36 Ghidra Jobs

Research Intern - RedTeam Location: Remote Type: Internship – Research-Oriented Duration: 3 months Timing: Flexible Stipend: Performance-based (Certificates, LORs, PPO for top performers) Start Date: Immediate About Malforge Academy Malforge Academy is a next-generation offensive cybersecurity platform focused on ethical malware development , red teaming , and adversary simulation . We train and mentor the next wave of ethical hackers through hands-on learning, deep research, and practical labs that go far beyond theory. We build and teach what real-world red teamers use: custom payloads, evasion techniques, and in-memory tooling — all designed for stealth, performance, and realism. Job Description We are looking for a motivated Malware Development Research Intern to join our cybersecurity research team. This role will focus on analyzing and understanding malware behavior, reverse-engineering malicious code, and contributing to the development of tools to detect and mitigate threats. The intern will work closely with our security research initiatives. We build and teach what real-world red teamers use: custom payloads, evasion techniques, and in-memory tooling — all designed for stealth, performance, and realism. Responsibilities Conduct in-depth analysis of malware samples to understand their functionality, propagation methods, and impact. Reverse-engineer malicious code using tools like IDA Pro, Ghidra etc. Assist in developing and testing proof-of-concept tools for malware detection and analysis. Collaborate with the team to integrate AI-driven approaches into malware research workflows. Document findings and present research results to the team. Interest in ethical malware development , reverse engineering , or red teaming Stay updated on the latest malware trends, vulnerabilities, and threat intelligence. Implement code injection techniques like DLL injection, process hollowing, thread hijacking, etc. Willingness to learn and experiment independently in a research-heavy role What You Will Work On This is a research-centric internship designed for individuals passionate about offensive security and malware development. As an intern, you will: Research and develop Proof-of-Concept (PoC) malware and red team implants Explore and implement AV/EDR evasion techniques (e.g., API unhooking, process injection, LOLBAS) Build custom loaders, droppers, remote access tools (RATs), and C2-compatible payloads Experiment with sandbox evasion, AMSI bypass, and in-memory execution methods Analyze and modify real-world malware samples for research and evasion testing Write and analyze malware in C/C++, Python, Go, Rust , or Assembly Work with different RedTeam tools What You'll Gain Mentorship from professional malware developers and red teamers Access to an isolated Malware R&D Lab (VMs, test samples, tools, guides) Real-world experience in offensive malware tooling Flexible work arrangements A collaborative and innovative work environment How to Apply Please send the following: Your Resume (PDF) GitHub, GitLab, or any code/project portfolio (if available) A short write-up of any malware-related research, experiments, or personal projects (even blogs or labs) 📧 Email to: malforgeacademy@gmail.com Subject Line: Internship Application – Malware R&D If you’re serious about leveling up in offensive security and want to be mentored by professionals in malware R&D — we invite you to apply and get hands-on with cutting-edge red team tooling. Note: This internship is strictly for legal, educational, and simulation purposes only. We do not support or condone black-hat activity.

Description As an Automotive Cybersecurity Engineer, you will be responsible for assessing and enhancing the security of connected vehicles through advanced penetration testing, wireless and hardware exploitation, and embedded system analysis. You will evaluate vehicle communication systems, infotainment platforms, and remote entry mechanisms to identify vulnerabilities that could compromise vehicle safety, privacy, and functionality. This position is ideal for cybersecurity professionals passionate about automotive technologies, embedded interfaces, and threat simulation. Responsibilities Perform Security Testing of In-Vehicle Systems: Conduct assessments of vehicle internal networks (e.g., CAN, OBD-II) to identify and exploit vulnerabilities in communication flows and control mechanisms. Analyze infotainment systems and user interfaces for privacy concerns, data leakage, and potential malware injection points. Simulate remote and physical attack vectors, including key fob signal replay, wireless intrusion, and unauthorized access. Evaluate Embedded & Wireless Communication Interfaces: Assess the security of Bluetooth, Wi-Fi, and RF-based protocols used in the vehicle ecosystem. Examine communication channels between connected mobile applications, infotainment clusters, and backend services. Test for privilege escalation, data interception, and firmware or hardware manipulation. Reverse Engineer Vehicle Architectures: Understand and map circuit-level data flows across ECUs and control modules. Extract and analyze firmware, debug interfaces, and physical ports for security analysis. Utilize diagnostic tools, CAN analyzers, and SDR platforms for in-depth testing. Identify Vulnerabilities and Recommend Mitigation: Document test findings with detailed risk assessments and technical evidence. Work with internal teams and OEMs to recommend security hardening measures. Contribute to the ongoing improvement of testing methodologies and lab capabilities. Stay Aligned with Industry Standards: Ensure compliance with national and international automotive cybersecurity standards, including AIS 189, ISO/SAE 21434, and UN R155. Stay updated on emerging vehicle technologies and cyber threat landscapes. Eligibility Educational Background: Bachelor’s degree in electrical/Electronics, Computer Science, Cybersecurity, or related discipline. Technical Skills: Knowledge of vehicle networking protocols (CAN, LIN, UDS). Experience with CAN analysis tools (CANalyzer, SavvyCAN, PCAN). Familiarity with Android-based systems, ADB, rooting, and mobile OS exploitation. Experience in wireless exploitation (Wi-Fi, Bluetooth, RF using SDR). Circuit and system-level debugging, reverse engineering PCBs, or automotive modules. Experience: 1–4 years of experience in penetration testing, embedded security, or automotive security assessment. Desired Eligibility Exposure to AIS 189 or ISO/SAE 21434 frameworks. Participation in hardware-based CTFs, red teaming, or automotive-focused security research. Familiarity with tools such as Metasploit, Burp Suite, IDA Pro, Ghidra, Wireshark, and SDR tools. Certifications like CEH, CRTP, OSCP, PJPT, PNPT, or relevant embedded/automotive certifications. Ability to work in lab environments and travel for on-site testing engagements. Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph.

Job Information Date Opened 07/24/2025 Job Type Full time Industry IT Services Work Experience 4-5 years City Bangalore State/Province Karnataka Country India Zip/Postal Code 560024 Job Description About Globals: Globals has drastically grown from a small home office to a globally recognized enterprise offering world-class quality solutions on Cybersecurity, Cyberwarfare, ERP Systems, AI, and Enterprise Application Development for various industries including Defence, Education, Government, Financial Services and Transport Industries. Globals has enabled its customers to be game-changers in their industry through its disruptive and innovative solutions. Globals is certified as a "Great Place to Work" organization for its laudable work culture that helps its team members manage work-life, have dedicated hours to upskill and reskill themselves, and most important to ensure that the projects that they are working on are always unique, challenging their status quo every time. Our unique work culture has made us one of the world’s fastest-growing technology companies as recognized and featured by The Economist. Our excellence in technical stewardship and service-offering expertise has facilitated our clients ranging from individual entrepreneurs to Fortune Global 500 – to explore new business opportunities, reduce their operational costs significantly and boost their revenues. Today, Globals enjoys a strong position in the industry as a high-performing leader through its technology innovation and remarkable domain expertise. Globals is a CMMI Level 3 certified company. About the Job Role: We are seeking a Malware & Threat Intelligence Researcher to join our Offensive Security team. This role is ideal for a passionate researcher who thrives on analyzing advanced malware campaigns, reverse-engineering threats, monitoring threat actors across dark web/clearnet and APT Groups, and crafting threat intelligence that can power our red and blue teams. You will contribute to strategic threat intelligence, malware emulation, threat hunting, and tool development. Responsibilities: Conduct in-depth malware reverse engineering (PE, .NET, Golang, Rust, PowerShell, Batch, VBS, etc.) Track APT groups, develop TTP profiles, and perform contextual threat intelligence. Develop malware emulators or PoCs and scripts for red team simulations or cyber ranges. Monitor darknet forums and marketplaces, and stealer logs for actor trends and breach intelligence. Create YARA rules, hunting signatures, and detection logic based on static/dynamic analysis. Support threat hunting and detection engineering teams with enriched IOC and behavioural insights. Collaborate with internal teams to simulate real-world threats, analyze telemetry, and produce attack playbooks. Requirements Knowledge of packers, obfuscation, encryption, and anti-debugging techniques 3+ years of hands-on experience in malware analysis, threat research, or reverse engineering. Experience with APT tracking, malware campaign documentation, or C2 hunting. Published research/blogs on threat campaigns is a plus Bachelor's degree in engineering, Computer Applications, Cybersecurity, or related field. Certifications like GIAC GREM, CRTIA, or similar are a plus Reverse engineering: Ghidra, IDA Pro, x64dbg, OllyDbg Scripting: C++, Golang, Python Malware Analysis: PEStudio, ProcMon, Wireshark, FakeNet, Any.Run Threat Intel: FOFA, Validin, Censys, VirusTotal, Telegram, Darknet forums YARA, Sigma, OSINT tools Familiarity with MITRE ATT&CK framework and Threat Intel Platforms (TIPs) Understanding of EDR tampering, living-off-the-land binaries (LOLBins), C2 infrastructure Benefits Work on high-impact cyber defense and cyberwarfare initiatives. Publish and present your research to a global audience. Collaborate with National Cybersecurity Coordinator’s Office, CERT-IN, DRDO, and other National Security Agencies focused on Cybersecurity. Enjoy flexibility, innovation-driven culture, and recognition for thought leadership. Apply Now

