277 Nmap Jobs - Page 7

Category: Administration Main location: India, Karnataka, Bangalore Position ID: J0625-0283 Employment Type: Full Time Position Description: Company Profile: Founded in 1976, CGI is among the largest independent IT and business consulting services firms in the world. With 94,000 consultants and professionals across the globe, CGI delivers an end-to-end portfolio of capabilities, from strategic IT and business consulting to systems integration, managed IT and business process services and intellectual property solutions. CGI works with clients through a local relationship model complemented by a global delivery network that helps clients digitally transform their organizations and accelerate results. CGI Fiscal 2024 reported revenue is CA$14.68 billion and CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Learn more at cgi.com. Job Title: Cyber Security Engineer Position: Senior Systems Engineer/Lead Analyst Experience: 7+ yrs Category: IT Infrastructure Main location: Bangalore Position ID: J0625-0283 Employment Type: Full Time Qualification: Bachelor's degree in Computer Science or related field or higher with minimum 3 years of relevant experience. Job Description: At least 7+ years’ Experience in Vulnerability Assessment and Penetration testing of web applications, mobile applications, API and thick client applications. Good knowledge on web application security, OWASP, Application Security testing, Network Penetration testing, Code Review, Vulnerability Assessment and Appscan Experience in cyber security penetration testing (Manual, PT, VAPT, DAST, SAST, API) Hands on experience in setting up the network environment for VAPT Manual penetration testing skills and techniques are required besides automated tools and frameworks. Hands on experience in identifying false positives Hands on knowledge on tools: Burp Suite Professional, Qualys, Nmap, Kali Linux, Metasploit, Nessus, Wireshark, Sqlmap, Checkmarx etc Strong knowledge of tools for mobile application security, including but not limited to Appuse, MOBSF, Geny Motion, Kali Linux, BURP, PostMan, Appie, Mobisec, NowSecure, HP Fortify On Demand Good Understanding of OWASP Top 10 for web application security and Mobile application security. Perform mobile vulnerability assessment and Penetration testing. Good understanding of Microservice based architecture Experience working in a DevSecOps environment with knowledge of continuous integration, containers, DAST/SAST tools Good understanding of Database security requirements. Good knowledge of cloud environments and should be able to perform VAPT on AWS, Azure etc. Scripting and coding experience(good to have) Certifications: OSCP, CEH Must have Skills : Good knowledge on web application security, OWASP, Application Security testing, Network Penetration testing, Code Review, Vulnerability Assessment and Appscan Experience in cyber security penetration testing (Manual, PT, VAPT, DAST, SAST, API) Hands on experience in identifying false positives Hands on knowledge on tools: Burp Suite Professional, Qualys, Nmap, Kali Linux, Metasploit, Nessus, Wireshark, Sqlmap, Checkmarx etc Good to have Skills : Excellent customer interfacing skills. Excellent written and verbal communication skills. Participating in Daily Standups and weekly reviews Strong attention to detail and outstanding analytical and Problem-solving skills. Understanding of Business, emerging technologies in relevant industry (Banking/CIAM ) , strong understanding of trends (market and technology) in areas of specialization. CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs. Life at CGI: It is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons Come join our team, one of the largest IT and business consulting services firms in the world Skills: Vulnerability Assessment(IAVA) What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Development, implementation, monitoring, maintenance, and management of threats, security controls, processes, procedures and systems. Provides trusted advisor overview and management for information security projects and technical requirements. Provides threat management support for firewalls, intrusion detection systems, enterprise anti-virus, web application firewalls, and log monitoring tools. Manages internal/external vulnerability management program and oversight for code reviews or application security scan reviews as part of the Application Security management program. Manages the company’s Incident Response process in coordination with managed SOC vendor to monitor and respond to security alerts from all assets storing, processing, transmitting company confidential/sensitive data including PCI and PII data assets. Provides technical expertise in support of information technology assessments, penetration tests, and/or audits (PCI/SOX/HIPAA/other) of organizational automated systems and processes and will play a critical role in designing, maintaining and enhancing our organization's cybersecurity posture. Works closely with cross-functional teams to identify and implement robust security measures, detect, and respond to security incidents, and ensure the overall integrity and confidentiality of our systems and data. Essential Duties and Responsibilities Other duties may be assigned. In the event of absence, duties for this position will be overseen by the position to which it reports. Conducts analysis, develops technical and programmatic assessments, evaluates security engineering and integration initiatives and provides technical support to facilitate compliance with security policies, procedures, standards and guidelines. Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Analyze and review recent industry breaches for preventive cyber breach strategies. Provide threat intelligence research related to malware/virus identification. Responsible for reviewing and approving corporate, PCI In-scope firewall requests and WAF changes; perform WAF tuning as necessary. Monitor, report, and aid in the resolution of all security-related problems and discrepancies by monitoring assigned systems, maintaining documentation and provide management and any other appropriate areas with reporting as requested. Manage WAF, intrusion detection systems and in coordination with vendor SOC, ensure sufficient coverage to monitor PCI, PII, and all other assets storing, processing, transmitting company confidential/sensitive data. Ensure alerts from current and future systems are properly designed and monitored. Manage internal/external vulnerability management program and as appropriate expand scope of vulnerability scans, application/network penetration tests to cover enterprise and all systems/environments storing, processing, transmitting company confidential/sensitive data. Monitor intelligence sources for newly identified vulnerabilities, evaluate the risk such vulnerabilities pose to the organization's information and systems, and advise management of appropriate measures to eliminate or reduce the organization's risk or exposure to such vulnerabilities. Performs both internal/external vulnerability scanning and penetration testing. Analyzes information from those scans, as well as penetration tests, to mitigate and help IT stakeholders address system vulnerabilities. Provide technical support/oversight for code reviews or App scan reviews as part of Application Security management program. Provide technical support/oversight for security exception request process. Provide technical support for incident management and forensics. Monitor appropriate industry sources to maintain awareness of new security tools and techniques and research those tools and techniques that have the potential to improve the organization's ability to protect its information and infrastructure. Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines using generally-recognized security concepts tailored to meet the requirements of the organization. Provide expertise to support timely resolution of findings from information technology assessments, penetration tests, and/or audits of organizational automated systems and processes; as appropriate, develop and communicate recommendations for improvement to management. Provide reporting metrics/create and maintain dashboards for department functions. Proficient in the use of Word, Excel. Assist manager/director in planning, time budgeting and scheduling work for completion. Participate in opportunities that enhance personal and professional growth and the accomplishment of career objectives through continuing education, seminars and participation in field-related professional organizations. Accountable for execution of assigned tasks from start to finish, while fully leveraging the disciplines expected of a cybersecurity engineer according to department standards, procedures and processes. Stay current with emerging issues affecting the Cybersecurity profession. Qualifications (Include Education and Specific Experience) Strong understanding of data network configuration and infrastructure concepts, including TCP/IP, DNS, routers, firewalls, web servers and security hierarchy including the application of encryption key infrastructures and authentication processes. Knowledge of cloud security concepts (Azure/AWS). Strong experience with IT security standards and best practice frameworks. (like ISO 27001/27002, NIST/NIST CSF, ITIL, PCI, SOX) In depth experience working with internet and web application security frameworks like SANS, OWASP. Detailed technical knowledge of hardening concepts and audit for Unix, Linux, Windows servers and desktop systems, AWS EC2 instances. Excellent understanding of common application, network, and operating system vulnerabilities, current threat vectors and mitigations. Strong working knowledge of networking, routing, protocols, ports and services. Working knowledge of System Information Event Monitoring (SIEM), Intrusion Detection and Prevention System (IDS/IPS), web application firewalls, vulnerability scanning tools, encryption capabilities, Network Access Controls (NAC), Data Loss Prevention (DLP), NMAP, Vulnerability scanners, Wireshark, and other security related tools Experience working with leading security WAF like Akamai, Cloudflare. Experience working with logging and file integrity monitoring tools like LogRhythm, NXLog, Splunk. Demonstrated experience in conducting security assessments. Demonstrated experience in investigating security issues related to Internet, server, desktop, laptop, tablet, and other mobile device security issues; OS patching, hardening and anti-virus. Ability to work with subject matter experts and 3rd party MSSP to coordinate activities to complete security related projects or tasks in a timely manner. Proficient with programming logic concepts, scripting experience (like Python, JavaScript, PowerShell) Strong communication and teamwork skills to collaborate with cross-functional teams and convey complex security concepts to non-technical stakeholders. Security certifications like CEH or CISSP are desired. • Bachelor’s degree in Computer Science, Information Security Management, Engineering or equivalent is required. • 3-5 years of experience in network and application security in a multiple operating system environment. Job Type: Full-time Pay: ₹7,000.00 - ₹20,000.00 per month Schedule: Monday to Friday Night shift US shift Work Location: In person

