277 Nmap Jobs - Page 6

Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network & blockchain. Experience in both commercial and open source tools likeBurp Professional, Nmap, Kali, Metasploit, etc. Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. Experience in preparing a security threat model and associated test plans. Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results. In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred. Knowledge of current information security threats Primary Skills Certification on CEH (Certified Ethical Hacker). OSCP (Offensive Security Certified Professional) is desirable.

Project Role : Software Development Engineer Project Role Description : Analyze, design, code and test multiple components of application code across one or more clients. Perform maintenance, enhancements and/or development work. Must have skills : SDV Product Security Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Software Development Engineer, you will engage in a dynamic work environment where you will analyze, design, code, and test various components of application code across multiple clients. Your typical day will involve collaborating with team members to perform maintenance and enhancements, ensuring that the software meets the highest standards of quality and functionality. You will also be responsible for developing new features and addressing any issues that arise, contributing to the overall success of the projects you are involved in. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Mentor junior team members to enhance their skills and knowledge.- Continuously evaluate and improve development processes to increase efficiency.Perform penetration testing of SoC Automotive products.Establish the Security goals and requirements.Verification strategies in compliance with ISO 21434Develop test specifications, test cases, and test plans for security vulnerability testing.Scan vulnerabilities with regards to CVSS levels and patch fixing from NIST database.Perform code-level fuzz testing using open source tools.Support documentation of test results and collaborate with the development teamParticipate in automating test process within CI/CD environments.Setup and maintain traceability in compliance with Automotive SPICE requirementsExperience in tools like OpenVAS, Nmap , wireshark, penetration testing for embedded systems. Experience in Automotive domain is a must.Practical experience performing TARA, security concepts and other Cybersecurity Artefacts mentioned in IS021434 Professional & Technical Skills: - Must To Have Skills: Proficiency in SDV Product Security.- Strong understanding of secure software development practices.- Experience with threat modeling and risk assessment.- Familiarity with security testing tools and methodologies.- Knowledge of compliance standards related to software security. Additional Information:- The candidate should have minimum 5 years of experience in SDV Product Security.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Job Description Vacancy for Cataract Surgeon (Ophthalmologist) Qualification: MBBS in Any Specialization, MS/MD in Opthalmology Experience : 1-5 Years Location: The Retina Centre, Rukminigaon, Guwahati Job Description : Surgeons with experience of doing Phaco surgery in topical/ LA independently. Candidates should be well versed with all OPD and clinical procedures of Ophthalmology and Refractive procedures.

Qualification : MBBS in Any Specialization, MS/MD in Opthalmology Experience : 1-5 Years Location: The Retina Centre, Rukminigaon, Guwahati Job Description : Surgeons must have experience of doing surgery independently. Also needs to be experienced in dealing with all OPD and clinical procedures of Ophthalmology.

🔐 Cybersecurity Intern 📍 Location: Remote (100% Virtual) 📅 Duration: 3 Months 💸 Stipend for Top Interns: ₹15,000 🎁 Perks: Certificate | Letter of Recommendation | Full-Time Offer (Performance-Based) About INLIGHN TECH INLIGHN TECH is dedicated to delivering practical, industry-relevant learning experiences through immersive virtual internships. Our Cybersecurity Internship is designed to equip aspiring professionals with real-world skills in ethical hacking, threat analysis, and system defense through hands-on projects and guided mentorship. Internship Overview As a Cybersecurity Intern , you will gain critical exposure to information security principles, ethical hacking techniques, and cyber threat analysis . You will work on identifying vulnerabilities, simulating attacks, and building defenses — preparing you for roles in one of the most in-demand fields in tech. 🔧 Key Responsibilities Assist in conducting vulnerability assessments and penetration testing Analyze and monitor network traffic for suspicious activity Perform security audits and help develop incident response protocols Use industry-standard tools like Nmap, Wireshark, Burp Suite, Metasploit , etc. Research emerging threats and recommend mitigation strategies Learn and apply OWASP Top 10 concepts and security best practices Document findings and support internal cybersecurity reporting ✅ Qualifications Pursuing or recently completed a degree in Cybersecurity, IT, Computer Science , or related field Basic understanding of networking, operating systems, and web security concepts Familiarity with tools such as Kali Linux, Burp Suite, Nessus, or similar Passion for ethical hacking, threat hunting, and system security Strong analytical skills and eagerness to learn Knowledge of Linux/command-line interfaces is a plus 🎓 What You’ll Gain Hands-on experience with real-world cybersecurity tasks and tools Deep understanding of cyber threats, vulnerabilities, and protection strategies Internship Certificate of Completion Letter of Recommendation for top performers Potential Full-Time Offer based on performance A portfolio of cybersecurity assessments and reports to showcase your skills Show more Show less