Position Senior Security Engineer - IOT Experience Job Description: 2–6 years of relevant experience in system security, embedded systems, and vulnerability assessments. Key Skills Firmware Analysis Tools: Expertise in using firmware analysis tools such as Ghidra, Binwalk, and Radare2 for static and dynamic analysis of firmware images. Embedded Linux Platforms: In-depth knowledge of embedded Linux, Yocto, and OpenWRT platforms for secure firmware and OS testing. Secure Boot & Firmware Update Mechanisms: Proficiency in testing secure boot processes and firmware update mechanisms, ensuring integrity and authenticity. OS Hardening & Security Configurations: Strong understanding of OS hardening techniques and security configurations to mitigate threats and enhance system integrity. Vulnerability Assessment & CVE Analysis: Extensive experience with vulnerability assessment frameworks and CVE analysis, identifying and addressing security vulnerabilities in embedded systems. Debugging & Emulation Tools: Proficient in using debugging tools and emulators such as QEMU to analyze embedded system behavior. SBOM & Secure Update Protocols: Familiarity with SBOM (Software Bill of Materials), patch management, and secure update protocols to ensure safe software deployments. Firmware Reverse Engineering: Expertise in performing reverse engineering of firmware images to detect vulnerabilities and potential exploits. Penetration Testing Frameworks: Experience using penetration testing frameworks like Metasploit, Kali Linux, and custom tools for system vulnerability testing. Custom Test Case Development: Ability to develop and execute custom test cases to simulate real-world attack scenarios and identify potential risks in embedded systems. Leadership & Mentoring: Strong leadership skills with a proven track record of mentoring junior engineers and guiding teams in advanced security testing methodologies. Technical Writing & Reporting: Excellent technical writing skills, including the ability to produce clear, concise, and detailed reports on security findings and risk assessments. Proactive Security Risk Mitigation: Proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices. Responsibilities Leadership in Security Testing: Lead system-level Vulnerability Assessment and Penetration Testing (VAPT) for firmware, operating systems, and embedded software, ensuring thorough security evaluations. Test Plan Development & Execution: Develop and implement comprehensive test plans for secure update and patch validation, ensuring security fixes are applied correctly and without introducing new risks. Firmware Static & Dynamic Analysis: Conduct detailed static and dynamic analysis of firmware images using tools like Ghidra, Binwalk, and Radare2 to identify potential vulnerabilities. Secure Boot & Root of Trust Validation: Validate secure boot implementations and hardware root of trust to ensure system integrity and protection from malicious code injection. OS Hardening & Access Control Testing: Test OS hardening configurations and secure access control mechanisms to strengthen system defenses against unauthorized access and exploitation. Vulnerability Identification & Classification: Identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such as CVSS for risk assessment and remediation prioritization. Collaboration with Compliance & Engineering: Work closely with compliance and engineering teams to prioritize remediation efforts, ensuring that vulnerabilities are addressed effectively. Custom Attack Simulations: Develop and execute custom test cases to simulate real-world attack scenarios and evaluate the system's resilience against cyber threats. Rollback & Patch Management Testing: Oversee testing of rollback and patch management procedures, ensuring that system updates do not compromise security or functionality. Mentoring & Knowledge Sharing: Mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes. CVE Monitoring & Testing Updates: Monitor relevant CVE feeds, integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection. Reporting & Risk Assessments: Provide detailed technical reports and risk assessments to stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations. Regulatory Compliance: Ensure that all testing activities align with industry standards, including RED 18031 compliance, and adhere to relevant regulatory frameworks. Secure Lab Environment Maintenance: Maintain a secure lab environment for all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting. Qualifications & Certifications Education: Bachelor's or Master’s degree in Cybersecurity, Embedded Systems, Computer Engineering, or a related field. Certifications (Preferred): OSCP (Offensive Security Certified Professional) OSCE (Offensive Security Certified Expert) GXPN (GIAC Exploit Researcher and Advanced Penetration Tester) Equivalent certifications in ethical hacking, penetration testing, or embedded system security are also highly valued. Industry Standards Familiarity: Familiarity with security frameworks such as ISO/IEC 62443, RED 18031, and IoT security frameworks. Why Join Us? Opportunity to work with cutting-edge automation technologies in a collaborative and innovative environment. Competitive salary and benefits package. Career growth opportunities in a fast-paced and dynamic industry. A strong focus on work-life balance and employee well-being. Location: IN-GJ-Ahmedabad, India-Ognaj (eInfochips) Time Type Full time Job Category Engineering Services

YOUR IMPACT: OpenText enables the digital world as the global leader in Enterprise Information Management, both on premises or in the cloud. We embrace all things digital and are committed to being the Best Place to Work for our Employees in over 140 locations around the world. We obsess over our customers to ensure they are wildly successful in embracing the Digital World. Our customers entrust us with their most important information, we need to be their most trusted partner. What we do, we do well. What we create, we do purposefully to impact the world. If you believe in this and are passionate about enabling the Digital World then let OpenText turn your career vision into reality. Webroot is looking for an experienced Windows development engineer with strong expertise in Windows programming. We are seeking to empower a Windows development engineer with ability to influence the technical direction of our products, building cutting-edge internet security applications used by millions of consumers and businesses around the world. You will use your experience with Windows OS level interfaces, your programming skills in C and C++, and your experience at Windows development to build the future of Webroot’s technology stacks. If you are knowledgeable on the Windows API and you seek an opportunity with a company that is willing to help you add malware/security and machine learning to your repertoire, apply today. WHAT THE ROLE OFFERS: Design and develop in C and C++, the technologies behind our next-generation endpoint client. The scope of your work will be broad and will include development on various layers of the Windows OS ranging from kernel to user-mode. Produce high quality, well-documented code promoting modularity, extensibility and performance Perform code reviews and coaching for peers WHAT YOU NEED TO SUCCEED: Expert knowledge in C and C++ on Windows; Minimum of 8 years in software development on Windows operating system Experience in performant application development Experience in driver development within the Windows operating system Deep experience with Windows development at kernel and user-mode is required Familiarity with Assembly language within the Windows operating system Deep understanding of Windows operating system internals and Windows API is a must Ability to collect and analyze crash dumps Experience with Minifilter driver development Familiarity with the underlying structures of the registry and NTFS/FAT file systems Experience in debugging techniques with any of the WinDbg, OllyDbg, IDA Pro, or Ghidra tools. Familiarity with Wireshark, Fiddler, or other Network Sniffing tools is a plus but not required OpenText's efforts to build an inclusive work environment go beyond simply complying with applicable laws. Our Employment Equity and Diversity Policy provides direction on maintaining a working environment that is inclusive of everyone, regardless of culture, national origin, race, color, gender, gender identification, sexual orientation, family status, age, veteran status, disability, religion, or other basis protected by applicable laws. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please submit a ticket atAsk HR. Our proactive approach fosters collaboration, innovation, and personal growth, enriching OpenText's vibrant workplace.