Our Company Techvantage.ai is a next-generation technology and product engineering company at the forefront of innovation in Generative AI, Agentic AI , and autonomous intelligent systems . We build intelligent, secure, and scalable digital platforms that power the future of AI across industries. Role Overview We are looking for a Senior Security Specialist with 8+ years of experience in cybersecurity, cloud security, and application security. You will be responsible for identifying, mitigating, and preventing threats across our technology landscape — particularly in AI-powered, data-driven environments. This role involves leading penetration testing efforts , managing vulnerability assessments , and implementing best-in-class security tools and practices to protect our platforms and clients. What we are looking from an ideal candidate? Design and implement robust security architectures for cloud-native and on-prem environments. Conduct penetration testing (internal/external, network, application, API) and deliver clear remediation strategies. Perform regular vulnerability assessments using industry-standard tools and frameworks. Lead threat modeling and risk assessments across systems, services, and data pipelines. Collaborate with development and DevOps teams to integrate security in SDLC and CI/CD pipelines (DevSecOps). Define and enforce security policies, incident response procedures, and access controls. Monitor for security breaches and investigate security events using SIEM and forensic tools. Ensure compliance with global standards such as ISO 27001, SOC 2, GDPR, and HIPAA. Provide guidance on secure implementation of AI/ML components and data protection strategies. Preferred Skills What skills do you need? Requirements 8+ years of experience in information security, application security, or cybersecurity engineering. Proficient in penetration testing methodologies and use of tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nessus, OWASP ZAP, Qualys, etc. Deep experience in vulnerability management, patching, and security hardening practices. Strong understanding of OWASP Top 10, CWE/SANS Top 25, API security, and secure coding principles. Hands-on experience with cloud security (AWS, Azure, or GCP), IAM, firewalls, WAFs, encryption, and endpoint security. Familiarity with SIEM, EDR, IDS/IPS, and DLP solutions. Knowledge of DevSecOps and tools like Terraform, Kubernetes, Docker, etc. Excellent problem-solving, analytical, and incident-handling capabilities. Preferred Qualifications Certifications such as CISSP, CISM, CEH, OSCP, or AWS Security Specialty. Experience working on security aspects of AI/ML platforms, data pipelines, or model inferencing. Familiarity with governance and compliance frameworks (e.g., PCI-DSS, HIPAA). Experience in secure agile product environments and threat modeling techniques. What We Offer A mission-critical role securing next-gen AI systems Opportunity to work with an innovative and fast-paced tech company High visibility and leadership opportunities in a growing security function Compensation is not a constraint for the right candidate Show more Show less

JOB PURPOSE: The Head of mXDR Operations is responsible for leading and managing the operational aspects of cybersecurity at the airport, including oversight of the Managed Security Services Provider (MSSP) delivering SOC operations, Threat Hunting, Detection & Prevention, and Incident Response. The role also encompasses direct accountability for Information Security Operations covering both IT and OT (Operational Technology) domains, ensuring a unified and effective defense posture against cyber threats in a critical infrastructure environment. PRINCIPAL ACCOUNTABILITIES: SOC & mXDR Oversight Lead daily operations and governance of MSSP-managed Security Operations Center (SOC) and mXDR services. Review and validate alerts, use cases, playbooks, and tuning recommendations submitted by MSSP. Define and track service level agreements (SLAs), mean time to detect/respond (MTTD/MTTR), and other performance KPIs. Ensure continuous coverage across IT, cloud, and OT assets within the SOC’s visibility and telemetry scope. Collaborate with MSSP to plan capability upgrades (e.g., EDR, NDR, cloud telemetry integration). Optimize the performance of managed XDR solutions to proactively identify and mitigate risks. Monitor and evaluate partner performance, addressing any issues related to quality, cost, or delivery. Threat Hunting & Detection Engineering Guide the proactive hunting of threats across endpoints, networks, OT environments, and cloud workloads. Review hunting hypotheses and analytics built on threat intelligence, behavior analytics, and anomaly detection. Oversee development and refinement of detection rules, correlation logic, and behavioral models. Drive periodic reviews of MITRE ATT&CK coverage and detection effectiveness. Support threat simulation and emulation exercises (e.g., purple teaming) to enhance detection posture. Incident Response & Management Ensure a well-defined incident response plan is in place and regularly tested through simulations. Continuously improve detection and response capabilities based on threat intelligence and industry trends. Conduct post-incident reviews to identify lessons learned and improve processes. Act as the lead coordinator for high-severity and regulatory-reportable cyber incidents. Ensure MSSP follows incident response procedures and escalates as per predefined thresholds. Maintain and test incident response playbooks, RACI charts, and communication protocols. Coordinate evidence collection, forensic analysis, and root cause investigations. Oversee the implementation and verification of post-incident recovery and lessons learned. OT Cybersecurity Operations Work with the ICS Security SME to oversee deployment and operations of OT-specific security controls (e.g., ICS firewalls, passive monitoring). Support ICS Security SME in working with OT vendors and facilities teams to ensure security of SCADA, BMS, and other critical systems. Track vulnerabilities in OT assets and coordinate with ICS Security SME and stakeholders for safe remediation. Monitor lateral movement risks between IT and OT environments and enforce network segmentation. Ensure OT environments are covered in threat detection, logging, and alerting workflows. Information Security Operations Manage day-to-day internal security operations including DLP, endpoint protection, and access monitoring. Review all Change Requests and provide insight & recommendations ensuring CRs/amendments are fit for purpose, negotiated and executed by working with all stakeholders. Ensure critical patches, vulnerabilities, and security misconfigurations are tracked and remediated. Maintain visibility of high-value assets and enforce control compliance (e.g., logging, backup, access). Investigate user behavior anomalies and enforce insider threat detection measures. Coordinate identity and access management reviews for privileged and third-party access. Governance, Reporting & Compliance Generate monthly and quarterly dashboards covering alerts, incidents, SLAs, and threat trends. Report on MSSP adherence to contract deliverables, including risk exposure and gap analysis. Manage escalations as per contracted frameworks. Ensure unresolved escalations are tabled in governance forums and taken up for resolution. Drive the resolution of such escalations by working with all concerned stakeholders Coordinate with compliance teams for audits and regulatory inspections related to cybersecurity. Contribute to cyber risk assessments for critical airport systems and digital services. Ensure alignment with international frameworks (e.g., NIST CSF, ISO 27001, NIS2) and aviation-specific mandates. Strategic Leadership Provide strategic direction and leadership to the MSSP, fostering a culture of excellence and continuous improvement. Drive innovation in information security solutions and practices, ensuring the organization remains competitive and forward-looking. Act as a key advisor on Information Security matters, contributing to strategic decision-making. DIMENSIONS: Financial Optimize operational expenses while delivering high-value outcomes through effective vendor negotiations. Support financial risk mitigation by safeguarding against data breaches, penalties, and other cyber-related losses. Non-Financial Manage the MSSP (both remote and no-premises resources) with day-to-day tasks, review, and guidance on in-scope activities. Assess the skills, capabilities & expectations of the MSSP from time to time and work with MSSP management for right sourcing in BIAL account. Provide inputs on team capacity planning & hiring plans if any Lead and mentor MSSP team, fostering a high-performing team culture. Enhance the organization's ability to respond to and recover from cyber incidents effectively. Competency - Proficiency Level - Description: Cybersecurity Operations - Expert - Deep knowledge in SOC, SIEM, XDR, endpoint, network, and cloud security Threat Detection & Threat Hunting - Advanced - Experience in proactively identifying advanced threats and anomalies Incident Response & Forensics - Advanced - Skilled in leading structured incident response and root cause analysis OT Security - Intermediate - Understanding of OT systems and securing industrial environments Vendor & MSSP Management - Advanced - Strong experience in managing MSSP contracts and delivery governance Information Security Frameworks - Advanced - ISO 27001, NIST, MITRE ATT&CK, CIS Controls Communication & Reporting - Advanced - Capable of translating technical issues into business impact for leadership Risk Management & Compliance - Intermediate - Knowledge of regulatory and critical infrastructure compliance requirements Team Leadership & Collaboration - Advanced - Experience in leading internal security teams and cross-functional teams JOB SPECIFICATION: Knowledge and work skills: Comprehensive understanding of cybersecurity frameworks, technologies, and methodologies (e.g., NIST CSF, ISO 27001, MITRE ATT&CK, ITIL v3, PMP, TOGAF, ISO 20k & 27k and COBIT). Expertise in managed XDR operations, incident response, threat intelligence, and identity management. Familiarity with security architecture principles, ICS/OT security frameworks, and industrial protocols. Adequate knowledge of regulatory standards applicable to the industry. Proficient in process improvement and development practices Strong knowledge of SLA & service management, and operations management. Knowledge with InfoSec tools like: AV/EDR, Data Leakage Prevention, Metasploit, TripWire, Rapid7, Tenable, Snort, Nessus, Burp Suite, Appscan, Nmap, Wireshark, Firewalls, SIEM, SOAR, , SSE, CASB, PIM/PAM, WAF, O365 suite (Intune, Conditional access, Data classification and protection). Skills Minimum 10–12 years of experience in cybersecurity operations, with at least 5 years in a leadership or MSSP governance role. Experience in driving initiatives centered on continuous improvement, innovation, execution excellence, customer centricity and automation Analytical and problem-solving skills for assessing threats, vulnerabilities, and risks in complex environments. Exceptional communication and stakeholder management skills to influence decision-making and secure buy-in. Proven ability to lead cross-functional teams. Ability to build and maintain relationships with internal teams, partners, and external vendors. Qualifications Bachelor’s degree in computer science, Information Security, or a related field (Master’s degree preferred). Certifications such as CISSP, CISM, CISA, CEH, or equivalent are highly desirable. **Please note that this position requires 5 days work from Office. Show more Show less