About the role: We are seeking an experienced and innovative Director - IT Infra to lead our IT Infrastructure and IT Security teams. The ideal candidate will drive the management and strategic oversight of on-premises datacenter assets, end user systems and on-cloud SaaS / PaaS / IaaS services with a focus on Microsoft and Open-Source technologies, while leading initiatives to transition workloads from current on-premises to hybrid cloud ecosystem. Leadership and Management: 1. Work closely with CTO to define a strategic direction for organization IT ecosystem and align them to business objectives; digital transformation initiatives and “Right-Fit” technology. 2. Formulate, strategize and implement IT and InfoSec policies aligning them to industry standards; best practices / guidelines and organization goals. 3. Managing vendor / service provider relationships and run periodic cost optimization through vendor / tool consolidation and timely AMC negotiations / renewals. 4. Develop and implement change management processes to ensure smooth transition and adoption of new technologies. Communicate changes to all stakeholders and provide necessary support during change. 5. Lead the IT Infra team and IT InfoSec teams. Foster an innovation driven, collaborative, ever learning and high-performance team environment. IT Infrastructure Management: 1. Lead initiatives to migrate on-premises workloads to Microsoft Azure and integrate Open-Source tools like Docker and Kubernetes. Developing and executing strategies for the migration of data and applications to cloud-based infrastructure. 2. Manage on-premises servers using Microsoft Windows Server and Linux Ubuntu running on virtualization platforms like VMware ESXi and Linux KVM. 3. Ensure the reliability, availability. performance, security and high uptime of all IT assets, including hardware like Dell servers; HPE servers; SAN Data Storages; WAN / LAN Devices; EPABX systems etc. 4. Develop and implement maintenance schedules using tools like Microsoft System Center. Setting up, managing and monitoring organization's datacenter operations. 5. Oversee network architecture, connectivity uptime, and network performance using Cisco routers, switches, and other communication devices. 6. Setup IT Infrastructure Monitoring Tools to identify and resolve IT infrastructure problems before they can adversely affect critical business processes. Report to management team insight into the status of physical, virtual, and cloud systems and help ensure availability and performance. Security and Compliance: 1. Implement and manage security measures, including Next-Generation Firewalls; IDS / IPS; VPNs; Next-Generation Endpoint Security; DLP; IRM / EDRM; Web Proxy etc. 2. Conduct regular security assessments at server level and network level using tools like Nessus, Nmap etc. to assess security implementation and mitigate vulnerabilities. 3. Ensure compliance with security policies and procedures using SIEM solutions like Splunk and ensure zero data theft and data leakage. 4. Monitor and respond to security incidents with solutions like Microsoft Defender for Cloud and Open-Source tools such as Wazuh, OSSEC etc. 5. Ensure compliance with industry regulations and standards, maintaining certifications such as ISO 9001, ISO 27001, PCI DSS. 6. Implement disaster recovery and business continuity plans based on best practices and industry standards using solutions such as Commvault, Borg, Veeam etc. Innovation and Improvement: 1. Identify opportunities for technological improvements and innovation with a focus on Microsoft / Open-Source solutions and build blueprints to transition from older technology leading to reduce TCO and enhanced systems experience. 2. Promote the adoption of emerging technologies and open-source tools to enhance business / IT operations. 3. Setup key IT processes and capture data touchpoints to evaluate IT Teams performance and OKRs. Build a culture of continuous improvement and service excellence. 4. Provide leadership to drive Infrastructure and Network Security maturity improvements across the organization, in line with the changing Threat Landscape, Regulatory and Compliance requirements etc. 5. Rewire the current processes, practices and disciplines for IT Service Management using ITIL principles aligning IT services with the needs of the business. Competencies : IT Policy Development, Hybrid Cloud Implementation, IT Hardware Management, Network Management, IT Security Implementation, IT Process Optimization, Change Management, Vendor Management Experience : 1. 10-12 years of experience in IT infrastructure management and information security. 2. Must have proven experience leading and managing complex hybrid IT teams. 3. Must have proven experience in leading initiatives to transition workloads from current on-premises to hybrid cloud ecosystem. 4. Must have proven experience in implementing and managing IT Security, Business Continuity Plans, Disaster Recovery Frameworks and Security Audits. 5. Must have technical proficiency and hands-on experience with Microsoft technologies (e.g., Windows Server, Azure Services, Microsoft 365, SharePoint etc.) and Open-Source technologies (e.g., Ubuntu Linux, KVM, Docker, Kubernetes etc.). 6. Experience in managing datacenter operations, network systems and virtualization environments. 7. Experience with IT process optimization and implementing change management processes. 8. Any relevant industry certifications like CISSP, CISM, Azure Solutions Architect Expert, Red Hat Certified, Cisco Certified Network Professional etc. will be added advantage. 9. Experience working in large publication company, management consulting company or Tier 1 startups will be added advantage. Show more Show less

We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure you re set up for success, you will bring the following skillset & experience: 5+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

We are looking for a Senior Penetration Tester to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Here is how, through this exciting role, YOU will contribute to BMC's and your own success: Primary Roles and Responsibilities: Lead security assessments of applications and solutions deployed on IBM z/OS-based environments. Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems.. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure you re set up for success, you will bring the following skillset & experience: 8+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

