41 Nexpose Jobs

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like youThen it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development - Stay updated on the latest security trends, vulnerabilities, and technology advancements. - Provide training and guidance to the team and other departments on security best practices. Strategy and Planning - Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. - Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: - Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) - Internal/external network penetration, privilege escalation, and lateral movement - Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) - Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels - Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing - Working knowledge of Kali Linux and frameworks like MITRE ATT&CK - Basic understanding of AI/ML securityadversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: - OffensiveBurp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver - ReconnaissanceNmap, Amass, Shodan, OSINT frameworks/tools - Vulnerability ScannersNessus, Qualys, Nexpose Programming/Scripting: - Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills - Excellent written and verbal communication skills - Strong analytical and problem-solving capabilities - Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): - Highly DesirableOSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE - Other ConsideredEWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at

Role of Wealth Management India IT Risk and Information Systems Security Manager, being understood this role includes delegations from APAC WM CISO for the team located in India territory and fully participates in overall WMIS Cybersecurity and IT Risk objectives. Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. Participate in the Security Operation meetings in APAC, EMEA & CH regions. This requires the incumbent to foster close working relationships with other business areas and IT Development / Production / CSIRT / Production Security teams. The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator. WM IT Risk and Security Manager o Manage the WM IT Risk and Security local team in India by managing the recruitment, performances review as well as training and career-path development. o Coordinate with APAC WM security actors, including India-based resources. o Coordinate with APAC WM IT teams on risk and security topics, while promoting a secure development and deployment culture o Assist for a Risk Treatment for any APAC WM issue, based on the WM GAIM generic process. o Periodic reporting of security status to WM CISO APAC and WM Global CISO o Contribute to the IT Risk and Cybersecurity Governance including procedural framework, Cybersecurity awareness and communication. o Ensure the regular reporting for management follow-up IT Security Compliance (delegation on WM APAC scope) o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets. o Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes. o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) o Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements o Ensure the compliance with the Third-party Technology risks and Cloud security. o Identify the process gaps and provide solutions. Application Security o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. o Identify and implement the latest security standards for internet facing and internal assets. o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing SAST, Dynamic Acceptance Security Testing DAST and Software Composition Analysis SCA). Perform Security risk assessments and reviews to be presented to respective committees. Ensure the adequate security level for all WM GAIM applications, whatever the IT project managers location and hosting provider. Production Security Oversight (delegation on WM APAC scope) o Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance. o Identify the compliance level of the production environment and contribute to remediation actions definition while keeping the oversight on actions progress. o Keep an overview and ensure the adequate Vulnerability Management at the server and middleware level leveraging on production scans and liaising with relevant production stakeholders. Contribute to the management of Cybersecurity incidents. CyberSecurity Program (delegation on WM APAC scope) o Contribute to the steering and driving of the security initiatives on the APAC scope expected by the WM Cybersecurity Program. Contributing Responsibilities Coordination with IT Security actors o Reporting line to the WM GAIM Global CISO : alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Wholesale Application Security Dashboard) o Coordination and control of security activities performed by APAC CIB Business Information Security and Production Security teams, including project assessment from production point of view, production security review, user security awareness for the WM scope. o Coordination with the Swiss Security team concerning integration of WM assets within Swiss IT production. o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group. Technical & Behavioral Competencies Cybersecurity / Technical Value-added Competencies Cybersecurity Governance : framework (NIST / CIS framework), Security incident management, Logging & Detection (SIEM ELK products) DevSecOps : CI/CD toolchain knowledge of various tools o Source code management: sonarQuabe, bibucket, github/gitlab o Security application scanning (e.g. Sonatype/NexusIQ, Fortify, AppSpider, Qualys, DTR scan) o Automation/orchestration: Ansible tower, Jenkins Application Security: Threat modeling, Security architecture key concepts, exposure to various development framework and applicative landscape (Java/Web, Mobile applications, containerization/docker, kubernetes, API management, Cloud security) Vulnerability Management o Nexpose, Nessus Ethical Hacking Knowledge o Kali Linux knowledge (metasploit, nmap) Specific Qualifications (if required) Qualifications and Experience 10 years' experience in information security evaluation and design of technical architectures Functional as well as technical knowledge of the applications used within BNP Paribas Knowledge of the Norms and Standards of the BNP Paribas Group, in particular with respect to ITRM & Wholesale IT Security Norms and Policies Team management experience is a must Preferred Master level in Computer science and Information Security Skills Referential Behavioural Skills : Communication skills - oral & written Ability to collaborate / Teamwork Decision Making Ability to deliver / Results driven Transversal Skills: Ability to set up relevant performance indicators Ability to develop and adapt a process Ability to manage a project Ability to develop others & improve their skills Ability to manage / facilitate a meeting, seminar, committee, training Education Level: Master Degree or equivalent