Job Description Reverse Engineer (Anti bot Bypassing) Pune/Chennai About The Job At Digital Shelf by NIQ, we’re passionate about technological innovation and excellence in cybersecurity. Our cutting-edge solutions enable us to scrape data for 12 billion products and manage over 20 billion data points. In a market where anti‑bot technologies represent a $10B industry in constant evolution and consolidation, our dedicated teams tackle real‑world challenges with precision and creativity. Responsibilities Reverse Engineering & Decompilation: Analyze web and mobile applications (APK/IPA) to uncover hidden mechanisms. Disassemble code to understand its inner workings, with a focus on cryptographic functions that secure our systems. Overcoming Anti‑Bot Mechanisms: Evaluate and bypass advanced security protocols such as TLS, HTTP/2, HTTP/3, WebSockets, DoH, and session management. Identify vulnerabilities to enhance our data extraction methods. Developing Custom Tools: Build robust Python scripts and frameworks that automate bypass procedures and dynamically adjust security measures—whether by modifying TLS stacks or patching JavaScript on the fly. Implementing Stealthy Scraping Techniques: Engineer sophisticated methods—such as browser patching, headless browser evasion, proxy tunneling, and human‑behavior emulation—to keep our operations discreet. Continuous Innovation: Regularly test, disrupt, and improve our tools to stay ahead of ever‑evolving defenses. Qualifications You are an ideal candidate for the role if you have the below skills 2-8 years of experience P45510n4t3 C0d3 W4rr10r: You thrive on pushing systems to their limits while upholding the highest ethical standards. R3v3rs3 3ng1n33r1ng isn’t just a skill—it’s your creative playground. R3v3rs3 3ng1n33r1ng Expertise: Whether using tools like IDA Pro, Ghidra, or your own custom-built solutions, you excel at dissecting both binary and web code to uncover core functionalities. W3b & N3tw0rk Pr0t0c0l Savant: You possess deep expertise in pr0t0c0ls such as TLS, HTTP/2, WebSockets, DoH, and more, leveraging that knowledge to find innovative solutions. Advanced Python Developer: Your coding abilities go far beyond basic scripting. We're looking for a true coder—someone who can design and implement robust, efficient solutions for complex challenges. Collaborative Innovator: While you excel as an independent problem-solver, you also thrive in a dynamic team environment that values open communication and continuous learning Additional Information Enjoy a flexible and rewarding work environment with peer-to-peer recognition platforms. Recharge and revitalize with help of wellness plans made for you and your family. Plan your future with financial wellness tools. Stay relevant and upskill yourself with career development opportunities. Our Benefits Flexible working environment Volunteer time off LinkedIn Learning Employee-Assistance-Program (EAP) About NIQ NIQ is the world’s leading consumer intelligence company, delivering the most complete understanding of consumer buying behavior and revealing new pathways to growth. In 2023, NIQ combined with GfK, bringing together the two industry leaders with unparalleled global reach. With a holistic retail read and the most comprehensive consumer insights—delivered with advanced analytics through state-of-the-art platforms—NIQ delivers the Full View™. NIQ is an Advent International portfolio company with operations in 100+ markets, covering more than 90% of the world’s population. For more information, visit NIQ.com Want to keep up with our latest updates? Follow us on: LinkedIn | Instagram | Twitter | Facebook Our commitment to Diversity, Equity, and Inclusion NIQ is committed to reflecting the diversity of the clients, communities, and markets we measure within our own workforce. We exist to count everyone and are on a mission to systematically embed inclusion and diversity into all aspects of our workforce, measurement, and products. We enthusiastically invite candidates who share that mission to join us. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability status, age, marital status, protected veteran status or any other protected class. Our global non-discrimination policy covers these protected classes in every market in which we do business worldwide. Learn more about how we are driving diversity and inclusion in everything we do by visiting the NIQ News Center: https://nielseniq.com/global/en/news-center/diversity-inclusion

Summary Position Summary Red Team —Consultant 2 - Solution Delivery Advisor Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Works on projects with clearly defined guidelines as team member with responsibility for project delivery Works on the projects with clearly defined guidelines such as standard operating procedures Adhers to Service Level Agreements Works under general supervision with few direct instructions Performs development and customization work on larger security and data protection technology implementation projects Understands basic business and information technology management processes. Demonstrates knowledge of firm apposes methodologies, frameworks and tools (required) Participate in practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong communication skills (written & verbal) Understanding of basic business and information technology management processes Knowledge and understanding of Dev-Sec-Ops Vulnerability Management, Threat Management, Penetration testing, Mobile Testing, Red Teaming, Phishing. Experience with tools related to the domains mentioned above Experienced in one or more of the above areas (as the career progresses) Deep knowledge of commonly used protocols such as TCP/IP, DNS Understanfing of ITIL and ITSM Understaing of SANS TOP 25 Additional Skills Familiarity with industry standards and frameworks such as OWASP, CIS, NIST ISO/IEC 17799, etc. Assist clients with discovering vulnerabilities and rogue assets (such as shadow IT) in their networks as part of a team of engineers and analysts around the world who specialize in the tactics, tools and procedures used by cyber criminals. Configure and execute vulnerability scans enumerating vulnerabilities within the internal and external network. Analyze, enrich and prioritize specific activities designed to remediate discovered vulnerabilities such as patch deployment or configuration hardening. Assist in producing a comprehensive operating picture and cyber security situational awareness. Work with various vulnerability threat feeds (such as vendor bulletins), assessment tools, asset inventory tools as well as reporting tools and frameworks to match assets to identified vulnerabilities and produce reports. Respond to requests for ad-hoc reporting and research topics from management and analysts as required. Identify gaps in available asset information and engage with leadership on strategies to meet service-level requirements through affirmative handoff with remediation partners. Quickly understand and deliver on company and customer requirements Aid in and participate in daily, weekly, quarterly, and yearly production reporting for clients, partners, and internal teams Adhere to internal operational security and other Understanding of common network infrastructure devices such as routers and switches Understanding of basic networking protocols such as TCP/IP, DNS, HTTP Understanding of vulnerability classification using National Vulnerability Database nomenclature such as CVE/CVSS Basic knowledge in system security architecture and security solutions Mandatory Certification - CEH, Security+ Preffered Certification: OSCP, OSWP, CRTO, CREST Certified Certified Web Application Tester, OSCE, CREST Certified Simulated Attack Specialist, CREST Certified Certified Simulated Attack Specialist), AWS Security Speciaist, CKE, Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc. Preferred: B. E / B.Tech (Tier 2 or 3)/ M.S in any engineering discipline; 3-5 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300420

Summary Position Summary Red Team — Senior Consultant 2 – Senior Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes Interacts with clients, managers and partners to build and nurture strong relationships Tailors firm tools and methodologies as per client requirements Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships with their direct client contacts at a minimum at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Advanced communication skills (written and verbal) with experience delivering high-level technical presentations, detailed engagement reports, and executive briefings to stakeholders and leadership teams. Proven ability to design and execute complex red team operations, providing tactical and strategic guidance for enhancing organizational security posture through actionable insights. Comprehensive project management skills, with experience in leading large-scale offensive security engagements from inception to execution, including coordinating cross-functional teams. Expert-level understanding of threat analysis, enterprise-level defense mechanisms, and advanced mitigation strategies, with a focus on bridging offensive techniques with defensive improvements. Hands-on experience in bypassing complex security defenses such as firewalls, EDR, IDS/IPS, SIEM solutions (e.g., Splunk, QRadar, ArcSight), using cutting-edge evasion techniques. Extensive knowledge of cyber kill chains, advanced multi-stage attack scenarios, and the ability to execute sophisticated adversarial campaigns using real-world TTPs. Deep expertise in reverse engineering, malware analysis, and exploiting vulnerabilities to uncover security flaws within complex infrastructures. Strong knowledge of cloud security (AWS, Azure, GCP) and demonstrated ability to conduct adversarial simulations targeting cloud-based environments. Advanced knowledge of operating systems (Windows/Linux) and networking technologies critical to red team operations, with the ability to exploit system misconfigurations and weaknesses. Mastery of adversarial simulation tools like Cobalt Strike, Sliver, Metasploit, Empire, Nessus, nmap, Qualys, and Tenable, with the capability to customize attack vectors. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Proven experience leading red teaming, purple teaming, and Breach Attack Simulations (BAS) at the enterprise level, simulating advanced persistent threats (APTs) to assess security defenses. Expertise in spear-phishing campaigns, HTML smuggling, payload delivery mechanisms, and opsec strategies to evade detection throughout engagements. Deep understanding of advanced attack frameworks like MITRE ATT&CK and SANS Top 25, using them to design tailored attack scenarios specific to client environments. In-depth knowledge of EDR/AV evasion techniques, privilege escalation, lateral movement, and persistence in both on-premise and hybrid cloud infrastructures. Ability to architect, deploy, and optimize custom Red Team/Offensive Security solutions, including managing command and control infrastructure, payload obfuscation, and real-time response actions. Ability to manage cross-functional teams across red, blue, and purple engagements, fostering collaboration and improving overall security resilience through continuous improvement cycles. High-level proficiency in strategic planning, engaging with leadership to define security objectives, risk prioritization, and translating technical findings into business-centric solutions. Strong knowledge of attack surface management and vulnerability management, with experience discovering and analyzing hidden or misconfigured assets, especially shadow IT. Advanced OpSec and tradecraft knowledge, ensuring red team engagements are conducted without exposing tools or tactics to detection, while continuously adapting methods to outpace blue team defenses. As a Senior Solutions Delivery Lead, you will lead the charge in adversarial simulation operations, pushing the boundaries of offensive security capabilities. You will: Architect and lead advanced red team engagements, simulating the tactics, tools, and techniques used by sophisticated threat actors to test client defenses. Conduct multi-phase, coordinated attack campaigns, including phishing simulations, exploitation of vulnerabilities, and covert lateral movement across complex environments. Develop and optimize adversarial simulation tactics, ensuring constant evolution of red team methodologies in response to emerging threats. Provide in-depth reports and post-engagement briefings with a focus on strategic remediation advice that aligns with organizational security goals. Oversee the red team infrastructure, ensuring all tools, C2 systems, and exploit frameworks are continually updated and configured for optimal effectiveness. Lead purple team exercises, working closely with blue teams to collaboratively improve detection, response, and mitigation strategies in real time. Remain at the forefront of offensive security innovations, guiding the team through new techniques, tools, and adversarial simulations to enhance effectiveness. Ensure OpSec best practices are strictly followed to avoid detection during engagements and protect the integrity of the red team toolkit. Collaborate with clients and stakeholders to review attack scenarios, findings, and deliver customized security enhancements tailored to their specific business risks. Preferred: B. E / B.Tech / M.S in any engineering discipline; 7-9 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 306123

