and application technologies • Proficiency with various methods of reconnaissance, information gathering including network analysis, web application analysis, database analysis • Strong understanding of: OWASP Top 10, SANS Top 25, CWE , CVSS scoring, threat modeling, MITRE ATT&CK framework • Secure coding practices and SDLC • Knowledge of authentication protocols: OAuth2, JWT, SAML, Kerberos, NTLM • Conducts regular security audits from both a logical/theoretical standpoint and a technical/hands-on standpoint • Proficiency with various methods of threat modeling and vulnerability assessment including vulnerability scanners, password crackers, network protocol attacks • Demonstrated proficiency with either the Python, PowerShell, Bash or Ruby programming language • Expertise with industry-standard tools: Burp Suite Pro, Nmap, SQLMap, Nessus, Nuclei, Metasploit, CrackMapExec, BloodHound • Familiarity with reverse engineering tools or firmware analysis is a plus • Willingness and capability to exceed mastery of common penetration tools toward a deeper understanding of the technology that is needed to reveal vulnerabilities that standard tool proficiency does not • Willingness to learn or experience with device hacking / reverse engineering of products and devices • Execute red teaming tactics: Active Directory exploitation (Kerberoasting, AS-REP Roasting, DCSync, constrained delegation) • Lateral movement, persistence, and evasion • Command and control (C2) setup. WHAT THE CANDIDATE WOULD DO: • Internal/External Network Penetration Testing • Cloud Penetration Testing • Web Application Security Testing • API Security Testing • Mobile Application Security Testing • IoT / Device Security Testing • Desktop Application Security Testing • Red Teaming Activities • Demonstrating proficiency in diverse reconnaissance and information gathering methods, including network analysis, web application analysis, and database analysis. • Possessing expertise in industry-standard security best practices and utilizing multiple techniques for penetration testing. • Managing vulnerabilities and effectively communicating with system owners in English, exhibiting excellent communication skills. • The desired candidate will have prior experience completing security assessments and generating reports. OTHER RESPONSIBILITIES: • Creating and developing security assessment solutions • Daily administrative tasks, reporting and communication with the relevant departments in the organization • Designs and develops complex, integrated solutions to meet business requirements or enhance performance of Garmin’s security systems • Performs and evaluates costs analyses and vendor comparisons from small through large scale projects to ensure cost-effective and efficient operations • Measures feasibility of various approaches and makes recommendations • Communicate effectively regarding system operations and environment changes • Adhere to SOX, PCI, and other regulatory requirements as dictated • Understands and avoids potential threats and drives counter measures for IT managed systems • Ensures that all security requirements are met or exceeded • Provides significant contributions to defining team roadmap and priorities • Develops reliable solutions to complex problems which require the regular use of ingenuity and creativity • Demonstrates broad understanding of Garmin's business model, including Engineering, Operations, Finance, Sales and Marketing • Serves as a mentor and provides guidance to less experienced IT workers • Researches new technologies and proposes cost effective solutions • Provides innovation within area of expertise • Facilitates team discussions and meetings • Recognized as an expert in assigned discipline at Garmin and applies extensive technical expertise and analysis to initiatives • Contributes input to broader technology solutions outside of discipline • Serves as a leader of change • Demonstrates professional maturity through giving and receiving constructive feedback • Conflict is addressed effectively without appreciable oversight • Coordinates department level non-project changes • Perform other duties as necessary EDUCATION, EXPERIENCE, AND SKILLS REQUIRED: • Bachelor of Science Degree in Computer Science, Information Technology, Management Information Systems, Business or another relevant field AND a minimum of 6 years relevant experience OR equivalent combination of education and relevant experience • Outstanding academics with the demonstrated ability to apply learned knowledge • Fluency in English is required • Demonstrated strong and effective verbal, written, and interpersonal communication skills in a small team setting • Must be team-oriented, possess a positive attitude and work well with others • Driven problem solver with proven success in solving difficult problems • Excellent time management and follow-up skills • Consistently demonstrates quality and effectiveness in work documentation and organization • Must be able to exploit vulnerabilities and provide actionable remediation recommendations beyond scanning capabilities CERTIFICATIONS: • Required: OSCP or equivalent hands-on experience • Preferred: OSEP, OSWE, CRTP, PNPT, eWPTX, or other Red Team-focused certs