Position Description Direct Responsibilities Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Position Description 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Technical Access Management / Privilege Access Management Manage and maintain technical/privilege access controls for production and development environments Ensure compliance with organizational technical access control security policies and procedures Collaborate with IT teams to implement least privilege access and resolve access-related non-compliance Review existing CyberArk password management policies and assess the effectiveness of the enforcement through password rotation Review technical access segregation between production and development environments with respective support teams Data Leakage Prevention (DLP) Create, management and maintain DLP policies to detect and prevent data leaks Deploy and maintain DLP infrastructure Collaborate with IT teams to investigate and respond to data leak incidents Identity and Access Management (IAM) Collaborate with IT teams to deploy and maintain data encryption solutions IAM team to ensure seamless integration with technical access management solutions Ensure compliance with organizational IAM policies and procedures Data Encryption Deployment & Monitoring Collaborate with IT teams to deploy and maintain data encryption solutions Ensure compliance with organizational data encryption policies and procedures Unstructured & Structured Data Discovery & Activity Monitoring Collaborate with IT teams to: Deploy and maintain unstructured & structured data discovery and activity monitoring solution Identify and classify sensitive data Monitor and analyse restricted and sensitive database activities Remediate any non-compliant finding reported Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Position Description 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Cloud Container & Image Security Implement secure containerization strategies using tools like Docker, Kubernetes, and container orchestration platforms. Ensure container images are secure, up-to-date, and compliant with organizational security policies. Ensure cloud resources are properly configured, monitored, and secured in accordance with organizational security policies. Design and implement secure cloud image management strategies to ensure images are secure, up to date, and compliant with organizational security policies. Network Security Design and implement secure network architecture to protect cloud resources from unauthorized access. Ensure network traffic is properly monitored filtered and secured in accordance with organizational security policies. System Security Design and implement secure system configurations to protect cloud resources from unauthorized access. Ensure systems are properly patched, monitored and secured in accordance with organizational security policies. Threat Analysis and Risk Management Conduct regular threat analysis and risk assessment to identify potential security risks. Develop and implement risk mitigation strategies to ensure the security and integrity of cloud resources. Compliance and Governance Ensure cloud security controls are compliant with relevant regulatory requirements, such as HIPAA, PCI-DSS and GDPR. Develop and maintain cloud security policies, procedures and standards. Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Position Description Company Profile: At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 72,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve. At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 72,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients - and for our members. Come grow with us. Learn more at www.cgi.com. This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans. We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted. No unsolicited agency referrals please. Job Title: IT Security Professional Position: Systems Engineer/ Senior Systems Engineer Experience:2 - 6 Years Category: Software Development/ Engineering Main location: Mumbai Position ID: J0525-1868 Employment Type: Full Time Job Description : Direct Responsibilities Work on the remediation titles to be actionable – good understanding of vulnerabilities Provide data cleaning rules where needed – need understanding of Databases and Scripting Coordinate with Global counterparts Automatize reporting in GCSD – experience in scripting. Work closely with regional production security teams to transition scanning & reporting activities Document SOP for operational teams (tools maintenance and IVM activities) Contributing Responsibilities Contribute to the Permanent Control framework for implementation of policies and procedures in day-to-day business activities, such as Control Plan Contribute to Internal Audit response activities. Comply with regulatory requirements and internal guidelines. Contribute to improvement of tools used by Production Security to follow-up on the Security Incidents Must Have: OWASP methodologies application is a mandatory. 