Who are we and what do we do? BrowserStack is the world's leading software testing platform powering over two million tests every day across 19 global data centers. BrowserStack's products help developers build bug-free software for the 5 billion internet users accessing websites and mobile applications through millions of combinations of digital environments—devices, browsers, operating systems, and versions. We help Tesco, Shell, NVIDIA, Discovery, Wells Fargo, and over 50,000 customers deliver quality software at speed by moving testing to our Cloud. With BrowserStack, Dev and QA teams can move fast while delivering an amazing experience for every customer. BrowserStack was founded by Ritesh Arora and Nakul Aggarwal in 2011 with the vision of becoming the testing infrastructure for the internet. We recently secured $200 million in Series B funding at a $4 billion valuation in June 2021. At BrowserStack We Solve Real Problems—each Day Is a Unique Challenge And An Opportunity To Make a Difference. We Strive To Be Open, Transparent, And Collaborative, So No Feat Is Too Big To Achieve. BrowserStack Is An Extension Of Its People And a Place Where They Can Grow Both Professionally And Personally. To That Effect, We’re Humbled To Be Recognized By Leading Organizations Around The World BrowserStack is Great Place to Work-Certified™ 2020-21 Named “SaaS Startup of the Year” in 2022 by SaaSBOOMi Ranked in Forbes Cloud 100 in 2021 - for the second time Featured in LinkedIn Top Startups India 2018 NOTE : This position is for Mumbai (Remote), please apply only if are from Mumbai or open to relocate to Mumbai. Role In a Nutshell As a Security Analyst, you will be responsible for identifying and mitigating security risks by conducting penetration tests and automating security processes. You will work closely with engineering teams to ensure vulnerabilities are effectively remediated and security is integrated into development workflows. Desired Experience - Experience of 1-3 years. Understanding of vulnerability assessment, secure code review, pentesting methodologies, OWASP Top 10, and API security. Experience with tools like Burp Suite, Nmap, Metasploit, TCPDump, etc. Proficiency in at least one scripting language (e.g., Python, Bash) for automating security tasks. Basic knowledge of Linux commands, file system navigation, and networking concepts. Strong interpersonal and communication skills (written and verbal). Ability to take initiative and deliver committed results. Exposure to cloud security principles in AWS, GCP, or Azure (good to have). What will you do? Conduct penetration tests on web applications, APIs, and infrastructure. Automate security testing and vulnerability detection. Work with developers to remediate vulnerabilities and implement security best practices. Vulnerability management - triage and manage vulnerabilities identified through scanning and manual efforts Benefits In addition to your total compensation, you will be eligible for following benefits, which will be governed by the Company policy: Medical insurance for self, spouse, upto 2 dependent children and Parents or Parents-in-law up to INR 5,00,000 Gratuity as per payment of Gratuity Act, 1972 Unlimited Time Off to ensure our people invest in their wellbeing, to rest and rejuvenate, spend quality time with family and friends Remote-First work environment that allows our people to work from anywhere in India Remote-First Benefit for home office setup, connectivity, accessories, co-working spaces, wellbeing to ensure an amazing remote work experience Show more Show less

Job Title: Consultant / Manager / Senior Manager – VAPT Location: Gurgaon Experience Required: 2 to 10 years Work Mode: Onsite (Gurgaon) Certification: OSCP – Mandatory Role Overview: We are looking for skilled cybersecurity professionals across levels ( Consultant to Senior Manager ) to join our Vulnerability Assessment & Penetration Testing (VAPT) team in Gurgaon . You will play a critical role in executing and leading security assessments across applications, infrastructure, network, and source code to identify vulnerabilities and recommend effective remediation. Key Responsibilities: For All Levels: Perform end-to-end VAPT on web applications, mobile applications, network, infrastructure, cloud, and source code . Identify, exploit, and document vulnerabilities with clear technical and business impact. Use both manual and automated tools to conduct deep-dive penetration testing. Prepare and present technical reports with actionable recommendations. Ensure adherence to OWASP, NIST, ISO 27001, PCI-DSS, and RBI cybersecurity guidelines . Additional Responsibilities Based on Experience Level: Manager / Senior Manager: Lead a team of consultants and guide them through complex assessments. Oversee project timelines, quality, and client deliverables. Engage with senior stakeholders (CIOs, CISOs, Security Heads) to discuss findings and mitigation strategies. Support practice development, training initiatives, and RFP support. Consultants / Senior Consultants: Execute hands-on penetration testing under guidance from seniors. Maintain high-quality documentation and assist in tool integration. Continuously upgrade skills through research and certification prep. Required Skills & Qualifications: 2 to 10 years of hands-on experience in penetration testing and vulnerability assessment . Strong knowledge of manual testing techniques beyond automated scanners. Expertise with tools such as Burp Suite, Metasploit, Nmap, Nessus, Qualys, AppScan, Fortify, Wireshark , etc. OSCP certification is mandatory. Familiarity with secure coding , scripting, and one or more programming languages (e.g., Python, Java, JavaScript). Good understanding of cloud security testing (AWS, Azure, GCP) is a plus. Strong analytical, communication, and report-writing skills. Show more Show less