Dear Candidate, TCS has been a great pioneer in feeding the fire of Young Techies like you. We are a global leader in the technology arena and there's nothing that can stop us from growing together. Role**: Application Penetration Tester Experience Range: 4+ years Joining Location: Bangalore/ Bhubaneshwar Desired Skill Set Any: Application Penetration testing Knowledge OWASP Vulnerabilities Experience with Secure Source Code Review using tools like Snyk, Checkmarx Experience with DAST tools like BrightSec Preferably having Development background and understanding of Multiple Coding language for Vulns eg .Net , Java, Python etc Good communication skills We are seeking skilled penetration tester to assess our systems, application and network through structured and unstructured testing. The candidate should have strong experience using tools such as Burp Suite, kali Linux, Metasploit and other offensive security frameworks to identify vulnerabilities and propose actionable mitigations Key Responsibilities Conduct penetration test on web , applications, API , internal and external networks. Perform vulnerability assessments and exploit the weakness using manual techniques and automated tools (e.g. Burp Suite , Kali Linux etc) Create comprehensive reports outlining findings , potential impact and remediation guidance Collaborate with development and infrastructure to prepare the plan for conducting the test and also mitigate the finding identified during the exercise. Required skills & Experience Proven experience in penetration testing and ethical hacking (5+ experience preferred) Strong knowledge and hands-on experience with Burp Suite, Kali Linux, NMAP, Metasploit etc. Proficiency in scripting languages for automating tasks and exploits Deep understanding of OWASP top 10 , MITRE ATT&CK framework and CVSS scoring Familiarity with various operating systems Ability to document technical findings in a clear, concise manner Regards, Priscilla Nancy HR TAG - Cyber Security Tata Consultancy Services Show more Show less

Vulnerability Assessment, Vulnerability Mitigation, Manual Penetration Testing using OWASP checklists, Penetration Testing, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Cyber Security Perform comprehensive penetration testing and vulnerability assessments on enterprise networks, firewalls, routers, switches other infrastructure components Identify and exploit vulnerabilities to assess the security posture of network components Provide detailed reports with risk ratings, remediation steps, and security recommendations Work with IT DevOps teams to ensure timely resolution of vulnerabilities Utilize industry-standard tools such as Nessus, Nmap, Metasploit, Burp Suite, Wireshark, Open VAS Implement and manage vulnerability scanning solutions across the organization Collaborate with IT, DevOps security teams to ensure patches and mitigations are applied effectively Conduct security assessments for cloud environments (AWS, Azure, GCP) including configuration audits Identify misconfigurations, privilege escalations security risks in cloud infrastructure Implement continuous monitoring logging solutions for cloud security visibility

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Data Security Assessment Consulting Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies Prepare detailed reports on findings from simulations and suggest improvements Facilitate training sessions for internal teams on security awareness and breach response tactics

Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, Static/dynamic testing of mobile applications, Static Code analysis Artifacts/Grey box Infra Activity (VA/CA) Windows Server - Performing Scanning and preparing reports - application Security Testing/ Infra VACA

Static Code analysis Static/dynamic testing of mobile applications Vulnerability Assessment Penetration Testing. SAST Penetration testing Vulnerability Assessment