2 – 4-year experience in IT Security minimum University degree, preferably in Computer Science with spec. in IT Security Experience working in an international and complex financial environment, dealing with both business constraints and IT users across countries. Good knowledge of Security scanning tools like Qualys, Nexpose, Appspider is highly appreciated along with good understanding of Kubernetes. Experience in a multi-cultural environment is appreciated. CEH or Any Security certifications are appreciated. Good To Have: Experience in Development languages and scripting is appreciated. Note: This job description is a general outline of the responsibilities and qualifications typically associated with the Virtualization Specialist role. Actual duties and qualifications may vary based on the specific needs of the organization. CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs. Your future duties and responsibilities Required Skills & Qualifications: Business skills: Architecture (Mastered) Knowledge of Data (Mastered) Computer tests (Expert) IT infrastructure (Expert) Transversal skills: Analytical capacity (Expert) Ability to lead a meeting, a seminar, a committee, a training session, etc. (Mastered) Ability to understand, explain and lead change (Mastered) Ability to define relevant performance indicators (Mastered) Ability to work with Agile methods (Mastered) Behavioral skills: Ability to share/transmit knowledge (Expert) Be results oriented (Expert) Creativity & Innovation / Ability to solve problems (Expert) Ability to collaborate / teamwork (Expert) Develop and maintain system documentation, including configuration guides, and standard operating procedures. Direct and be responsible for the implementation effort. Provide technical guidance and mentorship to team members. Assess demand for their service or technology area and develop plans to meet future capacity needs and makes recommendations to the manager. Aware of all critical changes to infrastructure and applications that could impact service delivery to their business customers. Able to work autonomously and as part of a team using strong analytical skills. Be service oriented, customer focused, positive, committed and have an enthusiastic “can do” attitude. Demonstrate a systematic and logical approach to problem-solving. Able to follow the bank’s standards, processes, and procedures. Escalating incidents internally or to 3rd party partners when required. Required Qualifications To Be Successful In This Role Bachelor’s degree in Computer Science, Engineering, or related field preferred. Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

About the Opportunity Job Type: PermanentApplication Deadline: 31 August 2025 Title Cyber Security Operational Incident Manager - Technical Consultant Department Cyber Defence Operations - GCIS Location Kingswood, Surrey, Gurgaon, Bangalore Reports To Senior Manager - CDO Level 5 > About your team Technology function across FIL is responsible for all global aspects of Technology, Digital, Cybersecurity, and Innovation. Fidelity is a value-driven, customer-obsessed organization and in Technology we are fortunate to play a direct role in helping our clients with one of the most important aspects of their lives their financial well-being. Within the Technology function is our Global Cyber & Information Security (GCIS) that operates enterprise security services and controls. These are designed to mitigate Cyber and Information Security risks ensuring that Fidelity's business operates securely. The Technical Cybersecurity teams monitor both the internal and external threat environment, responding to security alerts and events in close to real time, as well as providing security assurance and access management services across the enterprise technology and business environment. Our global innovative Cyber Defence Operations team sits within GCIS and provides proactive, cutting-edge solutions to protect clients digital assets and infrastructure against evolving cyber threats. The Cyber Security Operational Incident Manager will be responding to and managing widespread security events and should have an understanding on how best to maintain CIRT teams skills and knowledge. The role will be supported by a global team of CIRT analysts who are looking at this role to provide them with direction and guidance during serious incidents. It will also be supported by a strong security leadership team and global incident management process who are keen to develop this capability. Our leadership team will be looking at this role to report on a number of key incident KPIs and provide assurance to our customers on the global operational security response process. About your role The successful candidate will be experienced in operational security incident management, including vulnerability management, understanding the value of rigorous planning, tested procedures and playbooks and quick response to critical security incidents. This is a critical role expected to develop and maintain our operational security incident management capability and help mature our global response processes. The successful candidate will be comfortable working at a technical level, proactively suggesting improvements to the incident playbooks whilst also being able to co-ordinate our front-line CIRT team during major events. The successful candidate will be able to demonstrate understanding of incident response tools and techniques, experience in responding to and managing widespread security events and an understanding on how best to maintain CIRT teams skills and knowledge. The role will be supported by a global team of CIRT analysts who are looking at this role to provide them with direction and guidance during serious incidents. It will also be supported by a strong security leadership team and global incident management process who are keen to develop this capability. Our leadership team will be looking at this role to report on a number of key incident KPIs and provide assurance to our customers on the global operational security response process. About you Key Responsibilities Own and be accountable for security incidents; taking the lead in driving global remediation activities Ensure simple, repeatable, manual tasks are automated within the Incident Response process Ensure a best-practice program is in place to manage and maintain our security response procedures Proactively develop and deliver new incident response capabilities, tooling and processes. Develop an incident management strategy, focussing on regular reviews and exercises. Create and deliver table-top and simulated exercises focussing on areas of risk identified by our Threat Intelligence team. Ensure the operational