Application Security Perform security reviews, code audits, and threat modeling of web and mobile applications. Work with DevOps and development teams to integrate secure coding practices and tools (e.g., SAST, DAST, SCA). Conduct penetration testing and vulnerability assessments on internal and external applications. Remediate OWASP Top 10 and other emerging threats. Infrastructure & Server Security Harden Linux and Windows servers following CIS/NIST benchmarks. Implement endpoint security solutions (AV, EDR, MDM). Monitor, detect, and respond to system anomalies and unauthorized access. Manage patching and update cycles in coordination with system teams. Network Security Secure network architecture, firewall policies, VPNs, NAT, and VLAN segmentation. Analyze and mitigate threats like DDoS, MITM, spoofing, etc. Configure and manage intrusion detection/prevention systems (IDS/IPS). Perform routine audits and packet-level analysis for suspicious activity. Cloud Security Secure cloud infrastructure (Alibaba Cloud/AWS/Azure/GCP). Manage IAM, WAF, Security Groups, and cloud-native threat detection tools. Audit and improve security configurations in containers, CI/CD pipelines, and serverless deployments. Monitoring, Audit, and Compliance Work closely with compliance teams to meet standards like SAMA-CSF, ISO 27001, and PCI-DSS. Implement and tune SIEM/SOAR systems for proactive monitoring and incident response. Maintain audit trails, security reports, and logs for investigations and audits. Qualifications & Requirements Bachelors degree in computer science, Cybersecurity, or a related field. 4+ years of experience in cybersecurity roles with exposure to infrastructure and application security. Proficiency in tools like Burp Suite, Nessus, Wireshark, Nmap, Suricata, OSSEC/Wazuh, etc. Strong knowledge of TCP/IP, Linux security, cloud security, and secure coding principles. Experience with at least one cloud platform (Alibaba Cloud preferred). Familiarity with regulatory and compliance standards in the GCC region is a plus. Security certifications such as CEH, OSCP, CISSP, or CISM are a plus. Preferred Strong problem-solving and analytical skills. Ability to work under pressure in a fast-paced environment. Excellent communication skills to interface with technical and non-technical stakeholders. Self-motivated and able to work independently or as part of a team.

🛡️ Cyber Security Intern 📍 Location: Remote (100% Virtual) 📅 Duration: 3 Months 💸 Stipend for Top Interns: ₹15,000 🎁 Perks: Certificate | Letter of Recommendation | Full-Time Offer (Based on Performance) About INLIGHN TECH INLIGHN TECH is an emerging edtech platform that empowers students through hands-on, real-world learning experiences. Our Cyber Security Internship is designed to equip aspiring professionals with practical skills in ethical hacking, network defense, and vulnerability assessment through project-based learning. 🚀 Internship Overview As a Cyber Security Intern , you will gain real-world exposure to security tools, frameworks, and attack simulations . You will assist in identifying potential vulnerabilities, analyzing threats, and learning how to protect digital assets in real-time environments. 🔧 Key Responsibilities Assist in network monitoring , intrusion detection, and log analysis Conduct basic vulnerability scans and help remediate identified risks Use tools such as Wireshark, Nmap, Burp Suite, Metasploit , and Kali Linux Understand and apply frameworks like OWASP Top 10 and NIST Work on ethical hacking simulations and penetration testing Prepare basic reports on threats, vulnerabilities, and risk mitigation strategies Stay up to date with the latest cybersecurity trends and attack vectors ✅ Qualifications Currently pursuing or recently completed a degree in Cyber Security, IT, Computer Science , or a related field Basic understanding of networking, Linux systems, and cybersecurity principles Familiarity with ethical hacking tools and scripting (Python/Bash) is a plus Strong analytical and problem-solving skills Eagerness to learn, explore, and grow in the field of information security 🎓 What You’ll Gain Hands-on experience with cybersecurity tools and techniques Understanding of real-world security challenges and responses A portfolio of cybersecurity tasks/projects to showcase your skills Internship Certificate upon successful completion Letter of Recommendation for top-performing interns Opportunity for a Full-Time Offer based on performance Show more Show less

🔐 Cybersecurity Intern 📍 Location: Remote (100% Virtual) 📅 Duration: 3 Months 💸 Stipend for Top Interns: ₹15,000 🎁 Perks: Certificate | Letter of Recommendation | Full-Time Offer (Performance-Based) About INLIGHN TECH INLIGHN TECH is dedicated to delivering practical, industry-relevant learning experiences through immersive virtual internships. Our Cybersecurity Internship is designed to equip aspiring professionals with real-world skills in ethical hacking, threat analysis, and system defense through hands-on projects and guided mentorship. Internship Overview As a Cybersecurity Intern , you will gain critical exposure to information security principles, ethical hacking techniques, and cyber threat analysis . You will work on identifying vulnerabilities, simulating attacks, and building defenses — preparing you for roles in one of the most in-demand fields in tech. 🔧 Key Responsibilities Assist in conducting vulnerability assessments and penetration testing Analyze and monitor network traffic for suspicious activity Perform security audits and help develop incident response protocols Use industry-standard tools like Nmap, Wireshark, Burp Suite, Metasploit , etc. Research emerging threats and recommend mitigation strategies Learn and apply OWASP Top 10 concepts and security best practices Document findings and support internal cybersecurity reporting ✅ Qualifications Pursuing or recently completed a degree in Cybersecurity, IT, Computer Science , or related field Basic understanding of networking, operating systems, and web security concepts Familiarity with tools such as Kali Linux, Burp Suite, Nessus, or similar Passion for ethical hacking, threat hunting, and system security Strong analytical skills and eagerness to learn Knowledge of Linux/command-line interfaces is a plus 🎓 What You’ll Gain Hands-on experience with real-world cybersecurity tasks and tools Deep understanding of cyber threats, vulnerabilities, and protection strategies Internship Certificate of Completion Letter of Recommendation for top performers Potential Full-Time Offer based on performance A portfolio of cybersecurity assessments and reports to showcase your skills Show more Show less