Company Qualcomm India Private Limited Job Area Engineering Group, Engineering Group > Software Engineering General Summary As a Product Security Engineer focused on vulnerability research and exploit mitigation, you will play a critical role in securing software systems by identifying and mitigating vulnerabilities at both the source code and binary levels. This role is ideal for someone who is passionate about software security, has a deep understanding of C/C++ internals, and enjoys building and applying tools to uncover subtle flaws before attackers do. Your primary focus will be on analyzing C/C++ source code using static analysis techniques, both manual and automated, to detect memory safety issues, logic errors, and insecure coding patterns. You will work closely with development teams to integrate and fine-tune sanitizers (such as ASan, UBSan, and MSan) and other compiler-based instrumentation to proactively catch bugs during development and testing. In addition to source-level work, you will also analyze ARM binaries to identify vulnerabilities in compiled code, especially in cases where source is unavailable or incomplete. This includes reverse engineering, binary static analysis, and applying fuzzing techniques to validate findings and uncover additional issues. A key part of your role will involve evaluating and implementing exploit mitigation strategies (e.g., stack canaries, ASLR, DEP, CFI) and ensuring they are effectively deployed across the software stack. You will also monitor external security incidents (e.g., CVEs, threat reports, zero-days) to identify detection gaps in current tooling and processes, and work to close those gaps through improved analysis, tooling, and secure coding guidance. This is a hands-on, engineering-focused role that blends security research, tool development, and collaborative problem-solving. You’ll work alongside developers, security engineers, and incident responders to ensure that vulnerabilities are not only found, but also understood, mitigated, and prevented in the future. Required Qualifications Strong proficiency in C and C++, with deep understanding of memory management and low-level programming. Experience with ARM architecture, including reverse engineering and binary analysis. Experience with embedded device security architectures. Proficiency with static analysis tools (e.g., CodeQL, Klocwork, Coverity, Helix QAC, Parasoft, Clang Static Analyzer). Hands-on experience with fuzzing frameworks (e.g., AFL++, libFuzzer, Honggfuzz). Familiarity with exploit mitigation techniques and their implementation in modern toolchains and operating systems. Experience analyzing real-world vulnerabilities and applying lessons learned to improve detection capabilities. Strong understanding of common vulnerability classes (e.g., buffer overflows, UAF, race conditions). Proficiency with reverse engineering tools (e.g., Ghidra, IDA Pro, Binary Ninja). Threat modelling to identify targets for vulnerability detection. Familiarity with AI advances in this area. Excellent written communication skills. Minimum Qualifications Bachelor's degree in Engineering, Information Systems, Computer Science, or related field and 4+ years of Software Engineering or related work experience. OR Master's degree in Engineering, Information Systems, Computer Science, or related field and 3+ years of Software Engineering or related work experience. OR PhD in Engineering, Information Systems, Computer Science, or related field and 2+ years of Software Engineering or related work experience. 2+ years of work experience with Programming Language such as C, C++, Java, Python, etc. Preferred Qualifications Knowledge of symbolic execution, taint analysis, or dynamic binary instrumentation. Exposure to LLVM Compiler, particularly writing passes and Clang Static Analysis checkers. Contributions to open-source security tools or public vulnerability disclosures. Experience in working with external security researchers. Education Qualifications Bachelor’s degree or above in Computer Science, Computer Security, Electrical Engineering, or a related field, or equivalent practical experience. Applicants : Qualcomm is an equal opportunity employer. If you are an individual with a disability and need an accommodation during the application/hiring process, rest assured that Qualcomm is committed to providing an accessible process. You may e-mail disability-accomodations@qualcomm.com or call Qualcomm's toll-free number found here. Upon request, Qualcomm will provide reasonable accommodations to support individuals with disabilities to be able participate in the hiring process. Qualcomm is also committed to making our workplace accessible for individuals with disabilities. (Keep in mind that this email address is used to provide reasonable accommodations for individuals with disabilities. We will not respond here to requests for updates on applications or resume inquiries). Qualcomm expects its employees to abide by all applicable policies and procedures, including but not limited to security and other requirements regarding protection of Company confidential information and other confidential and/or proprietary information, to the extent those requirements are permissible under applicable law. To all Staffing and Recruiting Agencies : Our Careers Site is only for individuals seeking a job at Qualcomm. Staffing and recruiting agencies and individuals being represented by an agency are not authorized to use this site or to submit profiles, applications or resumes, and any such submissions will be considered unsolicited. Qualcomm does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to our jobs alias, Qualcomm employees or any other company location. Qualcomm is not responsible for any fees related to unsolicited resumes/applications. If you would like more information about this role, please contact Qualcomm Careers. 3077928