security process is consistently maintained across our global regions, taking into account different regulatory requirements and rules. Acting as the point of contact for our global business incident management team for all security related incidents. Run Post Incident Reviews and track and manage outcomes to delivery. Experience and Skills Required Experience and strong understanding of frontline security operations Experience running a vulnerability remediation programme or overseeing vulnerability teams would be advantageous Experience running complex security incidents at a global scale Experience creating or continually improving an incident management program Strong reporting ability, with an understanding on how to tailor reports to show improvements and learnings In depth understanding of modern attack techniques and flows Clear and demonstratable understanding of NIST and MITRE Att&ck Methodologies Experience in cloud environments (Ideally Azure) Strong communication skills with evidence of being in a position responsible for taking feedback from technical teams and turning this into improvements. Banking or Finance industry related experience desirable Security Incident Management Qualifications preferred Security Incident related qualifications (e.g SANS 504) At least 3 years of experience working in an Incident Response position. Experienced responding to global complex security events Experienced using NIST or MITRE frameworks to deploy defensive plans and/or actions Experience explaining the risk of security threats and creating mitigations. Experience of general IT infrastructure technologies and principles. Experience of using vulnerability management tooling e.g Nexpose, Qualys etc. Understanding of the underlying protocols including: HTTP, HTTPS, SMTP, SQL. Understanding of Networking Architecture (OSI Model). Analytical skills Challenge the current processes Passion for the cybersecurity field Time management Able to organize others Nice to Have Certifications - Security+, Network+, GCIA, GCIH, GCFA, GMON, GNFA, SSCP, OSCP For starters, well offer you a comprehensive benefits package. Well value your wellbeing and support your development. And well be as flexible as we can about where and when you work finding a balance that works for all of us. Its all part of our commitment to making you feel motivated by the work you do and happy to be part of our team.

Job Title: ISMS (Information Security Management System) Location: Airoli, Navi Mumbai Key Responsibilities: ISMS Implementation & Management: Develop, implement, and maintain the ISMS framework, including policies, procedures, and guidelines based on ISO 27001 and other relevant standards. Conduct regular risk assessments to identify vulnerabilities and recommend appropriate controls to mitigate information security risks. Coordinate with other departments to ensure adherence to ISMS protocols and align information security with business goals. 2. Compliance & Audits: Ensure the organization complies with regulatory requirements related information security, privacy, and data protection. Lead internal and external audits to assess the effectiveness of the ISMS, manage audit processes, and work towards continuous improvement. 3. Documentation & Reporting: Maintain comprehensive documentation for all ISMS processes, policies, controls, and audit activities. Prepare reports for senior management, detailing the effectiveness of the ISMS and recommending improvements. 4. Continuous Improvement: Monitor industry best practices and emerging security trends to enhance the organizations security posture. Recommend improvements to the ISMS based on audit findings, risk assessments, and new business requirements. 5. Desired Traits: Proactive and self-driven. Ability to work independently as well as part of a team. Strong collaboration and interpersonal skills to engage with stakeholders at all levels. Regards, Yugant Mirajkar Human Resources Kiya.ai

Category: Infrastructure/Cloud Main location: India, Tamil Nadu, Chennai Position ID: J0325-1817 Employment Type: Full Time Position Description: 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Technical Access Management / Privilege Access Management Manage and maintain technical/privilege access controls for production and development environments Ensure compliance with organizational technical access control security policies and procedures Collaborate with IT teams to implement least privilege access and resolve access-related non-compliance Review existing CyberArk password management policies and assess the effectiveness of the enforcement through password rotation Review technical access segregation between production and development environments with respective support teams Data Leakage Prevention (DLP) Create, management and maintain DLP policies to detect and prevent data leaks Deploy and maintain DLP infrastructure Collaborate with IT teams to investigate and respond to data leak incidents Identity and Access Management (IAM) Collaborate with IT teams to deploy and maintain data encryption solutions IAM team to ensure seamless integration with technical access management solutions Ensure compliance with organizational IAM policies and procedures Data Encryption Deployment & Monitoring Collaborate with IT teams to deploy and maintain data encryption solutions Ensure compliance with organizational data encryption policies and procedures Unstructured & Structured Data Discovery & Activity Monitoring Collaborate with IT teams to: Deploy and maintain unstructured & structured data discovery and activity monitoring solution Identify and classify sensitive data Monitor and analyse restricted and sensitive database activities Remediate any non-compliant finding reported Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Skills: Identity and Access Mgt (IAM) Vulnerability Management(IAVM) What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Category: Infrastructure/Cloud Main location: India, Tamil Nadu, Chennai Position ID: J0325-1818 Employment Type: Full Time Position Description: 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Cloud Container & Image Security Implement secure containerization strategies using tools like