Key Job Responsibilities: VOC - VI (Vulnerability Intelligence), ASM (Attack Surface Management) & VM (Vulnerability Management) Expert. Environment / Context Saint Gobain, world leader in the habitat and construction market, is one of the top 100 global industrial groups. Saint-Gobain is present in 68 countries with 171 000 employees. They design, manufacture and distribute materials and solutions which are key ingredients in the wellbeing of each of us and the future of all. They can be found everywhere in our living places and our daily life: in buildings, transportation, infrastructure and in many industrial applications. They provide comfort, performance and safety while addressing the challenges of sustainable construction, resource efficiency and climate change Saint-Gobain GDI Grou p (250 persons at the head office, including 120 that are internal) is responsible for defining, setting up and managing the Group's Information Systems (IS) and Telecom policy with its 1,000 subsidiaries in 6,500 sites worldwide. The GDI Groupe also carries the common means (infrastructures, telecoms, digital platforms, cross-functional applications ). IN DEC, the IT Development Centre of Saint-Gobain, is an entity with a vision to leverage India’s technical skills in the Information Technology domain to provide timely, high-quality and cost-effective IT solutions to Saint-Gobain businesses globally.Within the Cybersecurity Department, t he Cybersecurity Vulnerability Operations Cent er mission is to Identify, assess and confirm vulnerability and threats that can affect the Group. The CyberVOC teams are based out of Paris and Mumbai and consist of skilled persons working in different Service Lines. Mission We are seeking a highly experienced cybersecurity professional to serve as an VOC Expert supporting the Vulnerability Intelligence (VI), Attack Surface Management (ASM), and Vulnerability Management (VM) teams. This role is pivotal in shaping the strategy, defining technical approaches, and supporting day-to-day operations—particularly complex escalations and automation efforts. The ideal candidate will combine technical mastery in offensive security with practical experience in vulnerability lifecycle management and external attack surface discovery. The expert will act as a senior advisor and technical authority for the analyst teams, while also contributing to the design, scripting, and documentation of scalable security proceess. The VOC Expert is responsible for: Vulnerability Intelligence (VI) Drive the qualification and risk analysis of newly disclosed vulnerabilities. Perform exploit PoC validation when needed to assess practical risk. Maintain and enhance the central VI database, enriched with (EPSS, CVSS, QVS, SG-specific scoring models, and EUVD) Define and automate workflows for: Vulnerability qualification, exposure analysis, and prioritization Ingestion of qualified vulnerability data into the enterprise Data Lake Collaborate on documentation of VI methodology and threat intelligence integration Support proactive communication of high/critical vulnerabilities to asset and application owners Attack Surface Management (ASM): Operate and enhance external asset discovery and continuous monitoring using ASM tools Integrate asset coverage data from CMDB, and other internal datasets Design and implement scripts for: WHOIS/ASN/banner correlation Data enrichment and alert filtering Deploy and maintain custom scanning capabilities (e.g., Nuclei integrations) Provide expert input on threat modeling based on exposed assets and external footprint BlackBox Pentesting: Maintain the service delivery of the BlackBox Pentesting platform Automate the export of pentest data and integrate into Data Lake and Power BI dashboards Define and document onboarding workflows for new applications Actively guide analysts in prioritizing pentest requests and validating results. Vulnerability Management: Vulnerability review, recategorization, and false positive identification Proactive vulnerability testing and replay Pre-analyze and consolidate vulnerability data from various scanning tools Prepare concise syntheses of available vulnerabilities Offer guidance to the SO and CISO on vulnerabilities Collaborate with key stakeholders to develop strategies for vulnerability management Assist in defining vulnerability management KPIs and strategic goals Prepare concise, actionable summaries for high-risk vulnerabilities and trends Automate testing actions: Develop scripts and tooling to automate repetitive and complex tasks across VI, ASM and VM. Implement data pipelines to sync outputs from ASM/VI tools to dashboards and reporting engines. Design streamlined workflows for vulnerability lifecycle—from detection to closure. Collaborate with both offensive and defensive teams to support App managers and Asset managers in remediating vulnerabilities and issues. Skills and Qualifications: Bachelor's degree in Computer Science, Information Security, EXTC or related field; relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are a plus Proven experience (10+ years) working within the Cybersecurity field, with a focus on offensive security, vulnerability intelligence and attack surface analysis. Proven experience on Penetration testing actions (web application, infrastructure, …) Proven expertise in: CVE analysis, exploit development/validationExternal asset discovery & mapping Threat modeling and prioritizationAdvanced knowledge of tooling such as: ASM platforms Nuclei, Shodan, Open Source CTI, vulnerability scanners (Qualys, Tenable, …) Pentester tools (Burp, SQLmap, Responder, IDA and Kali environment) Experience in investigating newly published vulnerabilities, assessing their risks, severity. Strong scripting languages (e.g., Python, Bash, Powershell, C#, …) for automation and customization Experience with Pentester tools (Burp, SQLmap and Kali environment) Strong technical skills with an interest in open-source intelligence investigations Experience building dashboards in Power BI or similar tools. Familiarity with data lakes, API integrations, and ETL processes. Knowledge of NIST CVE database, OWASP Top 10, Microsoft security bulletins Excellent writing skills in English and ability to communicate complicate technical challenges in a business language to a range of stakeholders. Personal Skills: Has a systematic, disciplined, and analytical approach to problem solving with Thorough leadership skills & experience Excellent ability to think critically underpressure Strong communication skills to convey technical concepts clearly to both technical and non-technical stakeholders Willingness to stay updated with evolving cyber threats, technologies, and industry trends Capacity to work collaboratively with cross-functional teams, developers, and management to implement robust security measures Additional Information: The position is based in Mumbai (India)