Role: Senior Security Specialist Location : Bangalore Working Model : Hybrid Final Round Interview : F2F Summary of essential job functions The overall responsibility of the team is to provide assurance to the management on the Information Security, Compliance and Risk Management of the organization globally. The candidate would be expected to lead security assessments of Products and Infrastructure globally. Education, Certification and Experience: Qualification Required: Bachelor/Master’s degree in Computer/ Information science, Software Engineering, Cybersecurity, or a related field Certification preferred: OSCP, OSWE, OSEP, ECSA|LPT, CPT, CEH Minimum experience: 08-10 years in Vulnerability Assessment and Penetration Testing- Thin & Thick Client, API , Infrastructure, Cloud, Mobile Competency Requirements: Performs a combination of duties in accordance with departmental guidelines: Hands-on experience in Vulnerability Assessment (VA) and Penetration Testing (PT) for Web, APIs, AI/ML models, Mobile , Network, and Infrastructure. Strong command of OWASP Top 10 with practical knowledge of attack vectors and mitigation strategies. Familiarity with industry standards and frameworks such as OSSTMM, OQASP, CESG, CREST, NIST, ISSAF, and PTES. Expertise in Secure Development Lifecycle (SDLC), including Threat Modeling, Secure Coding Practices, and Security Assessments. Proficient in both Static and Dynamic Application Security Testing (SAST, DAST, IAST), and Software Composition Analysis (SCA). Experience conducting secure code reviews and identifying logic flaws in code bases written in Java, .NET, C/C++, Python, etc. Knowledge of cryptographic protocols, secure communication, data security and key management. Hands-on with commercial and open-source tools: Burp Suite, OWASP ZAP, Acunetix, AppSpider,SQLMap, Nmap, Metasploit, Nessus, OpenVAS, Fortify, Checkmarx, Veracode, SonarQube, NexusIQ and Snyk. Proficient in assessing mobile applications (thick/hybrid clients) using tools like Dex2jar, ADB, Frida. Exposure to AuthN/AuthZ protocols such as OAuth, SAML, OIDC; ability to read, write, and interpret application logic. Familiarity with vulnerability standards: CVSS, CVE, CWE, CAPEC; and patch management lifecycle. Experience automating tasks via shell scripting and Python/Ruby/Php etc. Proficiency in secure code development and reviewing DAST/SAST reports across languages. Understanding security aspects in AWS, Azure, and GCP including IAM, VPC/VNet, S3/Blob storage, API gateway, Load Balancers, WAF, Containers (Docker), and Kubernetes. Experience in infrastructure/network penetration testing and exploitation techniques on Windows/Linux environments. Experience in mentoring, leading teams, and managing security assessments under tight deadlines. Manage third-party security assessments, including vendor risk evaluations, engagement oversight, and ensuring compliance with organizational security standards. Proven ability to provide technical oversight and drive engagement quality across security projects. Exposure to agile/scrum development methodologies and ability to work with cross-functional teams. Familiarity with security standards like PCI DSS, SOC, ISO 27001. Participation in bug bounty program and CTFs is a strong plus. Proactive learning approach, staying updated with evolving cybersecurity trends and technologies. Job Responsibilities: Plan, conduct, and close end-to-end Vulnerability Assessments and Penetration Tests for Web Applications, APIs, Mobile Apps, Thick Clients, Infrastructure, and Cloud environments. Perform both manual and automated security assessments to identify, validate, and prioritize vulnerabilities. Review application code in various programming languages and provide actionable remediation recommendations. Reproduce reported vulnerabilities with proof-of-concept (PoC) and assess associated risks. Evaluate new security tools and products for adoption and integration. Guide development teams on Secure Coding standards and OWASP-aligned practices. Lead and contribute to secure SDLC processes, threat modeling workshops, and risk reviews. Manage and triage security bugs from Bug Bounty programs, working closely with engineering teams to ensure timely resolution. Maintain and improve the security posture of applications across business units, aligning with best practices. Act as a security advisor on project teams, influencing architecture and design decisions. Drive security awareness initiatives and conduct training sessions for developers and QA teams. Update and maintain InfoSec policies and procedures in line with emerging threats, technologies, and compliance requirements; provide support to both internal and external auditors during security assessments and audits. Other Requirements: Strong ethics and understanding of ethics in business and information security. Proficiency in English (both written and oral communication skills). Ability to complete tasks and deliver professionally written reports for clients. Ability to present findings to technical staff and executives. Ability to interact with 247 internal stakeholders to review their requirements. Should be able to think “out of the box” and implement new attack vectors. Self-motivated, curious, knowledgeable pertaining to news and current events Show more Show less

Job Title: Penetration Tester Location: Remote Experience Required: 5 Years Employment Type: Full-Time Job Summary: We are seeking a highly skilled and experienced Senior Penetration Tester with 5 years of hands-on experience in offensive security. The ideal candidate will be responsible for conducting advanced security assessments, simulating real-world cyberattacks, and providing actionable recommendations to enhance the organization’s security posture. This role demands deep technical expertise, strong analytical skills, and the ability to communicate effectively with both technical and non-technical stakeholders. Key Responsibilities: Plan, execute, and document black-box, grey-box, and white-box penetration tests across various environments (web apps, networks, APIs, mobile, cloud, etc.) Conduct Red Team/Blue Team exercises and collaborate with threat hunters and SOC teams. Identify, exploit, and report vulnerabilities in systems, applications, and infrastructure. Develop and maintain custom exploitation tools, scripts, and payloads . Perform social engineering engagements , including phishing simulations and physical assessments (where applicable). Provide detailed, risk-based reporting , including technical findings, proof-of-concept exploits, and remediation guidance. Stay current with emerging threats, vulnerabilities, and tools in the cybersecurity domain. Mentor junior team members and contribute to the development of internal testing methodologies and frameworks. Participate in threat modeling, architecture reviews, and security design discussions . Required Skills and Qualifications: 5 years of professional experience in penetration testing, red teaming, or offensive security . Proficiency in tools such as Burp Suite, Metasploit, Nmap, Wireshark, Cobalt Strike, Nessus, etc. Deep understanding of OWASP Top 10 , MITRE ATT&CK , and NIST security frameworks . Strong knowledge of network protocols, web application architectures, cloud environments (AWS/Azure/GCP), and secure coding practices. Experience with manual testing techniques and not just automated scanners. Strong scripting and automation skills in Python, PowerShell, Bash, or Go . Experience with Active Directory exploitation , privilege escalation, and lateral movement techniques. Demonstrated ability to write clear, concise, and detailed technical reports. Strong verbal and written communication skills. Preferred Certifications (any of the following): Offensive Security Certified Professional (OSCP) Offensive Security Certified Expert (OSCE) Certified Red Team Professional (CRTP) GIAC Penetration Tester (GPEN) Certified Ethical Hacker (CEH) CREST Registered Tester or equivalent Show more Show less

