15 Ollydbg Jobs

YOUR IMPACT: OpenText enables the digital world as the global leader in Enterprise Information Management, both on premises or in the cloud. We embrace all things digital and are committed to being the Best Place to Work for our Employees in over 140 locations around the world. We obsess over our customers to ensure they are wildly successful in embracing the Digital World. Our customers entrust us with their most important information, we need to be their most trusted partner. What we do, we do well. What we create, we do purposefully to impact the world. If you believe in this and are passionate about enabling the Digital World then let OpenText turn your career vision into reality. Webroot is looking for an experienced Windows development engineer with strong expertise in Windows programming. We are seeking to empower a Windows development engineer with ability to influence the technical direction of our products, building cutting-edge internet security applications used by millions of consumers and businesses around the world. You will use your experience with Windows OS level interfaces, your programming skills in C and C++, and your experience at Windows development to build the future of Webroot’s technology stacks. If you are knowledgeable on the Windows API and you seek an opportunity with a company that is willing to help you add malware/security and machine learning to your repertoire, apply today. WHAT THE ROLE OFFERS: Design and develop in C and C++, the technologies behind our next-generation endpoint client. The scope of your work will be broad and will include development on various layers of the Windows OS ranging from kernel to user-mode. Produce high quality, well-documented code promoting modularity, extensibility and performance Perform code reviews and coaching for peers WHAT YOU NEED TO SUCCEED: Expert knowledge in C and C++ on Windows; Minimum of 8 years in software development on Windows operating system Experience in performant application development Experience in driver development within the Windows operating system Deep experience with Windows development at kernel and user-mode is required Familiarity with Assembly language within the Windows operating system Deep understanding of Windows operating system internals and Windows API is a must Ability to collect and analyze crash dumps Experience with Minifilter driver development Familiarity with the underlying structures of the registry and NTFS/FAT file systems Experience in debugging techniques with any of the WinDbg, OllyDbg, IDA Pro, or Ghidra tools. Familiarity with Wireshark, Fiddler, or other Network Sniffing tools is a plus but not required OpenText's efforts to build an inclusive work environment go beyond simply complying with applicable laws. Our Employment Equity and Diversity Policy provides direction on maintaining a working environment that is inclusive of everyone, regardless of culture, national origin, race, color, gender, gender identification, sexual orientation, family status, age, veteran status, disability, religion, or other basis protected by applicable laws. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please submit a ticket atAsk HR. Our proactive approach fosters collaboration, innovation, and personal growth, enriching OpenText's vibrant workplace.

About Us Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com. Role Summary Teams mandate is to find new and notable threats, assess their risk and produce protection where necessary. This include advanced targeted attacks, "attack tool" research, handling of vulnerability advisories and publishing blogs and whitepapers. The successful candidate will provide analysis of the evolving cyber threat landscape and contribute to create the next generation of SophosLabs research tools. The ideal candidate is passionate about computer security and has high aptitude for solving challenging puzzles with an attention to detail. What you will do Perform cyber threat analysis utilizing multiple information sources Engage research based on cyber threat intelligence Investigate APT campaigns and understand cyber threat actors, their motivations and technical capabilities Identify steps to be taken to respond and minimize the impact of emerging threats Reverse engineer files to discover their intended functionality and risks to customers Write threat descriptions for publication on the Sophos website and threat research whitepapers in a timely fashion Triage requests submitted by other departments, respond to tasks or escalate complex issues to senior team members Generating intelligence on new trends in the Threat Landscape and distributing between departments outside of the Lab Identify opportunities to write blogs for the Sophos website to raise customer awareness What you will bring 5+ yrs in Threat Researcher role Experience with x86 assembly Windows Internals Computer and Web Security experience Programming skills and experience (C/C++/Python/Perl) Reverse Engineering experience using IDA Pro, WinDbg, OllyDbg and Hex editors Good written and verbal communication skills Understanding of scripting basics (Perl/Python/Regexp) Experience with a wide array of Internet technologies and protocols (HTML, JavaScript, SMTP, DNS) Experience with a broad range of operating systems Bachelor’s degree in computer software (or equivalent) #B2 Ready to Join Us? At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply. What's Great About Sophos? · Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. Please refer to the location details in our job postings for further information. · Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit · Employee-led diversity and inclusion networks that build community and provide education and advocacy · Annual charity and fundraising initiatives and volunteer days for employees to support local communities · Global employee sustainability initiatives to reduce our environmental footprint · Global fitness and trivia competitions to keep our bodies and minds sharp · Global wellbeing days for employees to relax and recharge · Monthly wellbeing webinars and training to support employee health and wellbeing Our Commitment To You We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know. Data Protection If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