Position: VAPT Specialist Experience: 3+ Years Location: Mumbai/ Thane Notice Period: Immediate Joiners Primary Skills: VAPT, CEH Certification, Metasploit, Penetration Testing, Linux Key Responsibilities: Perform Web Application Vulnerability Assessments and Penetration Testing to identify and exploit vulnerabilities in web applications. Conduct Mobile Application Vulnerability Assessments and Penetration Testing on Android and iOS platforms, identifying weaknesses and suggesting appropriate fixes. Lead Network Penetration Testing to evaluate the security posture of internal and external networks. Reverse engineer malware, analyze data obfuscation techniques, and work with cryptographic ciphers to detect and mitigate threats. Utilize industry-leading penetration testing tools such as Metasploit, BurpSuite, w3af, Kali Linux, SQLMap, Skipfish, MObSF, Androbugs, Nessus, and others to automate and perform testing. Leverage Linux/UNIX environments, including proficiency in Bash and PowerShell scripting, to perform testing and automate tasks. Document findings, provide detailed reports, and assist in remediation by working closely with internal teams. Stay up-to-date with emerging threats, vulnerabilities, and penetration testing methodologies. Qualifications & Requirements: 3-4 years of hands-on experience in performing web application, mobile application, and network penetration testing. Strong expertise in Web Application Vulnerability Assessment & Penetration Testing. Hands-on experience with Mobile Application Vulnerability Assessment & Penetration Testing (Android and iOS). Proficient in Network Penetration Testing and Security Assessment techniques. Experience with reverse engineering malware, analyzing obfuscated data, and cryptographic analysis. Strong command of penetration testing tools such as Metasploit, BurpSuite, w3af, Kali Linux, SQLMap, Skipfish, MObSF, Androbugs, Nessus, and others. CEH (Certified Ethical Hacker) certification is mandatory. Knowledge of Linux/UNIX operating systems and Bash or PowerShell scripting. Excellent problem-solving skills and the ability to think creatively in assessing security weaknesses. Strong communication skills for writing technical reports and working with cross-functional teams.

Job Description infySEC needs 4-8 yrs candidates for its client in Noida location, currently its remote working. Will be responsible for application pen testing using BurpSuite and tools sets provided under Kali Linux, Pen Tester should be able to test Web Based as well as thick client and be able to document findings in Pen Test Reports and knowledge of CVSS for scoring vulnerabilities. Skills & Experience OSCP/CPENT certified Expertise in pen testing of Web Applications Expertise in pen testing of Thick Clients Dynamic Scan and Triage false positives of flags from tools Planning Pen Testing and coverage VAPT report writing Manual Pen testing using Postman/Extensions and etc Expertise on Security Tools: Burp Suite Professional or Enterprise Kali Linux and tools available in Kali Linux such NMAP, SQLMAP and etc Must have skills : Pentesting Kali Linux Burpsuit proxy tool sqlmap Salary: Not a constrain for certified and deserving candidates Skill Required

Job Title: Faculty – Cyber Security & Machine Learning Location: Mira Road, Thane Position Type: Visiting Faculty Job Summary: We are seeking an experienced and passionate faculty member to teach and mentor undergraduate students in the field of Cyber Security and Machine Learning. The selected candidate will be responsible for delivering course content, designing assessments, mentoring students on practical implementations, and driving academic excellence in the subjects Ethical Hacking and Machine Learning I, as outlined by the University of Mumbai syllabus. Key Responsibilities: Academic Delivery ● Conduct theory and practical sessions for: ○ Ethical Hacking (including network security, cryptography, web security, hardware security) ○ Machine Learning I (including supervised & unsupervised learning, ensemble techniques, SVM, dimensionality reduction) ● Create lesson plans, lecture notes, and assessment tools aligned with syllabus ● Use tools such as Cisco Packet Tracer, Kali Linux, Metasploit, SQLMap, Wireshark, Jupyter Notebooks, Scikit-learn, and others during practical sessions ● Assign and evaluate laboratory work, tutorials, and case studies ● Encourage students to use digital tools and platforms (e.g., DVWA, OWASP, Kaggle, UCI datasets) Assessment & Evaluation ● Conduct internal assessments as per academic guidelines ● Prepare, administer, and grade exams, assignments, and projects ● Maintain timely and accurate records of grades and student progress Qualifications & Experience: Minimum Qualifications: ● Master’s degree in Computer Science / Cyber Security / Information Technology / Data Science / Artificial Intelligence or equivalent Experience: ● Minimum 2–5 years of teaching or industry experience in ethical hacking, information security, or applied machine learning Preferred Skills: ● Hands-on with penetration testing tools (e.g., Wireshark, John the Ripper, Metasploit) ● Familiarity with ML libraries: Scikit-learn, TensorFlow, etc. ● Experience with classroom and lab-based instruction ● Strong communication and mentoring skills Desirable Certifications: ● CEH (Certified Ethical Hacker) ● CompTIA Security+ ● Offensive Security Certified Professional (OSCP) ● Machine Learning or AI certifications (Coursera, edX, etc.) Remuneration: Rs. 2000 per hour (Negotiable)