Hiring Manager: Abhishar Balodhi Recruiter: Archana SM Location: Gurugram Carrer Level: E Why BT We’ve always been an organisation with a purpose; to use the power of communication to make a better world. You can trace this back to our beginning as pioneers of the world’s firs telecommunications company. At our heart we’re a technology company with research and innovation in our bones and a desire to be personal, simple, and brilliant for our customers - those are the values we live by whilst also creating an inclusive working environment where people from all backgrounds can succeed.Our pursuit of progress over the past 180 years has established BT as a strong, successful brand, with huge scale capable of achieving great things. From supporting emergency services, hospitals, banks and keeping economies around the world online, safe and secure, to delivering large scale technology infrastructure like the creation of BT Sport. Today in this fast-changing, always on, digital world our purpose remains true. Yet the market conditions, regulations and competition we face are tougher than ever before. So, if you have the drive, optimism and resilience to help propel us forward we’ll offer unrivalled personal development, a wealth of opportunities to learn, experience new things and pursue new careers. If that’s you and what you’re looking for, we’d love you to be part of our future. Why this job matters As an experienced Information Security Services provider, we will help lead a highly motivated team laser-focused on analysing, designing, developing and delivering solutions built to stop adversaries and strengthen your operations Our Competent individuals and Skilled leadership will provide you incident response, risk reviews and vulnerability assessments, identifying threats, all of which ladder up to driving secure solutions. What I’ll Be Doing – Your Accountabilities Accountable for delivering vulnerability assessments and penetration tests. Responsible for increasing individual technical skill whilst also delivering BAU. Accountable for increasing capability of the penetration testing team through web application, network & mobile skill acquisition. Accountable for support leadership in setting strategy for the team moving forward. Responsible for contributing to the positive research and technical capability of BT security. To support and maintain the BT Business Support – Protect BT ISO27001 certificate for Offensive Security team The Skills You Need Pentest Skills – Web application pen test (OWASP, NIST framework), Network pen test (Linux, windows), API & Mobile pen test. Networking Skills – TCP/IP packet level understanding, Routing, Switching, firewall understanding. Linux Skills – Linux directory structure & basic command line knowledge from pentest/vulnerability assessment standpoint. Vulnerability management- This requires understanding of vulnerability assessment framework (CVE/CVSS) and Security assessment tools (such as Nmap, Metasploit, Burp Suite, SQL map, Nessus) Regulatory Understanding- PCI DSS guidelines, GDPR. Leadership Accountabilities Accountabilities of the job: Solution focused achiever: We need this person to focus on delivering exceptional penetration testing services Customer champion: we are transforming how we communicate with our customers and need responsible person with a customer-focused attitude. Change agent: We need a tester who sees our processes and immediately thinks of better ways to do what we are doing and then leads that change. Experience You Would Be Expected To Have Mandatory 2-4 Years experience in the field on pen testing. Mandatory Bachelor’s degree or higher preferred. CEH, OSCP, CREST, LPT certifications are highly preferred. Ability to understand packet level TCP/IP knowledge. Good scripting knowledge (e.g. Python) will be highly preferred. Capable of working successfully with end customers PREFERRED. BT is part of BT Group, along with EE, Openreach, and Plusnet. Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding. We value diversity and celebrate difference. ‘We embed diversity and inclusion into everything that we do. It’s fundamental to our purpose: we connect for good.’ We all stick to the same values: Personal, Simple, and Brilliant. From day one, you’ll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won’t be alone: we’ll be there with help and support, learning and development. This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it. Show more Show less

We are seeking an OT Network Engineer to contribute to the development of an industrial automation and security platform with advanced OT network discovery, device fingerprinting, real-time tracking, and security compliance features . The ideal candidate will have expertise in network scanning, industrial protocols (SNMP, LLDP, ARP), Zero Trust security, IEC 62443 compliance, and PLC inventory management . This role requires hands-on experience in building scalable, secure, and AI-driven OT networking solutions integrated into the platform. Key Responsibilities: OT Network Discovery & Device Fingerprinting Develop and integrate automated network scanning for industrial assets into the platform. Implement passive & active network scanning using SNMP, LLDP, ARP, and industrial protocols. Design and optimize device fingerprinting to classify OT devices (PLCs, SCADA nodes, IIoT gateways, sensors) based on manufacturer, model, firmware, and protocol stack. Enable real-time endpoint tracking and automated asset registration within the platform. 2. Industrial Network Security & Compliance (IEC 62443, Zero Trust) Implement IEC 62443-based security frameworks within the platform to ensure OT network compliance. Integrate Zero Trust security models for industrial endpoints and control networks. Work on network segmentation strategies for isolating critical industrial systems within the platform. Design and develop anomaly detection features for unauthorized device behaviors using AI-based security analytics. 3. SCADA-Integrated Asset Management & Monitoring Contribute to the development of a SCADA-integrated asset inventory system for industrial environments. Develop a real-time monitoring engine for tracking PLC instances, network ports, and communication health. Optimize SCADA-to-OT data flows for improved visibility and control. Design SCADA security monitoring dashboards for operational visibility and threat detection. 4. OT Network Simulation & Testing Framework Develop a virtualized OT network environment for testing protocol translations and device communications. Simulate SCADA-to-PLC interactions within a cloud-based or hybrid testing framework. Create automated test cases for evaluating platform performance in large-scale OT environments. 5. AI-Driven Security & Network Optimization Contribute to AI-powered security heuristics for intrusion detection, anomaly recognition, and behavioral analysis. – Strongly Preferred Design real-time correlation engines to map network security events to operational risk indicators. Work with data scientists to integrate machine learning models for predictive network failure analysis. Required Skills & Qualifications: Networking & Industrial Protocols: Expertise in SNMP, LLDP, ARP-based discovery and industrial networking standards. Deep understanding of SCADA, PLC, DCS, and IIoT network architectures. Strong knowledge of Modbus TCP/IP, OPC-UA, EtherNet/IP, PROFINET. Security & Compliance: In-depth knowledge of IEC 62443, Zero Trust Architecture (ZTA), and industrial cybersecurity. Experience in firewall configurations, network segmentation, and encrypted communications (TLS 1.3, AES-256). Understanding of SIEM integration and OT security monitoring tools (Claroty, Nozomi, Dragos, CyberX). Platform Development & Integration: Experience in building scalable network discovery and security platforms for industrial automation. Familiarity with cloud-based OT security solutions (Azure Defender for IoT, AWS IoT Device Defender). Ability to work with RESTful APIs, MQTT, Kafka, and real-time event processing frameworks. Tools & Technologies: Network Security & Monitoring: Wireshark, Nmap, Zeek, Snort, Suricata. OT Security Platforms: Claroty, Nozomi Networks, Dragos, CyberX. Cloud & Edge Security: Azure IoT Hub, AWS IoT Core, Google Cloud IoT. PLC & SCADA Systems: Siemens, Rockwell, ABB, Schneider Electric, GE. Cloud & Edge Security: Azure Defender for IoT, AWS IoT Device Defender. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. EY- Cyber Security (OT Security) – Technology Consulting – Senior GDS Advisory's Risk group is a unique, industry-focused business unit that provides a broad range of integrated services that leverage deep industry experience with strong functional capability and product knowledge. Risk practice team provides integrated advisory services to leading Fortune 500 Companies. The team provides Risk Assurance, Risk Transformation, Internal Audit, Cybersecurity, Financial Services Risk Management and Actuarial services that take an enterprise-wide view, so that risk mitigation and risk management strategies and processes are embedded in every part of the organization. Our services mitigate risk, reduce the cost of control and help create value. The opportunity The GDS Architecture Engineering and Emerging Technology (AEET) services help our clients tackle the many security challenges they face on a daily basis and develop effective solutions using people, processes and technology, while enabling better security and risk decisions, and reducing costs related to manging security risks. The AEET team is looking for individuals who will play a direct role in delivery of Operational Technology (OT) security engagements, development of proposals in this area, and develop OT security solutions. You will play a key role in supporting our clients to secure their IT/OT environments, either through advisory and/or implementation support. Your key responsibilities To qualify, candidates must have: Understanding of security-related operational processes in the OT-ICS environments Understanding of OT SOC/ OT Identity Access Management/ OT Pen testing/ Zero Trust on OT Understanding of technologies (typical assets, communication protocols, technical architectures) utilized by OT-ICS systems and networks Knowledge of cyber / information security concepts, risk and controls concepts Understanding of aspects of functional safety (SIS) Knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts Knowledge of the technical security solutions utilized within OT-ICS systems and networks Knowledge of OS (Windows / Linux) security, Database security Knowledge of IT infrastructure Knowledge of cyber threats and vulnerabilities related to platform and infrastructure is a plus Prior experience working alongside delivery leads and architects to Identify and manage risks is a plus Skills And Attributes For Success Completed technical higher education in the field of industrial automation, computer science, electronics or other relevant fields Certificates or education related to industrial automation / engineering etc. Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP Knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, NIST standards on Cyber Security, HITRUST, etc. is a plus Knowledge on tools like Nessus, BackTrack, NMAP, BurpSuite, etc. is a definite plus Knowledge on OT network monitoring solution such as Nozomi, Claroty, Armis, DarkTrace, Azure Defender. To qualify for the role, you must have 5+ years of experience in the Cyber Security and OT Security Domain Minimum B. Tech. or equivalent educational qualification ISA/IEC 62443 Fundamental* SCADA Fundamentals CompTIA Network+ CompTIA Security+ What We Look For A Team of people with commercial acumen, technical experience and enthusiasm to learn new things in this fast-moving environment with consulting skills. An opportunity to be a part of market-leading, multi-disciplinary team of 1400 + professionals, in the only integrated global transaction business worldwide. Opportunities to work with EY Consulting practices globally with leading businesses across a range of industries What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills And Attributes For Success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