Hybrid Description and Requirements "At BMC trust is not just a word - it's a way of life!" We are an award-winning, equal opportunity, culturally diverse, fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, because we know you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud! We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation! The IZOT product line includes BMC’s Intelligent Z Optimization & Transformation products, which help the world’s largest companies to monitor and manage their mainframe systems. The modernization of mainframe is the beating heart of our product line, and we achieve this goal by developing products that improve the developer experience, the mainframe integration, the speed of application development, the quality of the code and the applications’ security, while reducing operational costs and risks. We acquired several companies along the way, and we continue to grow, innovate, and perfect our solutions on an ongoing basis. We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles And Responsibilities Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure you’re set up for success, you will bring the following skillset & experience: 5+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes. CA-DNP BMC Software maintains a strict policy of not requesting any form of payment in exchange for employment opportunities, upholding a fair and ethical hiring process. At BMC we believe in pay transparency and have set the midpoint of the salary band for this role at 2,117,800 INR. Actual salaries depend on a wide range of factors that are considered in making compensation decisions, including but not limited to skill sets; experience and training, licensure, and certifications; and other business and organizational needs. The salary listed is just one component of BMC's employee compensation package. Other rewards may include a variable plan and country specific benefits. We are committed to ensuring that our employees are paid fairly and equitably, and that we are transparent about our compensation practices. ( Returnship@BMC ) Had a break in your career? No worries. This role is eligible for candidates who have taken a break in their career and want to re-enter the workforce. If your expertise matches the above job, visit to https://bmcrecruit.avature.net/returnship know more and how to apply. Min salary 1,588,350 Our commitment to you! BMC’s culture is built around its people. We have 6000+ brilliant minds working together across the globe. You won’t be known just by your employee number, but for your true authentic self. BMC lets you be YOU! If after reading the above, You’re unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply! We want to attract talents from diverse backgrounds and experience to ensure we face the world together with the best ideas! BMC is committed to equal opportunity employment regardless of race, age, sex, creed, color, religion, citizenship status, sexual orientation, gender, gender expression, gender identity, national origin, disability, marital status, pregnancy, disabled veteran or status as a protected veteran. If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page. Mid point salary 2,117,800 Max salary 2,647,250 Show more Show less

Description And Requirements CareerArc Code CA-DN Hybrid "At BMC trust is not just a word - it's a way of life!" We are an award-winning, equal opportunity, culturally diverse, fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, because we know you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud! We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation! BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing. A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. Roles And Responsibilities Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. Provide expert guidance on application security best practices. Research and develop new penetration testing methodologies, tools, and techniques. Qualifications & Skills 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. Penetration testing experience is essential; prior participation in bug bounty programs is a plus. Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. Ability to think creatively and analytically to identify and exploit vulnerabilities. Strong problem-solving skills when encountering unexpected challenges during testing. Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. Meticulous attention to detail in documenting findings and creating reports. Effective time management skills to meet project deadlines and testing schedules. High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. Optional: Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks. BMC Software maintains a strict policy of not requesting any form of payment in exchange for employment opportunities, upholding a fair and ethical hiring process. At BMC we believe in pay transparency and have set the midpoint of the salary band for this role at 1,638,100 INR. Actual salaries depend on a wide range of factors that are considered in making compensation decisions, including but not limited to skill sets; experience and training, licensure, and certifications; and other business and organizational needs. The salary listed is just one component of BMC's employee compensation package. Other rewards may include a variable plan and country specific benefits. We are committed to ensuring that our employees are paid fairly and equitably, and that we are transparent about our compensation practices. ( Returnship@BMC ) Had a break in your career? No worries. This role is eligible for candidates who have taken a break in their career and want to re-enter the workforce. If your expertise matches the above job, visit to https://bmcrecruit.avature.net/returnship know more and how to apply. Min salary 1,228,575 Our commitment to you! BMC’s culture is built around its people. We have 6000+ brilliant minds working together across the globe. You won’t be known just by your employee number, but for your true authentic self. BMC lets you be YOU! If after reading the above, You’re unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply! We want to attract talents from diverse backgrounds and experience to ensure we face the world together with the best ideas! BMC is committed to equal opportunity employment regardless of race, age, sex, creed, color, religion, citizenship status, sexual orientation, gender, gender expression, gender identity, national origin, disability, marital status, pregnancy, disabled veteran or status as a protected veteran. If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page. Mid point salary 1,638,100 Max salary 2,047,625 Show more Show less