Docker, Kubernetes, and container orchestration platforms. Ensure container images are secure, up-to-date, and compliant with organizational security policies. Ensure cloud resources are properly configured, monitored, and secured in accordance with organizational security policies. Design and implement secure cloud image management strategies to ensure images are secure, up to date, and compliant with organizational security policies. Network Security Design and implement secure network architecture to protect cloud resources from unauthorized access. Ensure network traffic is properly monitored filtered and secured in accordance with organizational security policies. System Security Design and implement secure system configurations to protect cloud resources from unauthorized access. Ensure systems are properly patched, monitored and secured in accordance with organizational security policies. Threat Analysis and Risk Management Conduct regular threat analysis and risk assessment to identify potential security risks. Develop and implement risk mitigation strategies to ensure the security and integrity of cloud resources. Compliance and Governance Ensure cloud security controls are compliant with relevant regulatory requirements, such as HIPAA, PCI-DSS and GDPR. Develop and maintain cloud security policies, procedures and standards. Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Skills: Compliance Container Technology Network Security Threat Risk Assessment What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Dear Candidate, We are hiring a Compliance Engineer to ensure code and dependencies meet licensing and audit standards. Key Responsibilities: Track open-source usage and license compliance. Automate compliance scanning and reporting. Assist in security reviews and audits. Required Skills & Qualifications: Familiarity with tools like FOSSA, Black Duck. Knowledge of OSS licenses (MIT, GPL, Apache). Experience with code scanning and SBOMs. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like you? Then it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development Stay updated on the latest security trends, vulnerabilities, and technology advancements. Provide training and guidance to the team and other departments on security best practices. Strategy and Planning Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) Internal/external network penetration, privilege escalation, and lateral movement Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing Working knowledge of Kali Linux and frameworks like MITRE ATT&CK Basic understanding of AI/ML security: adversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: Offensive: Burp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver Reconnaissance: Nmap, Amass, Shodan, OSINT frameworks/tools Vulnerability Scanners: Nessus, Qualys, Nexpose Programming/Scripting: Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills Excellent written and verbal communication skills Strong analytical and problem-solving capabilities Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): Highly Desirable: OSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE Other Considered: EWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at: www.siemens.com/careers

Job requisition ID :: 81576 Date: Jul 3, 2025 Location: Kochi Designation: Consultant Entity: Deloitte Touche Tohmatsu India LLP Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST/ Your role as a Consultant We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, Senior Executive across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation Committed to creating purpose - Creating a sense of vision and purpose Agile - Achieving high-quality results through collaboration and Team unity Skilled at building diverse capability - Developing diverse capabilities for the future Persuasive / Influencing - Persuading and influencing stakeholders Collaborating - Partnering to build new solutions Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization Effective communication – Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte Empathetic leadership and inclusivity - creating a safe and thriving environment where everyone's valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive. How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. Your work profile. Work you’ll do as a part of our Cyber team you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. You’ll: • Works on projects with clearly defined guidelines as team member with responsibility for project delivery • Works under general supervision with few direct instructions • Performs cyber security assessments which includes vulnerability assessment & penetration testing, network security architecture review, secure configuration / code review, etc. • Understands basic business and information technology management processes. • Demonstrates knowledge of firm's methodologies, frameworks and tools • Participate in practice development initiatives The key skills required are as follows: • Understanding of basic business and information technology management processes • Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture • Experience in Infrastructure Penetration Testing and Application Security Testing • Experience in Secure Code Review (Code Security Review) • Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. • Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. • Experience in basic scripting such as: Shell, Python, PERL, etc. • Basic knowledge of Technoilogies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Role and Responsibilities: • Understanding of basic business and information technology management processes • Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture • Experience in Infrastructure Penetration Testing and Application Security Testing • Experience in Secure Code Review (Code Security Review) • Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. • Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. • Experience in basic scripting such as: Shell, Python, PERL, etc. • Basic knowledge of Technoilogies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Educational Qualification: Bachelor’s/master’s degree Certifications: OSCP How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