Key Job Responsibilities: VOC - VI (Vulnerability Intelligence) & ASM (Attack Surface Management) Analyst Environment / Context Saint Gobain, world leader in the habitat and construction market, is one of the top 100 global industrial groups. Saint-Gobain is present in 68 countries with 171 000 employees. They design, manufacture and distribute materials and solutions which are key ingredients in the wellbeing of each of us and the future of all. They can be found everywhere in our living places and our daily life: in buildings, transportation, infrastructure and in many industrial applications. They provide comfort, performance and safety while addressing the challenges of sustainable construction, resource efficiency and climate change . Saint-Gobain GDI Grou pe (250 persons at the head office, including 120 that are internal) is responsible for defining, setting up and managing the Group's Information Systems (IS) and Telecom policy with its 1,000 subsidiaries in 6,500 sites worldwide. The GDI Groupe also carries the common means (infrastructures, telecoms, digital platforms, cross-functional applications ). IN DEC, the IT Development Centre of Saint-Gobain, is an entity with a vision to leverage India’s technical skills in the Information Technology domain to provide timely, high-quality and cost-effective IT solutions to Saint-Gobain businesses globally. Within the Cybersecurity Department, the Cybersecurity Vulnerability Operations Cen ter mission is to Identify, assess and confirm vulnerability and threats that can affect the Group. The CyberVOC teams are based out of Paris and Mumbai and consist of skilled persons working in different Service Lines . Mission The VOC VI & ASM Analyst will be part of a team responsible for monitoring and identifying vulnerabilities as well as proactively assessing their threat with regards to Saint-Gobain context. The team also provides comprehensive feedback and guidance on detected vulnerabilities to assist Security Officers and Application Manager on the remediationpart. This role takes a holistic approach to identifying newly published vulnerabilities and contextualizing them to Saint-Gobain environment as well as tracking potential external entry points to Saint-Gobain systems anddata. The VOC VI & ASM Analyst is responsible for: Vulnerability Intelligence (VI): Monitor new vulnerabilities and assess their criticality and risk severity based on threat, exploit availability, ease of exploit, impact, …Communicate and publish an assessment on vulnerabilities related to software used in Saint-Gobain's scope Maintain timely, high-quality vulnerability bulletins, prioritizing issues against the Group’s asset exposure Update on a regular basis our software inventory in the scope of Vulnerability Assessment Service Keep the vulnerability database up to date; enrich each CVE and security bulletin with QDS, EPSS, CVSS metrics, … Attack Surface Management (ASM): Operate continuous monitoring of external assets via ASM Security tools Update on a regular basis the coverage of ASM tools, by adding known domains and IP ranges belonging to Saint-Gobain Assess the severity of the findings and confirm their presence (review, challenge, FP assessment, …) Track and report exposure trends; escalate high-risk findings to Blue-Team remediation owners Build and use the external footprint to proactively identify new threats and new vulnerabilities Leverage ASM tools to proactively identify external assets subject to newly published vulnerabilities BlackBox Pentesting: Drive proactive follow-up on detected vulnerabilities, engaging system owners and tracking remediationto closure Active follow up with Application managers to onboard new application in the BlackBox Pentesting service Pentest launch Contract follow-up Tools follow up and maintenance Vulnerability Management:Vulnerability review, recategorization, and false positive identification Proactive vulnerability testingand replayPre-analyze and consolidate vulnerability data from various scanning tools Prepare concise syntheses of available vulnerabilities Offer guidance to the SO and CISO on vulnerabilities Collaborate with key stakeholders to develop strategies for vulnerability management Scripting and automation:Automate data extraction and data push from VI and ASM tools to DataLake tools Build automation workflows to streamline vulnerability identification, assessment, and reporting Collaborate with the offensive and defensive teams to enhance vulnerability assessmentand t esting Skills and Qualifications Bachelor's degree in Computer Science, Information Security, EXTC or related field; relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are a plusProven experience (6+ years) working within the Cybersecurity field, with emphasis on security platform implementation & administration Experience on Penetration testing actions (web application, infrastructure, …) Experience with security scanning tools Experience with VI and ASM tools Experience in investigating newly published vulnerabilities and assessing their risks and severity Experience with scripting languages (e.g., Python, Bash, Powershell, C#, …) for automation and customization of security processes is a plus Experience with Pentester tools (Burp, SQLmap, Metasploit, Kali environment, …) Strong technical skills with an interest in open-source intelligence investigations Knowledge of NIST CVE database, OWASP Top 10, Microsoft security bulletins Excellent writing skills in English and ability to communicate complicate technical challenges in a business language to a range ofstakeholders. Personal Skills Has a systematic, disciplined, and analytical approach to problem solving with Thorough leadership skills & experience Excellent ability to think critically under pressure Strong communication skills to convey technical concepts clearly to both technical and non-technical stakeholders Willingness to stay updated with evolving cyber threats, technologies, and industry trends Capacity to work collaboratively with cross-functional teams, developers, and management to implement robust security measures Additional Information The position is based in Mumbai (India)