Company: Qualcomm India Private Limited Job Area: Engineering Group, Engineering Group > Software Engineering General Summary: As a Product Security Engineer focused on vulnerability research and exploit mitigation, you will play a critical role in securing software systems by identifying and mitigating vulnerabilities at both the source code and binary levels. This role is ideal for someone who is passionate about software security, has a deep understanding of C/C++ internals, and enjoys building and applying tools to uncover subtle flaws before attackers do. Your primary focus will be on analyzing C/C++ source code using static analysis techniques, both manual and automated, to detect memory safety issues, logic errors, and insecure coding patterns. You will work closely with development teams to integrate and fine-tune sanitizers (such as ASan, UBSan, and MSan) and other compiler-based instrumentation to proactively catch bugs during development and testing. In addition to source-level work, you will also analyze ARM binaries to identify vulnerabilities in compiled code, especially in cases where source is unavailable or incomplete. This includes reverse engineering, binary static analysis, and applying fuzzing techniques to validate findings and uncover additional issues. A key part of your role will involve evaluating and implementing exploit mitigation strategies (e.g., stack canaries, ASLR, DEP, CFI) and ensuring they are effectively deployed across the software stack. You will also monitor external security incidents (e.g., CVEs, threat reports, zero-days) to identify detection gaps in current tooling and processes, and work to close those gaps through improved analysis, tooling, and secure coding guidance. This is a hands-on, engineering-focused role that blends security research, tool development, and collaborative problem-solving. You’ll work alongside developers, security engineers, and incident responders to ensure that vulnerabilities are not only found, but also understood, mitigated, and prevented in the future. Required Qualifications: Strong proficiency in C and C++, with deep understanding of memory management and low-level programming. Experience with ARM architecture, including reverse engineering and binary analysis. Experience with embedded device security architectures. Proficiency with static analysis tools (e.g., CodeQL, Klocwork, Coverity, Helix QAC, Parasoft, Clang Static Analyzer). Hands-on experience with fuzzing frameworks (e.g., AFL++, libFuzzer, Honggfuzz). Familiarity with exploit mitigation techniques and their implementation in modern toolchains and operating systems. Experience analyzing real-world vulnerabilities and applying lessons learned to improve detection capabilities. Strong understanding of common vulnerability classes (e.g., buffer overflows, UAF, race conditions). Proficiency with reverse engineering tools (e.g., Ghidra, IDA Pro, Binary Ninja). Threat modelling to identify targets for vulnerability detection. Familiarity with AI advances in this area. Excellent written communication skills. Minimum Qualifications: Bachelor's degree in Engineering, Information Systems, Computer Science, or related field and 4+ years of Software Engineering or related work experience. OR Master's degree in Engineering, Information Systems, Computer Science, or related field and 3+ years of Software Engineering or related work experience. OR PhD in Engineering, Information Systems, Computer Science, or related field and 2+ years of Software Engineering or related work experience. 2+ years of work experience with Programming Language such as C, C++, Java, Python, etc. Preferred Qualifications: Knowledge of symbolic execution, taint analysis, or dynamic binary instrumentation. Exposure to LLVM Compiler, particularly writing passes and Clang Static Analysis checkers. Contributions to open-source security tools or public vulnerability disclosures. Experience in working with external security researchers. Education qualifications: Bachelor’s degree or above in Computer Science, Computer Security, Electrical Engineering, or a related field, or equivalent practical experience. Applicants : Qualcomm is an equal opportunity employer. If you are an individual with a disability and need an accommodation during the application/hiring process, rest assured that Qualcomm is committed to providing an accessible process. You may e-mail disability-accomodations@qualcomm.com or call Qualcomm's toll-free number found here. Upon request, Qualcomm will provide reasonable accommodations to support individuals with disabilities to be able participate in the hiring process. Qualcomm is also committed to making our workplace accessible for individuals with disabilities. (Keep in mind that this email address is used to provide reasonable accommodations for individuals with disabilities. We will not respond here to requests for updates on applications or resume inquiries). Qualcomm expects its employees to abide by all applicable policies and procedures, including but not limited to security and other requirements regarding protection of Company confidential information and other confidential and/or proprietary information, to the extent those requirements are permissible under applicable law. To all Staffing and Recruiting Agencies : Our Careers Site is only for individuals seeking a job at Qualcomm. Staffing and recruiting agencies and individuals being represented by an agency are not authorized to use this site or to submit profiles, applications or resumes, and any such submissions will be considered unsolicited. Qualcomm does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to our jobs alias, Qualcomm employees or any other company location. Qualcomm is not responsible for any fees related to unsolicited resumes/applications. If you would like more information about this role, please contact Qualcomm Careers.

GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values. Learn more about Life at GitLab. Thanks to products like Duo Enterprise, and Duo Workflow, customers get the benefit of AI at every stage of the SDLC. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier. All team members are encouraged and expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact across our global organization. An Overview Of This Role As a member of the Secret Detection team, you'll be at the forefront of protecting sensitive data by creating specialized tools that prevent, detect, and remediate leaked secrets in code. Our team focuses on the complete secret management lifecycle - from push protection to pipeline-based scanning, providing automated remediation workflows and audit trails when necessary. We’re passionate about embedding security into the development process seamlessly, allowing developers to focus on innovation while we handle security concerns proactively. You'll help developers safeguard their credentials, API keys, and other sensitive information by building sophisticated detection patterns, reducing false positives, and creating seamless remediation paths when secrets are discovered. Your work will enable organizations to quickly identify exposed secrets, understand their impact, and efficiently revoke and rotate compromised credentials. Your impact will be significant and far-reaching, as our solutions protect both GitLab's ecosystem and the sensitive data of thousands of organizations worldwide, preventing costly data breaches before they happen. Some Examples Of Our Projects Prevent secret leaks in source code with GitLab Secret Push Protection Verify validity of secret detection findings What You’ll Do Lead the design and implementation of fullstack features for our Secret Detection offering, contributing to both the frontend (Vue.js) and backend (Ruby on Rails, GraphQL). Write clean, well-tested code that meets our internal standards for style, maintainability, and best practices for a high-scale web environment. Mentor and support fellow engineers, especially those looking to grow into fullstack contributors. Collaborate with Product Management and other stakeholders within Engineering (Frontend, UX, etc.) to maintain a high bar for quality in a fast-paced, iterative environment Experience with performance and optimization problems and a demonstrated ability to both diagnose and prevent these problems. Contribute to code reviews, RFCs, and Proof-of-Concepts that shape the technical direction of the product Recognize impediments to our efficiency as a team ("technical debt"), propose and implement solutions Work async-first with a globally distributed team, while also participating in necessary sync meetings like high level planning, engineering brainstorming sessions and pairing sessions. What You’ll Bring 3+ years of professional experience with Vue.js, GraphQL, and Ruby on Rails. Proven ability to mentor engineers, lead technical initiatives, and drive frontend and fullstack best practices. Knowledge of security concepts, vulnerabilities, mitigation techniques, and secure coding practices is preferred. Background in developing or using security tools or products Hands-on experience with reverse engineering tools such as Ghidra, Binary Ninja, or diffoscope for analyzing, unpacking, and extracting data from compiled binaries and executable files Experience with Go programming language or strong motivation to learn Ability to work across the stack to deliver end-to-end solutions. A strong product mindset and ability to collaborate closely with cross-functional teams including Product, Design and Technical Writing. Demonstrated ability to work closely with other parts of the organization. Excellent written and verbal communication skills, especially in async-first, remote environments. A proactive, self-managing approach to work with a bias for action and ownership. About The Team GitLab’s Secret Detection team is responsible for the Secret Detection feature category. We want to help developers write better code and worry less about common security mistakes. We do this by helping developers easily identify common security issues as code is being contributed, and mitigate these issues proactively. We work closely with the larger GitLab security product suite while maintaining our specialized focus on the unique challenges of secret detection. Our technical stack spans Rails and Go backends, Vue.js frontends, and custom parsing engines that enable efficient and accurate secret identification. We're committed to making sophisticated security tooling accessible to developers of all skill levels. We'd like to continue to expand our capabilities across these workflows, while also continuously improving the result quality across all types of findings our security tools are responsible for detecting. We balance security best practices with practical developer experience to ensure protection doesn't come at the cost of productivity. Thanks to our Transparency value, you can learn more about us on our Team page. How GitLab Will Support You Benefits to support your health, finances, and well-being All remote, asynchronous work environment Flexible Paid Time Off Team Member Resource Groups Equity Compensation & Employee Stock Purchase Plan Growth and Development Fund Parental leave Home office support Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application. Remote-Global The base salary range for this role’s listed level is currently for residents of listed locations only. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, and alignment with market data. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary. California/Colorado/Hawaii/New Jersey/New York/Washington/DC/Illinois/Minnesota pay range $117,600—$252,000 USD Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process. Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us. GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.