About Us Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com. Role Summary Teams mandate is to find new and notable threats, assess their risk and produce protection where necessary. This include advanced targeted attacks, "attack tool" research, handling of vulnerability advisories and publishing blogs and whitepapers. The successful candidate will provide analysis of the evolving cyber threat landscape and contribute to create the next generation of SophosLabs research tools. The ideal candidate is passionate about computer security and has high aptitude for solving challenging puzzles with an attention to detail. What you will do Perform cyber threat analysis utilizing multiple information sources Engage research based on cyber threat intelligence Investigate APT campaigns and understand cyber threat actors, their motivations and technical capabilities Identify steps to be taken to respond and minimize the impact of emerging threats Reverse engineer files to discover their intended functionality and risks to customers Write threat descriptions for publication on the Sophos website and threat research whitepapers in a timely fashion Triage requests submitted by other departments, respond to tasks or escalate complex issues to senior team members Generating intelligence on new trends in the Threat Landscape and distributing between departments outside of the Lab Identify opportunities to write blogs for the Sophos website to raise customer awareness What you will bring 5+ yrs in Threat Researcher role Experience with x86 assembly Windows Internals Computer and Web Security experience Programming skills and experience (C/C++/Python/Perl) Reverse Engineering experience using IDA Pro, WinDbg, OllyDbg and Hex editors Good written and verbal communication skills Understanding of scripting basics (Perl/Python/Regexp) Experience with a wide array of Internet technologies and protocols (HTML, JavaScript, SMTP, DNS) Experience with a broad range of operating systems Bachelor’s degree in computer software (or equivalent) #B2 Ready to Join Us? At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply. What's Great About Sophos? · Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. Please refer to the location details in our job postings for further information. · Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit · Employee-led diversity and inclusion networks that build community and provide education and advocacy · Annual charity and fundraising initiatives and volunteer days for employees to support local communities · Global employee sustainability initiatives to reduce our environmental footprint · Global fitness and trivia competitions to keep our bodies and minds sharp · Global wellbeing days for employees to relax and recharge · Monthly wellbeing webinars and training to support employee health and wellbeing Our Commitment To You We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know. Data Protection If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Summary Position Summary Cyber - Defense & Resilience - ASM+MPT -Senior Consultant Attack Surface Management (ASM) Services Overview Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloitte’s ASM team could be the place for you. About Deloitte’s ASM Team Focus: Transparency, innovation, collaboration, and sustainability. Mission: Deliver industry-leading services with fresh thinking and a creative approach. Collaboration: Work with teams across Deloitte, leveraging both commercial and public sector expertise. Goal: Be the premier integrated services provider transforming the cybersecurity services marketplace. As a Senior Consultant, you will: Work with global teams of engineers and analysts specializing in cybercriminal tactics, tools, and procedures. Help clients discover vulnerabilities and rogue assets (e.g., shadow IT) in their networks. Enable clients to achieve business growth while managing risk. K ey Responsibilities Conduct vulnerability assessments and manual penetration testing for: Web applications APIs Thick client applications Mobile applications Perform secure code reviews and analyze false positives from industry-standard tools. Respond to ad-hoc reporting and research requests from management and analysts. Develop and implement application security policies and procedures. Identify and prioritize security vulnerabilities. Coordinate with development and operations teams to assist with remediation plans and secure applications. Rapidly understand and deliver on company and client requirements. Participate in regular reporting (daily, weekly, quarterly, yearly) for clients, partners, and internal teams. Adhere to internal operational security and other Deloitte policies. Required Qualifications Education: Bachelor’s degree or higher in Computer Science, or equivalent experience. Experience: 5–9 years of hands-on experience in: Application security Vulnerability assessment Penetration testing Mobile application security Thick client and Web API security assessments Technical Skills: Strong understanding of OWASP Top 10 and other vulnerabilities. Manual assessment and exploitation of vulnerabilities (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling). Understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Business logic vulnerability identification. Secure code review following OWASP Secure Coding Practices. Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc. Manual penetration testing and use of automated tools. Strong technical report writing skills. Knowledge of web application components (frontend, backend, databases, application servers). Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases). Experience with application security architecture review and threat modeling. Basic concepts of reverse engineering and memory analysis. Understanding of networking protocols (TCP/IP, DNS, HTTP/S). Familiarity with vulnerability classification (CVE/CVSS). Certifications: One or more of the following: CISSP OSCP OSWE BSCP GWAPT Preferred Qualifications Proficiency in web and mobile application security assessments, penetration testing, and secure code review. Relevant publications (blogs, tools, conference presentations, CVEs). Preferred certifications: OSWE, BSCP. Experience with automation and scripting (Python). Outstanding English written and oral communication skills. Strong understanding of web, mobile, and microservices vulnerabilities. Knowledge of malicious code operation and exploitation of technical vulnerabilities. Strong analytical and problem-solving skills. Self-motivated to upskill and learn new attack vectors. Desire to deeply understand the what, why, and how of security vulnerabilities. If you are passionate about cybersecurity and ready to make an impact, Deloitte’s ASM team offers a collaborative and innovative environment to grow your career. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301462