Tesco India • Bengaluru, Karnataka, India • Full-Time • Permanent • Apply by 13-Jun-2025 About the role Systems Engineer III - Performance Engineer What is in it for you At Tesco, we are committed to providing the best for you. As a result, our colleagues enjoy a unique, differentiated, market- competitive reward package, based on the current industry practices, for all the work they put into serving our customers, communities and planet a little better every day. Our Tesco Rewards framework consists of pillars - Fixed Pay, Incentives, and Benefits. Total Rewards offered at Tesco is determined by four principles -simple, fair, competitive, and sustainable. Salary - Your fixed pay is the guaranteed pay as per your contract of employment. Leave & Time-off - Colleagues are entitled to 30 days of leave (18 days of Earned Leave, 12 days of Casual/Sick Leave) and 10 national and festival holidays, as per the company’s policy. Making Retirement Tension-FreeSalary - In addition to Statutory retirement beneets, Tesco enables colleagues to participate in voluntary programmes like NPS and VPF. Health is Wealth - Tesco promotes programmes that support a culture of health and wellness including insurance for colleagues and their family. Our medical insurance provides coverage for dependents including parents or in-laws. Mental Wellbeing - We offer mental health support through self-help tools, community groups, ally networks, face-to-face counselling, and more for both colleagues and dependents. Financial Wellbeing - Through our financial literacy partner, we offer one-to-one financial coaching at discounted rates, as well as salary advances on earned wages upon request. Save As You Earn (SAYE) - Our SAYE programme allows colleagues to transition from being employees to Tesco shareholders through a structured 3-year savings plan. Physical Wellbeing - Our green campus promotes physical wellbeing with facilities that include a cricket pitch, football field, badminton and volleyball courts, along with indoor games, encouraging a healthier lifestyle. You will be responsible for Collaborate with product managers and developers to understand product requirements and contribute to performance-focused design discussions. Create and maintain comprehensive non-functional test cases and use cases tailored to performance testing needs. Translate NFRs into detailed performance and security test plans, including SLAs, SLOs, and capacity benchmarks. Develop detailed performance test plans, including test cases and test data, and ensure alignment with business expectations. Execute various types of performance testing such as load, stress, scalability, and endurance tests to assess system behaviour under different conditions. Analyse performance test results to identify bottlenecks and inefficiencies and provide actionable insights for resolution. Monitor system performance using diagnostic tools and provide real-time feedback during testing cycles. Automate performance tests using modern, open-source tools and scripting languages to streamline testing processes. Collaborate with DevSecOps to integrate security testing into CI/CD workflows and enforce shift-left security practices. Document and report security vulnerabilities with risk ratings, reproduction steps, and remediation guidance. Work closely with QE, DevOps, and Development teams to ensure performance and security best practices are embedded throughout the SDLC. Provide detailed test reports, dashboards, and technical documentation for stakeholders. You will need Bachelor’s degree in computer science or a related engineering discipline. 12+ years of experience in Quality Engineering preferably in retail orgs or product organisations Application Testing: Hands-on experience in performance testing of APIs, microservices, web applications, and native mobile apps. Performance Testing Tools: Proficient in industry-standard tools such as JMeter, K6, Locust, Gatling, etc for load and stress testing. Scripting & Automation: Strong programming skills in Java, Python, and Shell scripting for developing and automating performance test scripts. Monitoring & Diagnostics: Expertise in using APM and logging tools - AppDynamics, Dynatrace, Splunk, New Relic, RunScope, Grafana to monitor & analyze system performance. Cloud & Containerization: Solid understanding of cloud platforms (Azure), container orchestration (Kubernetes), and containerization (Docker) for scalable performance testing. Database Performance: Ability to analyze and optimize SQL queries and database performance; familiarity with SQL, NoSQL databases, and pub-sub messaging systems. Infrastructure Knowledge: Understanding of load balancers, infrastructure design, and application architecture in both Azure cloud and on-premises environments. Security Tools: Experience with security and vulnerability assessment tools such as Burp Suite, OWASP ZAP, Metasploit, Nessus, and Nmap. Security Best Practices: Strong grasp of OWASP Top 10, CWE/SANS Top 25, and secure coding principles. Operating Systems: Comfortable working in Linux/Unix environments. Analytical Skills: Excellent problem-solving, debugging, and troubleshooting abilities. Communication: Strong verbal and written communication skills, with the ability to convey complex technical concepts clearly. About us Tesco in Bengaluru is a multi-disciplinary team serving our customers, communities, and planet a little better every day across markets. Our goal is to create a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility through technological solutions, and empowering our colleagues to do even more for our customers. With cross-functional expertise, a wide network of teams, and strong governance, we reduce complexity, thereby offering high-quality services for our customers. Tesco in Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 3,30,000 colleagues Tesco Technology Today, our Technology team consists of over 5,000 experts spread across the UK, Poland, Hungary, the Czech Republic, and India. In India, our Technology division includes teams dedicated to Engineering, Product, Programme, Service Desk and Operations, Systems Engineering, Security & Capability, Data Science, and other roles. At Tesco, our retail platform comprises a wide array of capabilities, value propositions, and products, essential for crafting exceptional retail experiences for our customers and colleagues across all channels and markets. This platform encompasses all aspects of our operations – from identifying and authenticating customers, managing products, pricing, promoting, enabling customers to discover products, facilitating payment, and ensuring delivery. By developing a comprehensive Retail Platform, we ensure that as customer touchpoints and devices evolve, we can consistently deliver seamless experiences. This adaptability allows us to respond flexibly without the need to overhaul our technology, thanks to the creation of capabilities we have built.