Flawit InfoSec Services Flawit InfoSec Services is a cybersecurity firm delivering comprehensive, end-to-end security solutions to enterprises, startups, and government organizations. Our core expertise includes vulnerability assessment and penetration testing (VAPT), red teaming, security operations center (SOC) implementation, risk and compliance advisory, cloud and DevSecOps security, identity and access management (IAM), and more. With a client-first approach, our certified professionals apply global frameworks like OWASP, NIST, and MITRE ATT&CK to secure digital environments and build long-term resilience against evolving threats. Role – Penetration Tester (On-site, Nashik) We are looking for a skilled Penetration Tester to join our team and lead offensive security engagements across diverse environments. The role involves simulating real-world attacks, identifying security flaws, and helping clients strengthen their cybersecurity posture through hands-on testing and tailored recommendations. Key Responsibilities: Conduct detailed vulnerability assessments and penetration tests on web applications, mobile apps, APIs, networks, wireless environments, cloud infrastructure, and thick client systems Perform red teaming exercises, social engineering assessments, and adversary simulations Reverse engineer malware and binaries to identify behavior and possible countermeasures Conduct secure code reviews to detect logic flaws, insecure implementations, and potential backdoors Prepare in-depth technical and executive reports, outlining vulnerabilities, impact, and remediation strategies Communicate findings to internal teams and client stakeholders, and support remediation discussions Develop custom scripts and tools to automate or enhance testing methodologies Stay updated with emerging threats, vulnerabilities, and attack vectors through continuous research Required Skills and Qualifications: Proven experience in web and mobile application penetration testing (OWASP Top 10, API Security) Proficient in tools such as Burp Suite, Metasploit, Nmap, Nessus, Nikto, sqlmap, Wireshark, and Dirbuster Understanding of red team operations, adversary tactics, and MITRE ATT&CK framework Hands-on knowledge of reverse engineering and malware analysis Familiarity with cloud platform security (AWS, Azure, GCP) and DevSecOps pipelines Good understanding of network protocols, operating system internals, and scripting languages (Python, Bash, PowerShell) Ability to write detailed documentation and deliver concise, clear reports to technical and non-technical audiences Bachelor's degree in Cybersecurity, Computer Science, or a related field Relevant certifications are a plus (OSCP, OSEP, OSCE, CRTP, eJPT, CEH, etc.)

Job Description About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Strong understanding of IT security standards and frameworks (OWASP, NIST, CIS) Strong understanding of security risks in networks and application platforms Strong understanding of network security, infrastructure security and application security Strong understanding of OSI, TCP/IP model and network basics Demonstrate technical penetration testing skills on IT infrastructure, web applications, mobile platforms and Red teaming Strong technical skills: Information security, network security, Windows security, UNIX/Linux security, web and mobile application security, Cloud platforms Broad knowledge of security technologies for applications, databases, networks, servers, and desktops Solid technical skills in both information security architecture and penetration testing and ability to assess testing tools and deploy the right ones. Scripting and programming experience is beneficial Ability to perform manual penetration testing Experience in Application Security Testing (Web, Mobile & ERP [SAP]), or related functions Vulnerability Assessment, Penetration testing Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actors Conduct security research on the latest emerging advanced persistent threats (APTs), malware, and other security developments to assist in enterprise security efforts. Apply this security research into assessments. Perform technical writing to communicate the preparation, testing, and recommendation phases for various security tests. Work with stakeholders to remediate system vulnerabilities. Train team members and colleagues on the latest cybersecurity tactics, techniques, and procedures (TTPs) to grow the skill of the firm Understanding of various security technologies including end point security, perimeter security, advanced threat protection, malware defense and security management Expertise in the phases of penetration testing. Familiarity with Kali Linux distribution and the associated penetration testing tools suite. Experience in penetration testing simulations like Hack the Box or Capture the Flag exercises considered a plus. Good Understanding of OWASP top 10 and mitigation techniques Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, Security Misconfiguration, CSRF, authentication/ authorization issues Database testing: MySQL, Oracle, NoSQL Understanding of cyber security management, cyber analytics, security intelligence platforms and threat intelligence frameworks Writing business proposals and response to client RFP/ RFIs Identifying business opportunities and lead delivery and program management for large cyber security programs Delivery team and client relationship management Experience on both commercial, open source tools and frameworks but not limited: Burpsuite, Metasploit, Core-Impact, Kali-Linux, AppScan, WebInspect, SSLScan, Soap UI Pro, SonarQube, Qualys, Nikto, Nessus, nmap, sqlmap, OWASP ZAP Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Qualifications B.Tech, B.E.