Primary skills:Application Security,Application Security->Application Risk Profiling,Application Security->Burpsuite,Application Security->Devsecops,Application Security->Ethical Hacking(CEH),Application Security->Nessus,Application Security->SSL(Secure Sockets Layer),Application Security->Threat Modeling,Application Security->Vulnerability Assessment/Penetration Testing,Application Security->Vulnerability Management,Application Security->Web Security,Application Security->Webservices Security,Application Security->Wireshark,Security testing->Vulnerability testing,Technology->Application Security->Vulnerability Management->Qualys,Technology->Application Security->Vulnerability Management->Rapid 7 Nexpose,Vulnerability Management A day in the life of an Infoscion As part of the Infosys consulting team, your primary role would be to get to the heart of customer issues, diagnose problem areas, design innovative solutions and facilitate deployment resulting in client delight. You will develop a proposal by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise. You will plan the activities of configuration, configure the product as per the design, conduct conference room pilots and will assist in resolving any queries related to requirements and solution design You will conduct solution/product demonstrations, POC/Proof of Technology workshops and prepare effort estimates which suit the customer budgetary requirements and are in line with organization’s financial guidelines Actively lead small projects and contribute to unit-level and organizational initiatives with an objective of providing high quality value adding solutions to customers. If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability Good knowledge on software configuration management systems Awareness of latest technologies and Industry trends Logical thinking and problem solving skills along with an ability to collaborate Understanding of the financial processes for various types of projects and the various pricing models available Ability to assess the current processes, identify improvement areas and suggest the technology solutions One or two industry domain knowledge Client Interfacing skills Project and Team management

Job Title: ISMS (Information Security Management System) Location: Airoli, Navi Mumbai Key Responsibilities: ISMS Implementation & Management: Develop, implement, and maintain the ISMS framework, including policies, procedures, and guidelines based on ISO 27001 and other relevant standards. Conduct regular risk assessments to identify vulnerabilities and recommend appropriate controls to mitigate information security risks. Coordinate with other departments to ensure adherence to ISMS protocols and align information security with business goals. Compliance & Audits: Ensure the organization complies with regulatory requirements related to information security, privacy, and data protection. Lead internal and external audits to assess the effectiveness of the ISMS, manage audit processes, and work towards continuous improvement. Documentation & Reporting: Maintain comprehensive documentation for all ISMS processes, policies, controls, and audit activities. Prepare reports for senior management, detailing the effectiveness of the ISMS and recommending improvements. Continuous Improvement: Monitor industry best practices and emerging security trends to enhance the organizations security posture. Recommend improvements to the ISMS based on audit findings, risk assessments, and new business requirements. Desired Traits: Proactive and self-driven. Ability to work independently as well as part of a team. Strong collaboration and interpersonal skills to engage with stakeholders at all levels.

Preferred candidate profile OWASP methodologies application is a mandatory. 2 4-year experience in IT Security minimum Experience working in an international and complex financial environment, dealing with both business constraints and IT users across countries. Good knowledge of Security scanning tools like Qualys, Nexpose, Appspider is highly appreciated along with good understanding of Kubernetes. CEH or Any Security certifications are appreciated. Experience in Development languages and scripting is appreciated.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. Bachelor or Master degree in computer science with a minimum of 8 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Two or more years of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Experience with discovering, utilizing, and possibly writing exploits for such vulnerabilities as buffer and stack overflows Familiar with the logistics of security testing such as acquiring authorization for testing, reporting, risk analysis of findings, data handling, and legal considerations Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST, aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Perform analysis and testing to verify the strengths and weaknesses of client IT environments utilizing commercial and open source security testing tools Perform Internet penetration testing (blackbox/ greybox / whitebox testing) and network architecture reviews (manual/ automated) Perform other security testing tasks such as wireless penetration testing, social engineering campaigns (email, web, phone, physical, etc.), mobile application testing, embedded device testing, and similar activities meant to identify critical weaknesses within client environments Assist with the development of remediation recommendations for identified findings Identify and clearly articulate (written and verbal) findings to senior management and clients Help identify improvement opportunities for assigned clients Supervise and provide engagement management for other staff working on assigned engagements Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, and senior management in the U.S. on a daily basis Key Skills To Accelerate Career Maintains a high degree of quality and client relationship on multiple clients at the same time Positively engages, motivates and influences team members Identifies client needs/requirements and initiates discussion to expand services through a solid understanding of the firm’s service capabilities and offerings Subscribes to and actively read industry publications and share relevant information with clients as considered applicable At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