Description As an IT/OT Vulnerability Assessment and Penetration Testing (VAPT) Engineer, you will be engaged in identifying and mitigating security vulnerabilities across IT systems, Industrial Control Systems (ICS), and Industrial Internet of Things (IIoT) environments. Your work will involve rigorous security assessments of critical infrastructure, SCADA systems, PLCs, field devices, gateways, and cloud-connected IIoT platforms. You will simulate advanced adversary tactics to expose vulnerabilities and provide strategic remediation guidance. The role is suited for professionals with a deep understanding of both enterprise IT security and industrial/embedded system ecosystems. Responsibilities 1-Vulnerability Assessment & Penetration Testing (IT + ICS/IIoT): Perform black-box, grey-box, and white-box VAPT on: Enterprise IT assets (servers, databases, web/mobile apps, Active Directory, cloud) OT/ICS assets (PLCs, RTUs, HMIs, engineering workstations, protocol gateways) IIoT platforms (MQTT/CoAP-based telemetry, edge gateways, cloud dashboards) Emulate APT-level attacks across air-gapped, segmented, or hybrid IT-OT architectures. Execute Red Team scenarios to simulate insider threats or supply chain compromise. 2- ICS Protocol & Field Device Security Testing: Analyze and exploit vulnerabilities in ICS protocols: Modbus TCP, DNP3, IEC 104, OPC-UA, S7comm, Profinet, BACnet, CIP (EtherNet/IP), MQTT, CoAP Perform live traffic analysis, packet manipulation, and protocol fuzzing to test resilience. Evaluate control logic vulnerabilities in ladder logic, structured text, and function blocks. 3- Firmware & Hardware Exploitation (IIoT/ICS Devices): Extract and analyze firmware from industrial devices using JTAG, UART, SPI interfaces. Perform static and dynamic analysis using Ghidra, Binwalk, Radare2, or IDA Pro. Reverse engineer file systems (e.g., squashfs, cramfs) and analyze web interfaces or CLI backdoors. Exploit misconfigured bootloaders, insecure firmware upgrade mechanisms, or exposed debug ports. 4- Network Architecture & Segmentation Testing: Review and test IT-OT segmentation via firewall ACLs, VLANs, DMZ configurations. Assess trust relationships, weak credential policies, and insecure remote access (e.g., exposed VNC, Telnet, RDP). Identify unauthorized bridging of air-gapped networks or misconfigured routing/switching. 5- Cloud & IIoT Platform Security: Evaluate MQTT brokers, edge-to-cloud telemetry, and analytics pipelines. Test REST APIs, insecure mobile app integrations, and cloud misconfigurations (S3, IAM, IoT Core). Identify insecure certificate handling, default API tokens, and lack of encryption at rest/in transit. Reporting & Mitigation Develop technical and executive-level reports with CVSS scoring, attack paths, and exploitation evidence. Recommend hardening measures for both IT (patches, SIEM, EDR) and OT (control policy tuning, physical zoning, least privilege for operators). Coordinate with ICS engineers, IT admins, and SOC teams for patch validation and monitoring upgrades. Compliance & Framework Alignment Ensure assessments comply with industry and regulatory frameworks: NIST SP 800-82, ISA/IEC 62443, ISO 27001, NERC CIP, SANS ICS Top 20 Map findings to MITRE ATT&CK for ICS and monitor emerging CVEs relevant to industrial products. Eligibility Educational Background: Bachelor’s or Master’s in Cybersecurity, Computer Science, Industrial Automation, Electronics, or a related field. Technical Skills: Deep knowledge of ICS/SCADA systems, embedded architectures, and real-time OS (VxWorks, QNX, FreeRTOS). Hands-on experience with tools: VAPT Tools: Nessus, Burp Suite, Metasploit, Nmap, Nikto, SQLMap ICS Tools: Wireshark, Scapy, PLCScan, ICSFuzz, S7comm Tools, Conpot, ModScan Firmware Tools: Binwalk, Ghidra, Radare2, OpenOCD, Logic Analyzers IIoT Security: Shodan, Censys, MQTTX, Postman, OWASP ZAP Certifications (Preferred): OSCP, GRID, GICSP, CRT, CRTP, CEH, CISSP, or equivalent. Participation in ICS/IoT-focused CTFs or open-source contributions is a plus. Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph.

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

We are seeking a skilled and resourceful developer with expertise in reverse engineering mobile applications and their network traffic. The ideal candidate will analyze undocumented APIs, implement secure bypasses, and develop robust data extraction solutions. You'll have the autonomy to select your preferred tools and programming languages based on your technical strengths. Responsibilities: Intercept and analyze mobile app traffic using tools like Burp Suite, Charles Proxy, or Wireshark to identify API endpoints and authentication mechanisms Reverse engineer undocumented APIs from mobile applications to understand data structures and security implementations Develop robust bypasses for API security measures including certificate pinning, obfuscation, and anti-debugging techniques Leverage and integrate AI tools to accelerate analysis, code generation, and problem-solving processes Create stable and efficient data extraction pipelines from mobile applications Document findings and maintain a library of API implementations for team knowledge sharing Requirements: Strong experience with proxy tools (Burp Suite, Charles, Fiddler, mitmproxy) for intercepting and analyzing mobile traffic Proficiency in at least one programming language like Python, Golang, or JavaScript for implementing API clients Experience with mobile app decompilation and code analysis tools (e.g., jadx, Ghidra, Frida) Solid understanding of HTTP/HTTPS protocols, SSL/TLS, and authentication methods Ability to analyze and bypass API security measures including token-based authentication Enthusiasm for incorporating AI-powered tools to enhance productivity and innovation Preferred Qualifications: Experience with Android/iOS app analysis and modification techniques Familiarity with certificate pinning bypass methods and proxy configuration Knowledge of anti-bot detection mechanisms and how to circumvent them Background in information security, penetration testing, or vulnerability research Experience with data parsing and ETL processes Track record of using AI tools to streamline development workflows Why Join Us? Work on technically challenging projects requiring creative problem-solving Flexible work environment with remote opportunities Continuous learning with exposure to cutting-edge mobile security techniques and AI integration Collaborative team focused on innovative data acquisition methods If you enjoy the challenge of reverse engineering complex systems, have a knack for understanding how mobile apps communicate with their backends, and are excited about using AI tools to accelerate your work, we want to talk to you!

Shift: (GMT+05:30) Asia/Kolkata (IST) What do you need for this opportunity Must have skills required: Frida, Ghidra, Reverse Engineering Anakin (YC S21) is Looking for: About the Role: Were looking for an experienced engineer to help us understand and interact with web and mobile application APIs in a structured and compliant manner. This includes analyzing how apps and websites generate secure API requests, inspecting native/mobile code, and building reliable systems for data extraction, strictly in accordance with terms of service. Key Responsibilities: Analyze Android apps (Java/Kotlin/native code) to understand API flows and request signing mechanisms. Study browser and JavaScript behavior to understand how websites structure and secure their API calls. Investigate how common client-side security mechanisms (e.g., token generation, header signing, session validation) are implemented. Build tools or automation scripts to replicate legitimate client behavior in a compliant and respectful manner. Collaborate with internal teams to integrate and maintain data extraction systems responsibly. Must-Have Skills: Experience in reverse engineering Android apps (APK analysis, native code inspection). Deep understanding of web technologies, JavaScript execution, and HTTP protocol. Familiarity with client-side security implementations such as token generation, obfuscation, and API protection. Must have a solid understanding of JWT, JWE, cookies, and session management in web and mobile applications. Hands-on experience with tools like Frida, mitmproxy, Burp Suite, Wireshark, Ghidra/IDA Pro or similar. Strong scripting skills (Python, Node.js, etc.). Nice-to-Have: Background in security engineering, penetration testing, or application security research. Familiarity with CAPTCHA handling methods and automation frameworks (e.g., Puppeteer, Playwright). Experience with mobile app instrumentation (NDK, JNI). Experience working with large-scale distributed systems, as it helps in building scalable and resilient data extraction infrastructure.

Description C3iHub, IIT Kanpur is seeking a highly motivated and skilled Malware Analysis Researcher to join our cybersecurity research team. The ideal candidate will possess a strong foundation in static and dynamic malware analysis, with hands-on experience in reverse engineering, automation, and machine learning-based malware detection. You will work on analyzing real-world malware samples, building automation pipelines, curating datasets, and developing innovative solutions to detect and mitigate emerging threats. This role also involves publishing research articles and collaborating on advanced detection frameworks. Responsibilities Key Responsibilities: • Perform static and dynamic analysis of malware samples across formats (PE, PDF, ELF, APK). • Automate analysis tasks using Python, Bash, or other scripting tools. • Set up and maintain sandbox environments (e.g., Cuckoo Sandbox) for behavior monitoring. • Analyze packed, encrypted, or obfuscated malware using reverse engineering techniques. • Utilize and contribute to open-source tools (e.g., YARA, Volatility, Ghidra, Radare2). • Curate and label malware datasets for use in machine learning pipelines. • Conduct source code analysis using SAST and DAST tools. • Author technical documentation and publish research articles in the field. • Collaborate with internal teams on threat research, detection model tuning, and PoC development. • Travel (within India) occasionally for project-related meetings, demonstrations, or coordination. Eligibility Required Qualifications • Master’s degree in Computer Science, Information Security, or related field • 1–2 years of hands-on experience in malware analysis or reverse engineering • Proficiency in scripting (e.g., Python, Bash) and familiarity with threat analysis tools • Strong understanding of malware behavior, file formats, and analysis techniques. Preferred Qualifications • Specialization in Cybersecurity or Information Security. • Experience with tools such as IDA Pro, Ghidra, Wireshark, or Sysmon. • Exposure to ML/AI-based malware classification projects. • Research publications in reputable cybersecurity journals or conferences. Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph.