Job Summary: We are seeking a highly experienced “Senior VAPT & Penetration Testing Specialist” to lead and ensure the quality and effectiveness of our vulnerability assessment and penetration testing operations. This role involves findings, validating findings, reviewing technical reports, ensuring compliance with standards (OWASP, PTES, NIST, etc.), and improving methodologies and tools. Key Responsibilities: Conduct in-depth vulnerability assessments and penetration tests on web, mobile, network, API, and cloud infrastructure using manual and automation. Utilize industry-standard tools like SQLMap, Burp Suite, Nessus, Nmap, and custom scripts for advanced exploitation techniques. Simulate various cyber-attacks including DDoS, Brute Force, XSS, SQL Injection, DNS attacks, and Social Engineering to identify system vulnerabilities. Perform peer reviews of technical deliverables and verify accuracy of findings and recommendations. Ensure that all assessments are aligned with industry standards such as OWASP, PTES, MITRE ATT&CK, and NIST. Act as a technical lead and mentor for junior VAPT team and QA team members. Identify gaps in the current testing methodologies and implement process improvements. Prepare detailed documentation and the VA report and ensure clear, actionable, and risk-rated reporting. Collaborate with clients and internal teams to understand scope and provide post-assessment clarifications. Present the client meeting for the future VAPT assignments. Stay updated with emerging threats, tools, techniques, and frameworks. Required Skills & Qualifications: Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field. 3 to 5 years of hands-on experience in VAPT and penetration testing. In-depth knowledge of web, network, mobile, cloud, and API security. Strong understanding of secure coding practices and vulnerability management. Expertise in tools like Burp Suite, Nmap, Nessus, Metasploit, Qualys, Kali Linux, Wireshark, etc. Familiarity with SIEM, IDS/IPS, EDR tools is a plus. Excellent report writing and documentation skills. Strong communication and overseas client-interaction skills. Preferred Certifications: OSCP (Offensive Security Certified Professional) – Highly preferred CEH (Certified Ethical Hacker) CREST / GPEN / GWAPT / CISSP – Optional but desirable ISO 27001 Lead Auditor or Lead Implementer – Added advantage

We are hiring a hands-on Penetration Tester to lead and execute end-to-end security assessments across Web, Infrastructure, and Cloud environments. As the technical backbone of our lean and growing VAPT practice, you’ll work closely with the Security Lead and directly engage with clients to deliver meaningful, high-impact security outcomes. Key Responsibilities: Perform manual and automated penetration testing across: Web Applications (based on OWASP Top 10) Infrastructure (external/internal IPs, firewall review, patch audits) Cloud Environments (basic Azure/AWS – IAM, Storage, Networking) Identify, exploit, and report on vulnerabilities such as SSRF, RCE, IDOR, LFI, and S3 bucket exposures Use tools such as Burp Suite , Nmap , SQLMap , Nikto , Nessus/OpenVAS Write high-quality, detailed technical reports with: Screenshots for PoCs Remediation guidance Risk severity scoring (preferably CVSSv3 ) Collaborate with clients to explain findings and provide actionable recommendations Contribute to toolchain improvements and lightweight automation (Python/Bash preferred) Requirements 3–6+ years of hands-on experience in at least 2 of the following areas : Web Application Penetration Testing (OWASP Top 10) Infrastructure VAPT (internal/external, firewall, patch validation) Basic Cloud VAPT (AWS or Azure: IAM, Storage, Networking) Proficiency in: Manual testing techniques , fuzzing, and exploitation Burp Suite (Community or Pro) Tools like Nmap, SQLMap, Nikto, Nessus/OpenVAS Strong understanding of common vulnerabilities and exploitation techniques Preferred Certifications CEH , eJPT , OSCP (or strong portfolio/proof of hands-on skill) AZ-500 or AWS Security Specialty (for cloud security exposure) Good to Have Familiarity with scripting for automation (Python, Bash) Exposure to CVSSv3 for vulnerability scoring Experience with Dradis , Excel-based reporting , or similar tools

As a Security Testing professional at Lexmark India, you will be part of a dynamic team dedicated to ensuring the security of our software products. You will have the opportunity to utilize your technical expertise to conduct web application security assessments and penetration tests. Your role will involve assessing applications for various security issues such as Authentication, Authorization, User management, Session management, Data validation, and common attacks like SQL injection, Cross-site scripting, and Command injection. Additionally, you will evaluate the security aspects of Web Services design and implementation, focusing on confidentiality, integrity, trust relationships, and authentication using security standards like XML signatures, XML encryption, SAML, and WS-Security. Your responsibilities will extend to thick client assessment, writing formal security assessment