You Lead the Way. We’ve Got Your Back. With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally. At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong. Join Team Amex and let's lead the way together. How will you make an impact in this role? Responsible for contacting clients with overdue accounts to secure the settlement of the account. Also they do preventive work to avoid future overdues with accounts that have a high exposure. A PCI Penetration Tester, often referred to as a security expert or ethical hacker, is responsible for simulating real-world cyberattacks on systems and networks to identify vulnerabilities related to the Payment Card Industry Data Security Standard (PCI DSS). Their role involves performing vulnerability assessments, exploiting weaknesses, and providing actionable recommendations for remediation to ensure compliance with PCI DSS requirements. Key Responsibilities: PCI DSS Compliance: Ensuring that systems and networks meet the security requirements outlined in PCI DSS standards. Vulnerability Assessment: Identifying and classifying security flaws in systems, networks, and applications within the Payment Card Industry (PCI) environment. Penetration Testing: Simulating attacks on systems and networks to exploit identified vulnerabilities and assess their impact. Reporting and Recommendations: Documenting findings, including risk assessments, and providing detailed recommendations for improving security posture and addressing identified weaknesses. Compliance and Security: Collaborating with IT and development teams to implement security measures and ensure compliance with PCI DSS and other relevant standards. Staying Updated: Keeping abreast of the latest security threats, vulnerabilities, and testing methodologies to enhance their expertise. Specific Tasks: Network Scanning: Using tools like Nmap to identify open ports, services, and potential vulnerabilities within the network. Application Testing: Evaluating web applications, mobile apps, and APIs for security weaknesses and potential exploitation points. Reporting: Creating detailed reports, including risk assessments, technical findings, and remediation recommendations, for stakeholders. Skills and Qualifications: Bachelor’s Degree in Computer Science, Information Systems, Business 10+ years of experience in cyber security Penetration testing Strong understanding of PCI DSS requirements and compliance. Experience in penetration testing methodologies and tools. Proficiency in network protocols, operating systems, and web application technologies. Knowledge of common security vulnerabilities and exploitation techniques. Ability to communicate technical findings clearly and concisely. Certifications: Industry certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or similar can be beneficial. We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

Job Description Summary We are looking for a smart, security-minded, enthusiastic and friendly cyber security advisor who can work collaboratively with development teams to complete design and SDLC work for Products and Systems. Product Cyber-security Specialist is responsible for the analysis of controllers, systems for cyber security requirements. Conduct tests to verify Cyber security levels and recommend mitigation plans for products, systems during product development stages. As a member of a global and matrixed team, she/he will also be responsible for guiding secure design, testing of different products, control systems. Job Description Essential Responsibilities Involve in reviews, suggest changes, conduct tests to ensure systems, controllers to meet Cyber security requirements. Facilitate decisions and bring teams together to design and document software architecture, modularity, and future- proofing. Support/Involve development of proofs-of-concept to prove out strategy and manage development and product risks. Support production of technical documentation for software architecture, design, verification plans. Engage with development teams and ensure all software developed is compliant to Cyber-security requirements. Collaborate with a team of controls and system engineers developing operational technology software for various subsystems. The position requires an understanding of OT System, cloud application architecture and conversant with all Cyber security requirements. This role requires strong cooperation with system and subsystem teams necessary for command and control of the systems involved. Work with multiple teams in different location to identify vulnerability, suggest remediation to the software to meet customer requirements. Contribute to multi-generation product and tool planning. Qualifications/Requirements Bachelor in computer science/Cyber Security or relevant engineering or equivalent knowledge / experience with 0-1 Years of Experience. Good understanding in Cyber security for Controller, Systems in OT Space. Familiar with penetration testing for Controllers, Systems, Web software’s, CAPEC, Ethical hacking. Good Knowledge/worked on Cyber security tools and solutions like Wireshark, NESSUS, Burp Suite, Nmap, Nozomi, Claroty, Splunk, Acronis, Ivanti, etc. Knowledge in different phases of Software Development Life cycle (SDLC) including Design, Implementation and Testing. Knowledge on web technologies like JavaScript, jQuery, AJAX, JSON, AngularJS, Angular 6, NodeJs, Spring, Hibernate, Spring boot, MVC, RESTful Web Services, Flux, SOAP will be an added advantage. Knowledge on database RDBMS, MySQL NoSQL databases will be an added advantage. Software component: MS Visual Studio, MS Office, MS Visio, SVN, GitHub Linux and Windows OS Familiar with ISA 624443, NIST 800 standards will be an added advantage. Familiar on active directory, certificate management and hardening w.r.t CIS benchmarks for critical assets like switches, windows-based workstation and controllers. Familiar with threat modelling and risk assessment for OT products Additional Information Relocation Assistance Provided: Yes

Job Summary: We are seeking a highly experienced “Senior VAPT & Penetration Testing Specialist” to lead and ensure the quality and effectiveness of our vulnerability assessment and penetration testing operations. This role involves findings, validating findings, reviewing technical reports, ensuring compliance with standards (OWASP, PTES, NIST, etc.), and improving methodologies and tools. Key Responsibilities: Conduct in-depth vulnerability assessments and penetration tests on web, mobile, network, API, and cloud infrastructure using manual and automation. Utilize industry-standard tools like SQLMap, Burp Suite, Nessus, Nmap, and custom scripts for advanced exploitation techniques. Simulate various cyber-attacks including DDoS, Brute Force, XSS, SQL Injection, DNS attacks, and Social Engineering to identify system vulnerabilities. Perform peer reviews of technical deliverables and verify accuracy of findings and recommendations. Ensure that all assessments are aligned with industry standards such as OWASP, PTES, MITRE ATT&CK, and NIST. Act as a technical lead and mentor for junior VAPT team and QA team members. Identify gaps in the current testing methodologies and implement process improvements. Prepare detailed documentation and the VA report and ensure clear, actionable, and risk-rated reporting. Collaborate with clients and internal teams to understand scope and provide post-assessment clarifications. Present the client meeting for the future VAPT assignments. Stay updated with emerging threats, tools, techniques, and frameworks. Required Skills & Qualifications: Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field. 3 to 5 years of hands-on experience in VAPT and penetration testing. In-depth knowledge of web, network, mobile, cloud, and API security. Strong understanding of secure coding practices and vulnerability management. Expertise in tools like Burp Suite, Nmap, Nessus, Metasploit, Qualys, Kali Linux, Wireshark, etc. Familiarity with SIEM, IDS/IPS, EDR tools is a plus. Excellent report writing and documentation skills. Strong communication and overseas client-interaction skills. Preferred Certifications: OSCP (Offensive Security Certified Professional) – Highly preferred CEH (Certified Ethical Hacker) CREST / GPEN / GWAPT / CISSP – Optional but desirable ISO 27001 Lead Auditor or Lead Implementer – Added advantage Job Type: Full-time Pay: Up to ₹1,800,000.00 per year Schedule: Monday to Friday UK shift Work Location: In person Speak with the employer +91 9429521724