Description and Requirements "At BMC trust is not just a word - it's a way of life!" Description And Requirements CareerArc Code CA-DN Hybrid "At BMC trust is not just a word - it's a way of life!" We are an award-winning, equal opportunity, culturally diverse, fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, because we know you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud! We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation! BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing. A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. Roles And Responsibilities Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. Provide expert guidance on application security best practices. Research and develop new penetration testing methodologies, tools, and techniques. Qualifications & Skills 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. Penetration testing experience is essential; prior participation in bug bounty programs is a plus. Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. Ability to think creatively and analytically to identify and exploit vulnerabilities. Strong problem-solving skills when encountering unexpected challenges during testing. Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. Meticulous attention to detail in documenting findings and creating reports. Effective time management skills to meet project deadlines and testing schedules. High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. Optional: Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks. BMC Software maintains a strict policy of not requesting any form of payment in exchange for employment opportunities, upholding a fair and ethical hiring process. At BMC we believe in pay transparency and have set the midpoint of the salary band for this role at 1,638,100 INR. Actual salaries depend on a wide range of factors that are considered in making compensation decisions, including but not limited to skill sets; experience and training, licensure, and certifications; and other business and organizational needs. The salary listed is just one component of BMC's employee compensation package. Other rewards may include a variable plan and country specific benefits. We are committed to ensuring that our employees are paid fairly and equitably, and that we are transparent about our compensation practices. ( Returnship@BMC ) Had a break in your career? No worries. This role is eligible for candidates who have taken a break in their career and want to re-enter the workforce. If your expertise matches the above job, visit to https://bmcrecruit.avature.net/returnship know more and how to apply. Show more Show less

Job Description We are seeking a skilled and experienced Cybersecurity Specialist to join our dynamic team. The ideal candidate will have 3-7 years of experience in cybersecurity roles and a strong technical background in information security. If you're passionate about protecting data, identifying vulnerabilities, and implementing robust security measures. Key Responsibilities Develop, implement, and maintain cybersecurity policies, firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security solutions, and data encryption. Conduct regular security assessments, risk analyses, and vulnerability assessments to identify potential weaknesses and mitigate risks. Experience in Web/Mobile/Network Penetration Testing and/or Vulnerability Assessment. Experience with web application vulnerability scanner (BurpSuite, AppScan, Acunetix, Web Inspect, etc). Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25. Deep knowledge of HTTP protocol and the ability to construct/manipulate HTTP requests. Ability to suggest/recommend remediation to fix vulnerability. Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. Knowledge on Tools: Nmap, Kali Linux, Metasploit, Maltego, Burp Suite, Nessus, nexpose, Wireshark, sqlmap etc. Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security : 3-7 years of experience in cyber security or a related field. Bachelor's degree in Computer Science, Information Security, Cyber Operations, or a related field (or equivalent experience). Strong understanding of networking concepts, security principles, and cyber threats. Proven experience with vulnerability scanning and penetration testing tools. Knowledge of regulatory requirements and compliance frameworks (e.g., PCI DSS, NIST, CIS Controls). Experience in Information security controls, and doing IT audits, ISO certifications is preferred. (ref:hirist.tech) Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills And Attributes For Success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

We are looking to hire a Cyber Security Engineer with strong analytical skills and a comprehensive understanding of cybersecurity principles. The ideal candidate will have hands-on experience in web application, network security and hardware security with the ability to identify vulnerabilities, execute penetration tests, and recommend effective mitigations. The role requires an individual who is detail-oriented, able to work under pressure, and capable of delivering results within tight deadlines. Responsibilities: Conduct web application penetration testing using established methodologies (e.g., OWASP). Perform network penetration testing and identify system-level vulnerabilities. Conduct hardware-level security assessments and penetration tests on embedded systems, PCBs, SoCs, firmware, and IoT devices. Perform side-channel analysis, fault injection, and reverse engineering of hardware and firmware. Analyze firmware images for vulnerabilities using both static and dynamic methods. Analyse existing security measures and recommend improvements. Document findings, provide detailed risk assessments, and deliver remediation strategies. Advise on and implement security best practices across applications and infrastructure. Collaborate with development and infrastructure teams to ensure secure design and implementation. Stay current with evolving threats, vulnerabilities, and mitigation techniques. If experienced, conduct mobile application penetration testing (preferred, not mandatory). Requirements: A degree in computer science, IT, systems engineering, or related qualification. Core experience and profound knowledge in application and infrastructure security testing. Strong understanding and hands on experience on application and infrastructure vulnerabilities, automated/manual testing, auditing and remediation techniques. Strong understanding of OWASP Threats classification Experience with standard security tools such as Metasploit, SQLMap, Nmap, OWASP ZAP, Burp Suite etc. Experience with network/infrastructure vulnerability assessment tools such as Nessus, Qualys etc. Experience with establishing penetration testing procedures and processes. Proficiency in any one of the scripting languages like Python, C++, Java, Ruby, Node, Go, and/or Power Shell Ability to work under pressure in a fast-paced environment. Strong attention to detail with an analytical mind and outstanding problem-solving skills. Great awareness of cybersecurity trends and hacking techniques. Good to have: Understanding of server and client-side application development. Experience with performing code review, wireless and firewall assessments. Experience in evasion techniques to bypass firewalls and intrusion detection systems. Experience with Mobile Application Penetration testing, APIs etc. Knowledge in Application Architecture Review, Threat Modelling concepts Security Certifications: OSCP, OSEE, OSCE etc.