reports, and participating in client conference calls for data gathering and technical issue advisory. To excel in this role, you should possess hands-on experience with tools like Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Openssl, Mallory, Wireshark, and have familiarity with mobile application development and assessment for platforms such as iOS, Android, and Windows. Knowledge of web application development languages like C#, Java, PHP, ASP.NET, scripting languages like Python, JavaScript, Ruby, SQL, and reviewing code in languages such as C, C++, Java, PHP, C#, ASP.NET, Go is essential. Moreover, expertise in automated source code analysis tools like Acunetix, Appscan, and certifications such as OSCP or CEH will be advantageous. Proficiency in version control software like git and Subversion, along with a demonstration of Lexmark core values including Innovation, Excellence, Agility, Integrity, Community, and Respect, will further enhance your suitability for this role. If you are a self-starter with a strong aptitude, analytical skills, and a passion for technology, and have 3 to 5 years of application security testing experience, then we encourage you to apply for this exciting opportunity with Lexmark India. Join us in our mission to deliver first-class products and solutions to our global customers. Apply now and showcase your innovative spirit with a renowned technology leader.,

We are hiring a hands-on Penetration Tester to lead and execute end-to-end security assessments across Web, Infrastructure, and Cloud environments. As the technical backbone of our lean and growing VAPT practice, you'll work closely with the Security Lead and directly engage with clients to deliver meaningful, high-impact security outcomes. Key Responsibilities: Perform manual and automated penetration testing across: Web Applications (based on OWASP Top 10) Infrastructure (external/internal IPs, firewall review, patch audits) Cloud Environments (basic Azure/AWS - IAM, Storage, Networking) Identify, exploit, and report on vulnerabilities such as SSRF, RCE, IDOR, LFI, and S3 bucket exposures Use tools such as Burp Suite, Nmap, SQLMap, Nikto, Nessus/OpenVAS Write high-quality, detailed technical reports with: Screenshots for PoCs Remediation guidance Risk severity scoring (preferably CVSSv3) Collaborate with clients to explain findings and provide actionable recommendations Contribute to toolchain improvements and lightweight automation (Python/Bash preferred) Requirements 3-6+ years of hands-on experience in at least 2 of the following areas: Web Application Penetration Testing (OWASP Top 10) Infrastructure VAPT (internal/external, firewall, patch validation) Basic Cloud VAPT (AWS or Azure: IAM, Storage, Networking) Proficiency in: Manual testing techniques, fuzzing, and exploitation Burp Suite (Community or Pro) Tools like Nmap, SQLMap, Nikto, Nessus/OpenVAS Strong understanding of common vulnerabilities and exploitation techniques Preferred Certifications CEH, eJPT, OSCP (or strong portfolio/proof of hands-on skill) AZ-500 or AWS Security Specialty (for cloud security exposure) Good to Have Familiarity with scripting for automation (Python, Bash) Exposure to CVSSv3 for vulnerability scoring Experience with Dradis, Excel-based reporting, or similar tools

We are hiring a hands-on Penetration Tester to lead and execute end-to-end security assessments across Web, Infrastructure, and Cloud environments. As the technical backbone of our lean and growing VAPT practice, you'll work closely with the Security Lead and directly engage with clients to deliver meaningful, high-impact security outcomes. Key Responsibilities: Perform manual and automated penetration testing across: Web Applications (based on OWASP Top 10) Infrastructure (external/internal IPs, firewall review, patch audits) Cloud Environments (basic Azure/AWS - IAM, Storage, Networking) Identify, exploit, and report on vulnerabilities such as SSRF, RCE, IDOR, LFI, and S3 bucket exposures Use tools such as Burp Suite, Nmap, SQLMap, Nikto, Nessus/OpenVAS Write high-quality, detailed technical reports with: Screenshots for PoCs Remediation guidance Risk severity scoring (preferably CVSSv3) Collaborate with clients to explain findings and provide actionable recommendations Contribute to toolchain improvements and lightweight automation (Python/Bash preferred) Requirements 3-6+ years of hands-on experience in at least 2 of the following areas: Web Application Penetration Testing (OWASP Top 10) Infrastructure VAPT (internal/external, firewall, patch validation) Basic Cloud VAPT (AWS or Azure: IAM, Storage, Networking) Proficiency in: Manual testing techniques, fuzzing, and exploitation Burp Suite (Community or Pro) Tools like Nmap, SQLMap, Nikto, Nessus/OpenVAS Strong understanding of common vulnerabilities and exploitation techniques Preferred Certifications CEH, eJPT, OSCP (or strong portfolio/proof of hands-on skill) AZ-500 or AWS Security Specialty (for cloud security exposure) Good to Have Familiarity with scripting for automation (Python, Bash) Exposure to CVSSv3 for vulnerability scoring Experience with Dradis, Excel-based reporting, or similar tools