Job Description We are seeking an experienced and highly skilled Network Administrator with 6-10 years of experience to join our IT team. The ideal candidate will be responsible for designing, implementing, managing, and optimizing our network infrastructure to ensure high availability, performance, and security. This role involves strategic planning, technical execution, and collaboration with other IT professionals to support the organization's networking needs. Key Responsibilities Design, configure, and deploy reliable and scalable network solutions. Implement and maintain network infrastructure including LAN, WAN, VPN, and wireless networks. Monitor network performance and troubleshoot issues to ensure optimal performance. Perform regular network maintenance tasks, including updates and patches. Implement and maintain robust network security measures to protect against threats. Ensure compliance with industry standards, legal regulations, and companypolicies. Optimize network configurations and performance to support business operations. Ensure network resilience and availability through redundancy and failover strategies. Develop and implement proactive measures to prevent recurring problems. Skills Set As a network administrator, we are expecting you to be proficient in one or more tools/technologies and be open to learning and adapting to other tools/technologies. We value adaptability and a proactive approach to embracing new technologies and industry best practices. Technical Skills: Relevant certifications (e.g., Cisco CCNA/CCNP, CompTIA Network+, Juniper JNCIA/JNCIP) preferred. Strong understanding of networking protocols and technologies (e.g., TCP/IP, DNS, DHCP, BGP, OSPF). Experience with Cisco, Fortinet or Palo Alto firewall management, VPN configuration, and network security best practices. Knowledge of wireless networking and VoIP solutions. Familiarity with cloud networking solutions (e.g., AWS, Azure). Must have - Network vulnerability assessment tools like Qualys, Nmap etc. Experience in Network security at all layers like IPsec, spoofing at Data link layer, Man-in-the-middle attack prevention, Dos, DDos attacks etc. Soft Skills: Strong communication and interpersonal skills. Excellent problem-solving and analytical skills. Attention to detail and a proactive approach to tasks. Strong organisational and time management skills. Ability to work independently and as part of a team. Education: Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent experience). 6-10 years of experience in network administration or a similar role, with demonstrated expertise in managing large-scale network environments. Relevant certifications (e.g., Cisco CCNA/CCNP, CompTIA Network+, Juniper JNCIA/JNCIP) preferred. Show more Show less

Job Description Role Profile: The Cyber and IT Audit Manager will oversee IT and cybersecurity audits, managing a team of auditors to assess IT processes and Operational Technology (OT) environments. The manager will ensure audits are aligned with the company’s strategic objectives and regulatory requirements, with a focus on delivering value and identifying critical risks in IT and cybersecurity. This role includes responsibility for overseeing security assessments and implementing audit methodologies that support continuous improvement. Responsibilities ' Manage and execute a portfolio of IT and cybersecurity audits, focusing on complex audits related to IT general controls, cybersecurity frameworks, and OT environments. Oversee medium complexity security assessments for IT and OT systems, ensuring comprehensive audit coverage. Collaborate with the CAE, IT audit Director and IT stakeholders to build an audit pipeline, addressing emerging risks and identifying areas for process improvement. Lead the development of audit programs and methodologies, ensuring alignment with industry best practices and regulatory frameworks (e.g., NIST, COBIT, IEC 62443). Manage audit staff, providing guidance and ensuring adherence to professional standards (IIA, ITGC). Present audit findings to senior management, communicating risks, recommendations, and opportunities for improvement. Qualifications ' 7+ years of experience in IT auditing, cybersecurity, and OT systems. Proven experience managing audits and teams, with a focus on IT governance, cybersecurity, and risk management. Expertise with security assessment tools (e.g., Nmap, Nessus, Kali Linux, Metasploit, Burp Suite) and audit methodologies for IT and OT systems. Strong understanding of industry frameworks (NIST, COBIT, ISO 27001, MITRE ATT&CK) and IEC 62443 for OT environments. OT knowledge and experience is highly desirable. Certifications such as CISSP, CISA, CISM, OSCP, OSWP, CRTP, CEH, HTB CPTS, HTB CBBH, HTB CWEE are preferred. Bachelor’s or Master’s degree in Information Technology, Cybersecurity, or related disciplines. Strong leadership, project management, and communication skills, with the ability to influence stakeholders at all levels. At Nextracker, we are leading in the energy transition, providing the most comprehensive portfolio of intelligent solar tracker and software solutions for solar power plants, as well as strategic services to capture the full value of solar power plants for our customers. Our talented worldwide teams are transforming PV plant performance every day with smart technology, data monitoring and analysis services. For us at Nextracker, sustainability is not just a word. It's a core part of our business, values and our operations. Our sustainability efforts are based on five cornerstones: People, Community, Environment, Innovation, and Integrity. We are creative, collaborative and passionate problem-solvers from diverse backgrounds, driven by our shared mission to provide smart solar and software solutions for our customers and to mitigate climate change for future generations. Culture is our Passion Show more Show less

Job Description Summary We are looking for a smart, security-minded, enthusiastic and friendly cyber security advisor who can work collaboratively with development teams to complete design and SDLC work for Products and Systems. Product Cyber-security Specialist is responsible for the analysis of controllers, systems for cyber security requirements. Conduct tests to verify Cyber security levels and recommend mitigation plans for products, systems during product development stages. As a member of a global and matrixed team, she/he will also be responsible for guiding secure design, testing of different products, control systems. Job Description Essential Responsibilities Involve in reviews, suggest changes, conduct tests to ensure systems, controllers to meet Cyber security requirements. Facilitate decisions and bring teams together to design and document software architecture, modularity, and future- proofing. Support/Involve development of proofs-of-concept to prove out strategy and manage development and product risks. Support production of technical documentation for software architecture, design, verification plans. Engage with development teams and ensure all software developed is compliant to Cyber-security requirements. Collaborate with a team of controls and system engineers developing operational technology software for various subsystems. The position requires an understanding of OT System, cloud application architecture and conversant with all Cyber security requirements. This role requires strong cooperation with system and subsystem teams necessary for command and control of the systems involved. Work with multiple teams in different location to identify vulnerability, suggest remediation to the software to meet customer requirements. Contribute to multi-generation product and tool planning. Qualifications/Requirements Bachelor in computer science/Cyber Security or relevant engineering or equivalent knowledge / experience with 0-1 Years of Experience. Good understanding in Cyber security for Controller, Systems in OT Space. Familiar with penetration testing for Controllers, Systems, Web software’s, CAPEC, Ethical hacking. Good Knowledge/worked on Cyber security tools and solutions like Wireshark, NESSUS, Burp Suite, Nmap, Nozomi, Claroty, Splunk, Acronis, Ivanti, etc. Knowledge in different phases of Software Development Life cycle (SDLC) including Design, Implementation and Testing. Knowledge on web technologies like JavaScript, jQuery, AJAX, JSON, AngularJS, Angular 6, NodeJs, Spring, Hibernate, Spring boot, MVC, RESTful Web Services, Flux, SOAP will be an added advantage. Knowledge on database RDBMS, MySQL NoSQL databases will be an added advantage. Software component: MS Visual Studio, MS Office, MS Visio, SVN, GitHub Linux and Windows OS Familiar with ISA 624443, NIST 800 standards will be an added advantage. Familiar on active directory, certificate management and hardening w.r.t CIS benchmarks for critical assets like switches, windows-based workstation and controllers. Familiar with threat modelling and risk assessment for OT products Additional Information Relocation Assistance Provided: Yes Show more Show less