Hi All, Greetings of the day! Currently we are having opening for the position of Cybersecurity, Risk Management for one of our leading Investment Banking client in Mumbai location. Experience - 2 to 5 Years Location - Goregaon (Hybrid) Responsibilities - Work on the remediation titles to be actionable good understanding of vulnerabilities - Provide data cleaning rules where needed need understanding of Databases and Scripting - Coordinate with Global counterparts - Automatize reporting in GCSD experience in scripting. - Work closely with regional production security teams to transition scanning & reporting activities - Document SOP for operational teams (tools maintenance and IVM activities) Technical & Behavioral Competencies OWASP methodologies application is a mandatory. 2 - 4 year experience in IT Security minimum University degree, preferably in Computer Science with spec. in IT Security Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner. Curious and highly implicated in IT Security Team player Experience working in an international and complex financial environment, dealing with both business constraints and IT users across countries. Good knowledge of Security scanning tools like Qualys, Nexpose, Appspider is highly appreciated along with good understanding of Kubernetes. Experience in a multi-cultural environment is appreciated. CEH or Any Security certifications are appreciated. Experience in Development languages and scripting is appreciate Interested candidates can share their updated resume at dipti.ghavri@kiya.ai

Job requisition ID :: 81577 Date: Jun 21, 2025 Location: Chennai Designation: Consultant Entity: Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Job Description We are seeking a skilled and experienced Cybersecurity Specialist to join our dynamic team. The ideal candidate will have 3-7 years of experience in cybersecurity roles and a strong technical background in information security. If you're passionate about protecting data, identifying vulnerabilities, and implementing robust security Responsibilities : Develop, implement, and maintain cybersecurity policies, firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security solutions, and data encryption. Conduct regular security assessments, risk analyses, and vulnerability assessments to identify potential weaknesses and mitigate risks. Experience in Web/Mobile/Network Penetration Testing and/or Vulnerability Assessment. Experience with web application vulnerability scanner (BurpSuite, AppScan, Acunetix, Web Inspect, etc). Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25. Deep knowledge of HTTP protocol and the ability to construct/manipulate HTTP requests. Ability to suggest/recommend remediation to fix vulnerability. Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. Knowledge on Tools : Nmap, Kali Linux, Metasploit, Maltego, Burp Suite, Nessus, nexpose, Wireshark, sqlmap etc. Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security 3-7 years of experience in cyber security or a related field. Bachelor's degree in Computer Science, Information Security, Cyber Operations, or a related field (or equivalent experience). Strong understanding of networking concepts, security principles, and cyber threats. Proven experience with vulnerability scanning and penetration testing tools. Knowledge of regulatory requirements and compliance frameworks (eg, PCI DSS, NIST, CIS Controls). Experience in Information security controls, and doing IT audits, ISO certifications is preferred. (ref:hirist.tech)

Job Summary We are looking for an Application Security Analyst with 2-3 years of experience in IT and security to strengthen our security team. The ideal candidate will focus on securing web and mobile applications (Android/iOS) by conducting penetration testing, vulnerability assessments, API security reviews, and ensuring compliance with security best Responsibilities Security & Penetration Testing : Conduct security assessments for web, mobile (Android/iOS), and APIs. Identify, exploit, and remediate OWASP Top 10 vulnerabilities. Perform manual and automated security testing to uncover security risks. Conduct secure code reviews to detect application security Security (Android & iOS) : Perform static and dynamic analysis of Android/iOS applications. Identify security risks such as insecure data storage, API vulnerabilities, and jailbreak/root detection bypass. Utilize tools like MobSF, Frida, Burp Suite, Objection, Drozer, Jadx, and apktool. Validate applications against OWASP Mobile Top 10 security Security & Secure Development : Perform API penetration testing using Burp Suite, Postman, OWASP ZAP. Identify critical vulnerabilities such as Broken Authentication, Excessive Data Exposure, and IDOR. Collaborate with developers to implement secure coding practices and remediation Management & Compliance : Conduct vulnerability assessments using tools like Nessus, Acunetix, Nexpose, Rapid7, and Qualys. Ensure compliance with ISO 27001, SOC2, GDPR, and other regulatory frameworks. Work closely with development teams to remediate security Skills & Qualifications : Bachelors degree in Computer Science, Information Security, or a related IT field. 2-3 years of experience in IT, with at least 1-2 years focused on Application Security & Penetration Testing. Strong understanding of OWASP Top 10 (Web & Mobile) vulnerabilities. Hands-on experience with security tools such as Burp Suite, MobSF, Frida, Objection, Drozer, Jadx, apktool. Proficiency in secure code review (Java, Swift, Kotlin, JavaScript). Expertise in API Security Testing and secure development best practices. Strong analytical, problem-solving, and communication Qualifications : Security certifications such as OSCP, CEH, eJPT, OSWE, GMOB (preferred). Experience with bug bounty programs or responsible disclosure & Benefits : Competitive salary based on experience. Career growth opportunities in Application Security & Ethical Hacking. Health & wellness benefits. Access to continuous learning, certifications, and security training programs. (ref:hirist.tech) Show more Show less