Job Information Date Opened 06/18/2025 Job Type Full time Industry IT Services Work Experience 4-5 years City Bangalore State/Province Karnataka Country India Zip/Postal Code 560024 Job Description About Globals: Globals has drastically grown from a small home office to a globally recognized enterprise offering world-class quality solutions on Cybersecurity, Cyberwarfare, ERP Systems, AI, and Enterprise Application Development for various industries including Defence, Education, Government, Financial Services and Transport Industries. Globals has enabled its customers to be game-changers in their industry through its disruptive and innovative solutions. Globals is certified as a "Great Place to Work" organization for its laudable work culture that helps its team members manage work-life, have dedicated hours to upskill and reskill themselves, and most important to ensure that the projects that they are working on are always unique, challenging their status quo every time. Our unique work culture has made us one of the world’s fastest-growing technology companies as recognized and featured by The Economist. Our excellence in technical stewardship and service-offering expertise has facilitated our clients ranging from individual entrepreneurs to Fortune Global 500 – to explore new business opportunities, reduce their operational costs significantly and boost their revenues. Today, Globals enjoys a strong position in the industry as a high-performing leader through its technology innovation and remarkable domain expertise. Globals is a CMMI Level 3 certified company. About the Job Role: We are seeking a skilled Offensive Security Researcher with hands-on experience in penetration testing, vulnerability research, and exploit development with a focus on Windows systems. The ideal candidate will be responsible for identifying and exploiting security weaknesses across Windows systems, applications, and networks to simulate real-world cyberattacks. This role is critical in strengthening our organization's security posture by providing actionable insights, supporting incident response, and contributing to continuous security improvements. You will work closely with security engineers, blue teams, and development teams to bridge gaps between offense and defense. Responsibilities: Identify and analyze vulnerabilities in Windows OS (e.g., Windows 10/11, Windows Server), kernel components, drivers, and user- mode applications. Research zero-day vulnerabilities and develop PoC exploits to demonstrate impact. Analyze patch diffs and reverse-engineer Windows updates to uncover exploitable conditions. Analyze obfuscated malware samples to understand attack vectors and vulnerabilities. Document vulnerabilities, exploitation techniques, and PoC code in clear, reproducible formats. Contribute to vulnerability databases, advisories, or whitepapers with the vendor and to CERT. Conduct comprehensive penetration tests (VAPT) on web applications, APIs, networks, mobile apps, and cloud environments. Collaborate with blue teams to improve defensive controls based on offensive insights. Continuously research emerging threats, attack techniques (TTPs), and security trends to keep tools and techniques up-to-date. Support incident response teams during active breaches with offensive techniques such as attacker simulation and pivoting. Participate in threat modeling and security architecture reviews from an attacker’s perspective. Requirements Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience. Deep understanding of Windows kernel, memory management, process/thread handling, security and Windows APIs (kernel32.dll, ntdll.dll) Expertise in writing exploits for Windows vulnerabilities, bypassing mitigations like ASLR, DEP, and CFG. Strong skills in C/C++, Python, and Assembly (x86/x64); familiarity with PowerShell. Knowledge of network protocols and raw packet manipulation for exploit delivery (e.g., using raw sockets or PCAP). Familiarity with offensive security tools like Metasploit, Cobalt Strike, or custom exploit frameworks. Proficiency with tools like IDA Pro, Ghidra, WinDbg, OllyDbg, or Radare2 for analyzing Windows binaries/drivers and dynamic analysis tools (Process Monitor, Process Explorer). Strong proficiency with penetration testing tools such as Burp Suite, Metasploit, Cobalt Strike, Nmap, Wireshark, Nessus, and others. Practical experience in exploit development, reverse engineering, or binary analysis is a strong plus. Familiarity with social engineering techniques and phishing campaigns is a plus. Relevant certifications are highly desirable (e.g., OSCP, CEH etc.,). Apply Now

About Globals: Globals has drastically grown from a small home office to a globally recognized enterprise offering world-class quality solutions on Cybersecurity, Cyberwarfare, ERP Systems, AI, and Enterprise Application Development for various industries including Defence, Education, Government, Financial Services and Transport Industries. Globals has enabled its customers to be game-changers in their industry through its disruptive and innovative solutions. Globals is certified as a "Great Place to Work" organization for its laudable work culture that helps its team members manage work-life, have dedicated hours to upskill and reskill themselves, and most important to ensure that the projects that they are working on are always unique, challenging their status quo every time. Our unique work culture has made us one of the world’s fastest-growing technology companies as recognized and featured by The Economist. Our excellence in technical stewardship and service-offering expertise has facilitated our clients ranging from individual entrepreneurs to Fortune Global 500 – to explore new business opportunities, reduce their operational costs significantly and boost their revenues. Today, Globals enjoys a strong position in the industry as a high-performing leader through its technology innovation and remarkable domain expertise. Globals is a CMMI Level 3 certified company. About the Job Role: We are seeking a skilled Offensive Security Researcher with hands-on experience in penetration testing, vulnerability research, and exploit development with a focus on Windows systems. The ideal candidate will be responsible for identifying and exploiting security weaknesses across Windows systems, applications, and networks to simulate real-world cyberattacks. This role is critical in strengthening our organization's security posture by providing actionable insights, supporting incident response, and contributing to continuous security improvements. You will work closely with security engineers, blue teams, and development teams to bridge gaps between offense and defense. Responsibilities: Identify and analyze vulnerabilities in Windows OS (e.g., Windows 10/11, Windows Server), kernel components, drivers, and user- mode applications. Research zero-day vulnerabilities and develop PoC exploits to demonstrate impact. Analyze patch diffs and reverse-engineer Windows updates to uncover exploitable conditions. Analyze obfuscated malware samples to understand attack vectors and vulnerabilities. Document vulnerabilities, exploitation techniques, and PoC code in clear, reproducible formats. Contribute to vulnerability databases, advisories, or whitepapers with the vendor and to CERT. Conduct comprehensive penetration tests (VAPT) on web applications, APIs, networks, mobile apps, and cloud environments. Collaborate with blue teams to improve defensive controls based on offensive insights. Continuously research emerging threats, attack techniques (TTPs), and security trends to keep tools and techniques up-to-date. Support incident response teams during active breaches with offensive techniques such as attacker simulation and pivoting. Participate in threat modeling and security architecture reviews from an attacker’s perspective. Requirements Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience. Deep understanding of Windows kernel, memory management, process/thread handling, security and Windows APIs (kernel32.dll, ntdll.dll) Expertise in writing exploits for Windows vulnerabilities, bypassing mitigations like ASLR, DEP, and CFG. Strong skills in C/C++, Python, and Assembly (x86/x64); familiarity with PowerShell. Knowledge of network protocols and raw packet manipulation for exploit delivery (e.g., using raw sockets or PCAP). Familiarity with offensive security tools like Metasploit, Cobalt Strike, or custom exploit frameworks. Proficiency with tools like IDA Pro, Ghidra, WinDbg, OllyDbg, or Radare2 for analyzing Windows binaries/drivers and dynamic analysis tools (Process Monitor, Process Explorer). Strong proficiency with penetration testing tools such as Burp Suite, Metasploit, Cobalt Strike, Nmap, Wireshark, Nessus, and others. Practical experience in exploit development, reverse engineering, or binary analysis is a strong plus. Familiarity with social engineering techniques and phishing campaigns is a plus. Relevant certifications are highly desirable (e.g., OSCP, CEH etc.,). Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Responsibilities : Research, analyze, and assess attack surface and vulnerability data Develop tailored and actionable mitigation strategies and plans to address vulnerability risk Work with new and emerging vulnerability data to identify potential attack paths in critical systems. Document, develop and present mitigation strategies in web applications, databases, standalone applications, etc. Analyze the root cause of vulnerabilities and support the prioritization of mitigations based on risk and return on mitigation Provide mitigation strategies that prioritize risk against level of effort for multiple systems or organizations Catalog mitigation advice, challenges, and trends and patterns Patch diffing and reverse engineering with tools such as Ghidra, IDA, etc. Provide subject matter expertise on tailored mitigations to resolve and remediate vulnerabilities on targeted technologies Work in fast-paced startup like environment with shifting priorities to handle and maintain balance with multiple stakeholders. Conduct research to assess and create software patches and configuration changes to be applied to varied software, middleware and hardware Provide assessment including security, system, and business impact of vulnerabilities Must be able to think ahead to avoid business outages based on the lab results Analyze vulnerability data and support management of identified vulnerabilities, including tracking, remediation, and reporting Desired Skills : Excellent understanding of network, system and application security Experience with IDA Pro, Ghidra, or similar binary analysis tool Knowledge of various vulnerability scanning solutions is a plus Excellent written and verbal communication Graduate with preferable 4 years degree or at least 3-year degree with computer science and information technology background Secure architecture designs and use of detection/protection mechanisms (e.g., firewalls, IDS/IPS, full-packet capture technologies) to mitigate risk A solid understanding of industry best practices for Patch Management Specific demonstrated experience mapping business processes and comparing those processes to industry best practices Background around using or understanding of security tools would be plus Solid understanding of the security implications of a patch on web applications, Windows, Linux, Mac OS operating systems Thorough testing of patches in a non-production environment Have working knowledge of basic operation systems commands and tooling - Windows, Linux, Mac OS Should have very good communication and articulation skills Ability and ready to learn new technology and should be a good team player What you get to do : Work within Threat Research, detection and response teams and analysts to define the priority, design the solution, and contribute to build framework for patching vulnerabilities Show more Show less