Job Title: Cybersecurity Consultant – VAPT Specialist Location: Riyadh Experience Level: Mid to Senior Employment Type: Full-time Job Summary We are seeking a highly skilled and passionate Cybersecurity Consultant with deep expertise in Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, and API platforms . The ideal candidate will have a strong background in identifying and remediating high-risk vulnerabilities, collaborating with cross-functional teams, and implementing robust security strategies tailored to diverse industries. This role requires a proactive approach to threat mitigation, excellent technical capabilities, and a commitment to continuous learning. Roles & Responsibilities Conduct in-depth Vulnerability Assessment and Penetration Testing (VAPT) for web, mobile, and API platforms, addressing OWASP Top 10, identifying business logic flaws, and uncovering complex attack vectors. Collaborate with IT and development teams to remediate vulnerabilities effectively and within defined SLAs. Design and implement yearly cybersecurity plans aligned with regulatory standards including SAMA CSF, SAMA ITGF, NCA CSCC, NCA ECC , and PCI-DSS . Perform advanced threat hunting, source code reviews , and SIEM audits to detect integration flaws and hidden threats. Carry out network and server configuration reviews in line with NIST, CIS benchmarks , or customized Minimum Baseline Security Standards (MBSS) . Utilize advanced security tools such as: Core Impact, Tenable SC, Nessus, Nmap, Metasploit, Acunetix, AppScan, Splunk, QRadar, Volatility, Hydra, Burp Suite, SonarQube, SQLMap, Fortify , etc. Conduct risk assessments, compromise assessments , and provide tailored recommendations to strengthen the organization’s security posture. Demonstrate strong communication and interpersonal skills , ensuring seamless collaboration across departments and with clients. Stay ahead of evolving threats by researching the latest technologies and attack vectors , and apply this knowledge to secure client environments. Required Qualifications Bachelor of Science Deep understanding of security frameworks, methodologies, and risk-based prioritization. Certifications (Preferred) Certified Information Security Manager (CISM) Certified Red Team Professional (CRTP) eLearn Certified Threat Hunting Professional (eCTHP) eLearn Web Penetration Tester (eWPT) Certified Ethical Hacker (Practical) (CEH) NSE1 – Network Security Associate Key Skills VAPT (Web, Mobile, API) Threat Hunting & Compromise Assessment Source Code & Network Configuration Review Regulatory Compliance (PCI-DSS, NCA, SAMA) Security Tool Proficiency (BurpSuite, Nessus, Metasploit, etc.) Risk Analysis & Communication Skills Report Writing & Executive Summarization

The VOC VI & ASM Analyst is responsible for:  Vulnerability Intelligence (VI): o Monitor new vulnerabilities and assess their criticality and risk severity based on threat, exploit availability, ease of exploit, impact, … o Communicate and publish an assessment on vulnerabilities related to software o Maintain timely, high-quality vulnerability bulletins, prioritizing issues against the Group’s asset exposure o Update on a regular basis our software inventory in the scope of Vulnerability Assessment Service o Keep the vulnerability database up to date; enrich each CVE and security bulletin with QDS, EPSS, CVSS metrics, …  Attack Surface Management (ASM): o Operate continuous monitoring of external assets via ASM Security tools o Update on a regular basis the coverage of ASM tools, by adding known domains and IP ranges o Assess the severity of the findings and confirm their presence review, challenge, FP assessment o Track and report exposure trends; escalate high-risk findings to Blue-Team remediation owners o Build and use the external footprint to proactively identify new threats and new vulnerabilities o Leverage ASM tools to proactively identify external assets subject to newly published vulnerabilities  BlackBox Pentesting: o Drive proactive follow-up on detected vulnerabilities, engaging system owners and tracking remediation to closure o Active follow up with Application managers to onboard new application in the BlackBox Pentesting service  Vulnerability Management: o Vulnerability review, recategorization, and false positive identification Skills  Bachelors degree in Computer Science, Information Security, EXTC or related field; relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are a plus  Experience on Penetration testing actions (web application, infrastructure, …)  Experience with VI and ASM tools  Experience in investigating newly published vulnerabilities and assessing their risks and severity  Experience with scripting languages (e.g., Python, Bash, Powershell, C#, …) for automation and customization of security processes is a plus  Experience with Pentester tools (Burp, SQLmap, Metasploit, Kali environment, …)  Strong technical skills with an interest in open-source intelligence investigations  Knowledge of NIST CVE database, OWASP Top 10, Microsoft security bulletins Additional Information  The position is based in Mumbai (India)