Experience: 1 - 3 years Location: New Delhi Job Description : The Security Analyst will be responsible for conducting comprehensive security assessments, including audits, penetration testing, and compliance evaluations. This role requires a meticulous, analytical professional with OSCP and CEH certifications, capable of identifying vulnerabilities and recommending technical and strategic security improvements. Number of Requirements : 01 Key Responsibilities : Perform technical security audits across internal and client infrastructures (networks, systems, and applications). Conduct vulnerability assessments and manual penetration testing, including both black-box and white-box scenarios. Analyze security policies, standards, and configurations against best practices and compliance frameworks. Develop detailed audit and assessment reports with risk ratings and mitigation strategies. Collaborate with internal teams and client stakeholders to understand business requirements and security needs. Participate in incident response planning and security awareness training initiatives. Stay informed about the latest threats, attack techniques, and regulatory developments. Required Qualifications : Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience. Active OSCP (Offensive Security Certified Professional) certification. Active CEH (Certified Ethical Hacker) certification. 3+ years of experience in information security auditing, penetration testing, or ethical hacking. Strong understanding of operating systems (Linux, Windows), networking, and web application security. Hands-on experience with tools such as Burp Suite, Nmap, Metasploit, Wireshark, Nessus, etc. Excellent documentation and communication skills. Preferred Qualifications : Experience conducting audits for compliance standards (ISO 27001, PCI-DSS, HIPAA, etc.). Exposure to cloud environments (AWS, Azure, GCP) and their security models. Scripting knowledge in Python, Bash, or PowerShell. Additional certifications such as CISA, CISSP, or GPEN are a plus.

? Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails

Your Role and Responsibilities Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design. Key responsibilities Plan the penetration test Select, design and create appropriate tools for testing Perform the penetration test on computer systems, networks, web-based and mobile applications Document your methodologies, findings Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs. Review your findings and feedback to development teams Analyse the outcomes and make recommendations for security improvements Carry out application, network, systems and infrastructure penetration tests Review physical security and perform social engineering tests where appropriate Evaluate and select from a range of penetration testing tools Keep up to date with latest testing and ethical hacking methods Deploy the testing methodology and collect data Report on findings to a range of stakeholders Make suggestions for security improvements Enhance existing methodology material Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Experience – 2 to 5 years in Cybersecurity Web Application Testing Basic understanding of HTTP Protocol HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc. Basic understanding of HTML/JavaScript Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities Automated Testing Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.) Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan. Assessment of scanner results and intelligently identifying false positives from the scan results. Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender. Manual Testing: Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing. Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities. Preferred technical and professional experience Preferred Professional and Technical Expertise Webservice Testing SOAP/REST APIs testing. Configuring cURL commands and POSTMAN tool to capture the request in automated scanner. Network Testing Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc. Basic understanding of network devices like router, switches, firewall/IDS/IPS etc.. Network scanning tools such as Nessus, Nmap, Metasploit etc. Exploitation and Post Exploitation of network vulnerabilities. Threat Model and Source code security scanning Perform/Participate in threat model creation/design or review Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools. Security Certifications Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills and attributes for success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What we look for Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What working at EY offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Application Security Perform security reviews, code audits, and threat modeling of web and mobile applications. Work with DevOps and development teams to integrate secure coding practices and tools (e.g., SAST, DAST, SCA). Conduct penetration testing and vulnerability assessments on internal and external applications. Remediate OWASP Top 10 and other emerging threats. Infrastructure & Server Security Harden Linux and Windows servers following CIS/NIST benchmarks. Implement endpoint security solutions (AV, EDR, MDM). Monitor, detect, and respond to system anomalies and unauthorized access. Manage patching and update cycles in coordination with system teams. Network Security Secure network architecture, firewall policies, VPNs, NAT, and VLAN segmentation. Analyze and mitigate threats like DDoS, MITM, spoofing, etc. Configure and manage intrusion detection/prevention systems (IDS/IPS). Perform routine audits and packet-level analysis for suspicious activity. Cloud Security Secure cloud infrastructure (Alibaba Cloud/AWS/Azure/GCP). Manage IAM, WAF, Security Groups, and cloud-native threat detection tools. Audit and improve security configurations in containers, CI/CD pipelines, and serverless deployments. Monitoring, Audit, and Compliance Work closely with compliance teams to meet standards like SAMA-CSF, ISO 27001, and PCI-DSS . Implement and tune SIEM/SOAR systems for proactive monitoring and incident response. Maintain audit trails, security reports, and logs for investigations and audits. Qualifications & Requirements Bachelor’s degree in computer science, Cybersecurity, or a related field. 4+ years of experience in cybersecurity roles with exposure to infrastructure and application security. Proficiency in tools like Burp Suite, Nessus, Wireshark, Nmap, Suricata, OSSEC/Wazuh, etc. Strong knowledge of TCP/IP, Linux security, cloud security, and secure coding principles. Experience with at least one cloud platform (Alibaba Cloud preferred). Familiarity with regulatory and compliance standards in the GCC region is a plus. Security certifications such as CEH, OSCP, CISSP, or CISM are a plus. Preferred Strong problem-solving and analytical skills. Ability to work under pressure in a fast-paced environment. Excellent communication skills to interface with technical and non-technical stakeholders. Self-motivated and able to work independently or as part of a team. Minimum 5 + yrs of exp as security specialists Job Types: Full-time, Permanent Pay: ₹2,000,000.00 per year Benefits: Health insurance Leave encashment Paid sick time Provident Fund Schedule: Day shift Monday to Friday Morning shift Education: Bachelor's (Preferred) Experience: Information security: 5 years (Preferred) audit: 4 years (Preferred) Compliance management: 4 years (Preferred) SoC: 1 year (Preferred) Work Location: In person