Job description Job Title: Senior Staff Security Researcher About Role : Develop cutting-edge IPS signatures that shield against emerging threats and Review signatures for other junior team members. Have sense of urgency for critical vulnerabilities and release it to customers. Analyze and reverse engineer cyber-attacks and new vulnerabilities (CVEs) and effectively implement preventive measures to stay ahead of evolving threats. Align with Engineering stakeholders and identify Research topics for IPS roadmap, build POCs for them and mentor junior team members for various research topics. Identify areas of process improvement, prioritize them with senior leaders, look at new Attack Frameworks, like Empire, MSF. Drive Competitive Analysis strategy along with senior leaders to stay ahead of the competition. Publish technical blogs to spread awareness and help defenders with the necessary resources to protect their organizations. Research various MITRE attack TTPs, replicate them in lab, build signatures and be represent IPS research team in MITRE evaluation process. Vulnerability RCA, reverse engineering and POC verification and signature development for MAPP program Capable of working with no supervision, represent IPS research team in various forums and come-up with new Research ideas. Company Benefits and Perks: We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees. Retirement Plans Medical, Dental and Vision Coverage Paid Time Off Paid Parental Leave Support for Community Involvement

Senior Security Consultant (Thick Application Penetration Tester) NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers. Join the mission as a Senior Security Consultant. We are seeking a skilled expert and detail-oriented Penetration Tester to conduct thorough security assessments, identify vulnerabilities, and provide expert recommendations to strengthen our clients' security posture. As a Penetration Tester supporting Thick Applications, you will be responsible for performing Thick and Web Application Testing, while working closely with clients to deliver clear, actionable reports and contribute to the development of security best practices. Responsibilities : Conduct engagements independently and provide technical oversight on: Thick Application Penetration Testing Includes Web Application Penetration (WaPen) testing. Occasionally includes Mobile (MaPen) and IOT/embedded penetration testing. Review reports for accuracy in technical oversight, perform weekly QA oversight, and provide mentoring support to others Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes Participate in development, implementation, and oversight of testing, delivery, and management strategies for key client accounts Research and develop innovative techniques, tools, and methodologies for penetration testing services. Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations. Minimum Qualifications : Bachelors degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience Minimum of 5+ years of work experience in Thick Application Penetration Testing for applications written in managed (e.g. Java, C#, etc.) and unmanaged (e.g. C, C++, Swift, Rust, etc.) code Includes experience with offensive toolkits used in web application penetration testing. Experience with disassemblers and debuggers Examples include WinDbg, IDA, Ghidra, gdb and lldb. Experience with dynamic instrumentation toolkits Examples include Frida. Familiarity with offensive tools, based on applicable skillset (e.g., Kali Linux, Burp Suite, Metasploit, Nessus) Familiarity with offensive and defensive IT concepts and protocols Extensive understanding of the OWASP Top 10, MITRE ATT&CK framework, and various security frameworks. Working knowledge of Windows, Linux and MacOS operating systems internals Experience mentoring or coaching to growing team members, while sharing knowledge externally through blogs, hosting webinars, or presenting at conferences Ability to work independently and as part of a team Proficient communication skills, both written and verbal This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs Preferred Qualifications: Ability to provide technical and QA oversight on Thick Application service line. Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#) Experience performing fuzz testing. The ability to reverse engineer proprietary application layer protocols. Experience with IOT/embedded penetration testing. Offensive Security Certifications (e.g., GXPN, GPEN, OSCP, GWAPT) We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.

Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility needed to tackle the most advanced cyber threats. We leverage our global scale and decades of experience to accelerate our clients’ cyber outcomes through a full lifecycle of cybersecurity services. We are a global company with operating centers in the United States, Canada, the United Kingdom, and India. About the Job: We are seeking a highly experienced and strategic Principal Threat Researcher to lead advanced threat research initiatives and drive innovation in our threat intelligence program. In this senior-level role, you will uncover, analyze, and track advanced cyber threats, develop detection capabilities, and provide actionable intelligence to protect our customers, infrastructure, and global operations. As a thought leader in cybersecurity, you will collaborate across security, engineering, and executive teams to anticipate evolving threats, influence detection strategy, and contribute to the broader security community through cutting-edge research. Responsibilities: Function as a centralized malware reversing team for the company's needs. (support DFIR, Hunters, MDR, etc.) Track threat actors and campaigns via malware research, code reuse, infrastructure usage, general threat profiling Lead the discovery and analysis of advanced persistent threats (APTs), malware campaigns, and novel attack techniques Develop and maintain high-fidelity threat intelligence feeds and indicators of compromise (IOCs) Perform in-depth malware reverse engineering, exploit analysis, and behavioral analysis Drive strategic threat modeling and horizon scanning to anticipate future adversary behaviors. Collaborate with security operations, incident response, and product teams to build effective detection, prevention, and response mechanisms Publish research findings in whitepapers, blogs, and at conferences to share insights with the global security community Mentor junior researchers and contribute to team development and capability building Establish and maintain relationships with external intelligence communities, law enforcement, and trusted partners Requirements: 8+ years of experience in threat intelligence, threat research, or a related cybersecurity field Proven experience conducting complex investigations into malware, threat actor TTPs, or large-scale campaigns Strong proficiency in malware analysis tools (IDA Pro, Ghidra, Radare2), memory forensics, and reverse engineering In-depth knowledge of attacker techniques (MITRE ATT&CK), network protocols, and operating system internals (Windows, Linux, macOS).Proficiency in scripting or programming (Python, Go, C/C++) for automation and tooling Strong written and verbal communication skills with the ability to translate technical findings into business-relevant insights Skilled in writing concise, compelling, and actionable intelligence reports in English Able to lead intelligence briefings with customers in English Preferred: Experience with threat hunting and detection engineering in a cloud or enterprise environment Familiarity with cybercrime ecosystems, ransomware groups, nation-state threats, or dark web monitoring Contributions to public threat intelligence reports, CVEs, or open-source security tools Security certifications such as GIAC GREM, GCFA, OSCP, or equivalent Cyderes i s an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to race, religion, color, sex, age, disability, sexual orientation, genetic information, national origin, or veteran status. Note: This job posting is intended for direct applicants only. We request that outside recruiters do not contact us regarding this position. Show more Show less

We are looking for a Jr Security Engineer to join our R& D team to drive innovation on our mobile security platform and solve complex security challenges that impact businesses globally. Responsibilities Enhance the VA platform by adding capabilities to detect new vulnerabilities in the apps being scanned. Develop and deploy bypasses to ensure a seamless user experience during scans. Implement new features on the VA platform to enhance user experience and deliver greater value. Creating and publishing whitepapers. Requirements Good grasp in Reverse Engineering with exposure to Frida (must), Radare, Ghidra, Jadx, Binja, etc. Experience in developing sample Android or iOS apps. Strong research and analytical skills. Programming Skills - Python, JavaScript (Must Have). Experience with Git and GitHub. Should have 2-3 years of full-time experience in mobile app security, or show something that proves experience doesn't matter. Strong grasp of fundamentals in mobile application security. Strong problem-solving mindset - Enjoys tackling complex security challenges. Self-taught learner who keeps up with emerging technologies and threats. This job was posted by Vasudha Srivastava from Appknox. Show more Show less