Description Design, implement, and manage deception strategies and technologies within the organisation's cybersecurity infrastructure. Responsibilities Hands-on experience in working with Deception Technology and SIEM Tool. Design and development of scalable, reliable, and fault-tolerant systems. Integrate/Modify existing open-source software according to the requirements. Prepare presentations and reports. Authoring research papers. Hands-on experience in virtualisation, cloud deployments, and networking. Ability to debug code and overcome fundamental challenges while coding. Hands-on experience in Python. Knowledge of tools like -- nmap, Metasploit, Wireshark, Burp suite, etc. Comfortable in using Linux OS. Good writing and communication skills to assist the group in technical writing. Eligibility A Bachelor's degree in computer science or a similar subject is required 2 years of experience in the same domain as mentioned under the category of responsibilities Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph. Show more Show less

You Lead the Way. We’ve Got Your Back. With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally. At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong. Join Team Amex and let's lead the way together. How will you make an impact in this role? Responsible for contacting clients with overdue accounts to secure the settlement of the account. Also they do preventive work to avoid future overdues with accounts that have a high exposure. A PCI Penetration Tester, often referred to as a security expert or ethical hacker, is responsible for simulating real-world cyberattacks on systems and networks to identify vulnerabilities related to the Payment Card Industry Data Security Standard (PCI DSS). Their role involves performing vulnerability assessments, exploiting weaknesses, and providing actionable recommendations for remediation to ensure compliance with PCI DSS requirements. Key Responsibilities: PCI DSS Compliance: Ensuring that systems and networks meet the security requirements outlined in PCI DSS standards. Vulnerability Assessment: Identifying and classifying security flaws in systems, networks, and applications within the Payment Card Industry (PCI) environment. Penetration Testing: Simulating attacks on systems and networks to exploit identified vulnerabilities and assess their impact. Reporting and Recommendations: Documenting findings, including risk assessments, and providing detailed recommendations for improving security posture and addressing identified weaknesses. Compliance and Security: Collaborating with IT and development teams to implement security measures and ensure compliance with PCI DSS and other relevant standards. Staying Updated: Keeping abreast of the latest security threats, vulnerabilities, and testing methodologies to enhance their expertise. Specific Tasks: Network Scanning: Using tools like Nmap to identify open ports, services, and potential vulnerabilities within the network. Application Testing: Evaluating web applications, mobile apps, and APIs for security weaknesses and potential exploitation points. Reporting: Creating detailed reports, including risk assessments, technical findings, and remediation recommendations, for stakeholders. Skills and Qualifications: Bachelor’s Degree in Computer Science, Information Systems, Business 10+ years of experience in cyber security Penetration testing Strong understanding of PCI DSS requirements and compliance. Experience in penetration testing methodologies and tools. Proficiency in network protocols, operating systems, and web application technologies. Knowledge of common security vulnerabilities and exploitation techniques. Ability to communicate technical findings clearly and concisely. Certifications: Industry certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or similar can be beneficial. We back you with benefits that support your holistic well-being so you can be and deliver your best. This means caring for you and your loved ones' physical, financial, and mental health, as well as providing the flexibility you need to thrive personally and professionally: Competitive base salaries Bonus incentives Support for financial-well-being and retirement Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need Generous paid parental leave policies (depending on your location) Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) Free and confidential counseling support through our Healthy Minds program Career development and training opportunities American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations. Show more Show less

🔐 Cyber Security Intern 📍 Location: Remote (100% Virtual) 📅 Duration: 3 Months 💸 Stipend for Top Interns: ₹15,000 🎁 Perks: Certificate | Letter of Recommendation | Full-Time Offer (Based on Performance) About INLIGHN TECH INLIGHN TECH is focused on equipping students and graduates with practical, hands-on experience in emerging tech fields through structured virtual internships. Our Cyber Security Internship is designed to build a strong foundation in ethical hacking, threat detection, and system defense , making you industry-ready for a high-demand domain. 🚀 Internship Overview As a Cyber Security Intern , you will work on projects that simulate real-world cyber threats, learn to identify and mitigate vulnerabilities, and explore techniques used by security professionals to protect systems and data. 🔧 Key Responsibilities Conduct vulnerability assessments and basic penetration testing Analyze logs and traffic to identify potential threats or breaches Assist in incident response and threat mitigation activities Learn and work with tools such as Kali Linux, Burp Suite, Nmap, Metasploit, and Wireshark Study and apply the OWASP Top 10 and other security standards Support the development of security protocols and documentation Stay updated on emerging cyber threats and protection mechanisms ✅ Qualifications Currently pursuing or recently completed a degree in Cybersecurity, IT, Computer Science , or a related field Basic knowledge of networking concepts, operating systems, and system vulnerabilities Familiarity with ethical hacking techniques and cybersecurity tools Understanding of firewalls, encryption, and authentication methods Strong problem-solving skills and a desire to learn more about cyber defense Passion for cybersecurity and protecting digital environments 🎓 What You’ll Gain Hands-on experience with real-world cybersecurity tools and challenges Insight into threat analysis, penetration testing, and security compliance Internship Certificate upon successful completion Letter of Recommendation for high performers Opportunity for a Full-Time Offer based on performance A strong foundation for pursuing careers like Ethical Hacker, SOC Analyst, or Penetration Tester Show more Show less

Join our Team About this opportunity: Join Ericsson as an Oracle Database Administrator and play a key role in managing and optimizing our critical database infrastructure. As an Oracle DBA, you will be responsible for installing, configuring, Upgrading and maintaining Oracle databases, ensuring high availability, performance, and security. You’ll work closely with cross-functional teams to support business-critical applications, troubleshoot issues, and implement database upgrades and patches. This role offers a dynamic and collaborative environment where you can leverage your expertise to drive automation, improve efficiency, and contribute to innovative database solutions. What you will do: Oracle, PostgreSQL, MySQL, and/or MariaDB database administration in production environments. Experience with Container Databases (CDBs) and Pluggable Databases (PDBs) for better resource utilization and simplified management. High availability configuration using Oracle Dataguard, PostgreSQL, MySQL replication, and/or MariaDB Galera clusters. Oracle Enterprise Manager administration which includes alarm integration. Familiarity with Linux tooling such as iotop, vmstat, nmap, OpenSSL, grep, ping, find, df, ssh, and dnf. Familiarity with Oracle SQL Developer, Oracle Data Modeler, pgadmin, toad, PHP, MyAdmin, and MySQL Workbench is a plus. Familiarity with NoSQL, such as MongoDB is a plus. Knowledge of Middle ware like Golden-gate both oracle to oracle and oracle to BigData. Oracle, PostgreSQL, MySQL, and/or MariaDB database administration in production environments. Conduct detailed performance analysis and fine-tuning of SQL queries and stored procedures. Analyze AWR, ADDMreports to identify and resolve performance bottlenecks. Implement and manage backup strategies using RMAN and other industry-standard tools. Performing pre-patch validation using opatch and datapatch. Testing patches in a non-production environment to identify potential issues before applying to production. Apply Oracle quarterly patches and security updates. Implement and manage backup strategies using RMAN and other industry-standard tools. The skills you bring: Bachelor of Engineering or equivalent experience with at least 2 to 3 years in the field of IT. Must have experience in handling operations in any customer service delivery organization. Thorough understanding of basic framework of Telecom / IT processes. Willingness to work in a 24x7 operational environment with rotating shifts, including weekends and holidays, to support critical infra and ensure minimal downtime. Strong understanding of Linux systems and networking fundamentals. Knowledge of cloud platforms (AWS, Azure, GCP) and containerization (Docker, Kubernetes) is a plus. Oracle Certified Professional (OCP) is preferred Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply? Click Here to find all you need to know about what our typical hiring process looks like. Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more. Primary country and city: India (IN) || Noida Req ID: 764288 Show more Show less