Job requisition ID :: 79285 Date: Jun 12, 2025 Location: Kochi Designation: Assistant Manager Entity: Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Job requisition ID :: 83600 Date: Jun 12, 2025 Location: Delhi Designation: Consultant Entity: Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Overview Make your mark at Comcast - a Fortune 30 global media and technology company. Become part of our award-winning, international engineering team that turns big ideas into cutting-edge products, platforms, and solutions that our customers love. We create space to innovate, and we recognize, reward, and invest in your ideas, while ensuring you can proudly bring your authentic self to the workplace. You’ll do the best work of your career right here. Success Profile What makes a successful Security Engineer 2 at Comcast? Check out these top traits and explore role-specific skills in the job description below. Results-driven Adaptable Inventive Entrepreneurial Team Player Problem-Solver Benefits We’re proud to offer comprehensive benefits to help support you physically, financially and emotionally through the big milestones and in your everyday life. Paid Time off We know how important it can be to spend time away from work to relax, recover from illness, or take time to care for others needs. Physical Wellbeing We offer a range of benefits and support programs to ensure that you and your loved ones get the care you need. Financial Wellbeing These benefits give you personalized support designed entirely around your unique needs today and for the future. Emotional Wellbeing No matter how you’re feeling or what you’re dealing with, there are benefits to help when you need it, in the way that works for you. Life Events + Family Support Benefits that support you no matter where you are in life’s journey. Security Engineer 2 Location Chennai, India Req ID R412615 Job Type Full Time Category Cybersecurity Date posted 06/13/2025 Comcast brings together the best in media and technology. We drive innovation to create the world's best entertainment and online experiences. As a Fortune 50 leader, we set the pace in a variety of innovative and fascinating businesses and create career opportunities across a wide range of locations and disciplines. We are at the forefront of change and move at an amazing pace, thanks to our remarkable people, who bring cutting-edge products and services to life for millions of customers every day. If you share in our passion for teamwork, our vision to revolutionize industries and our goal to lead the future in media and technology, we want you to fast-forward your career at Comcast. Job Summary "Responsible for monitoring, identifying, investigating and analyzing all response activities related to cybersecurity incidents within an organization. Identifies security flaws and vulnerabilities; responds to cybersecurity incidents, conducts threat analysis as directed and addresses detected incidents. Conducts network or software vulnerability assessments and penetration testing utilizing reverse engineering techniques. Perform vulnerability analysis and exploitation of applications, operating systems or networks. Identifies intrusion or incident path and method. Isolates, blocks or removes threat access. Evaluates system security configurations. Evaluates findings and performs root cause analysis. Performs analysis of complex software systems to determine both functionality and intent of software systems. Resolves highly complex malware and intrusion issues. Contributes to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations. Works with moderate guidance in own area of knowledge. Employees at all levels are expect to: - Understand our Operating Principles; make them the guidelines for how you do your job - Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services - Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences - Win as a team - make big things happen by working together and being open to new ideas - Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers - Drive results and growth - Respect and promote inclusion and diversity - Do what's right for each other, our customers, investors and our communities" Job Description Core Responsibilities Strong customer focus with the ability to advise and work closely with application teams and vendors on mitigation. Exposure to commercial and open-source tools such as Burpsuite, Metasploit, WebInspect, Nessus, Qualys, Nexpose, nmap, Kali Linux, etc. Experience cataloguing and risk-scoring vulnerabilities discovered through assessments. Good understanding and experience with: Web application security assessment, including hands-on techniques. Hands-on experience in identifying, mitigating, and remediating vulnerabilities based on OWASP Top10 (API, Web) Basic Scripting knowledge with the capability to automate analysis of technical engineering tasks. CVSS scoring and its use in risk rating What success looks like Prompt, effective curation of security vulnerabilities. Responsiveness to internal customer requests. Validation of remediated tickets within published service level agreements (SLAs). What You Can Expect A cool and casual work environment with opportunities to showcase your skills. A culture of innovation and continuous learning. Training, support, and mentoring to expand and evolve your expertise. Opportunities to impact the security of Comcast products in millions of homes and businesses What We Require: Bachelor's Degree in Computer Science, Information Systems, or other related field or equivalent work experience. Disclaimer: This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications. Comcast is proud to be an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law. Base pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits to eligible employees. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That’s why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality – to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the compensation and benefits summary on our careers site for more details. Education Bachelor's Degree While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience. Relevant Work Experience 2-5 Years