Summary Position Summary Job Description: Cyber Risk Application Security Consultant Attack Surface Management (ASM) Services Overview Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloitte’s ASM team could be the place for you. Deloitte’s ASM business is committed to transparency, innovation, collaboration, and sustainability. We deliver industry-leading services through fresh thinking and creative approaches, collaborating across the organization to support our clients. Our goal is to be the premier integrated services provider transforming the cybersecurity marketplace. Role: Cyber Risk Attack Surface Consultant As a Consultant, you will: Work with global teams to identify vulnerabilities and rogue assets (e.g., shadow IT). Help clients achieve business growth while managing risk. Key Responsibilities Conduct vulnerability assessments and manual penetration testing for web, API, thick client, and mobile applications. Perform secure code reviews and analyze false positives from industry-standard tools. Respond to ad-hoc reporting and research requests. Develop and implement application security policies and procedures. Identify and prioritize security vulnerabilities. Coordinate with development and operations teams on remediation plans. Quickly understand and deliver on company and client requirements. Participate in regular reporting for clients, partners, and internal teams. Adhere to internal operational security and Deloitte policies. Required Qualifications Bachelor’s degree or higher in Computer Science, or equivalent experience. 3–5 years of hands-on experience in: Application security Vulnerability assessment Penetration testing Mobile application security Thick client and Web API security assessments Strong understanding of OWASP Top 10 and related vulnerabilities. Experience in manual assessment and exploitation (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling). Understanding of OAUTHv2/OpenID standards and business logic vulnerabilities. Experience with secure code review (OWASP Secure Coding Practices). Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc. Ability to perform manual penetration testing and use automated tools. Excellent technical report writing skills. Knowledge of web application components (frontend, backend, databases, application servers). Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases). Experience with application security architecture review and threat modeling. Basic concepts of reverse engineering and memory analysis. Understanding of networking protocols (TCP/IP, DNS, HTTP/S). Familiarity with vulnerability classification (CVE/CVSS). Certifications: CISSP, OSCP, OSWE, BSCP, GWAPT. Preferred Qualifications Proficiency in web and mobile application security assessments, penetration testing, and secure code review. Relevant publications (blogs, tools, conference presentations, CVEs). Preferred certifications: OSWE, BSCP. Experience with automation and scripting (Python). Outstanding English written and oral communication skills. Strong understanding of web, mobile, and microservices vulnerabilities. Knowledge of malicious code operation and exploitation. Strong analytical and problem-solving skills. Self-motivated and eager to learn new attack vectors. Desire to deeply understand the what, why, and how of security vulnerabilities. If you are passionate about cybersecurity and ready to make an impact, Deloitte’s ASM team offers a collaborative and innovative environment to grow your career. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 302277

Malware Analyst Here are the some of the key skills which we are looking for it: Static and dynamic malware analysis(aware of file structure like, PE, PDF, OLE, windows short cut files etc...) someone who has hands on writing signatures for malware samples(at-least initial vector malware). Aware of trending malware family campaign and analysis for threat write ups for that follow up family. (example malware family - Emotet/Qakbot/AgentTesla etc..) Email security and Endpoint Security (EOP) Investigating the Phishing campaign and spam emails which users have received and reported. Threat Intelligence analysis/ Threat hunting Analyzing PE files (Dynamic and static analysis) and providing detection for malicious PE files.(RE/Malware Analysis) Analyzing non-PE file s (like OLE / PDF / HTML / HTA / VBS|VBE /JS/ WSF/JAR/LNK) andproviding detection for malicious files. Malware Analysis and Reversing. Reverse Engineering skills: familiar with debuggers, disassemblers, network protocols, file formats, sandboxes, hardware/firmware internals, software communication mechanisms, Classification, clustering and labelling of Malware. Knowledge of Advanced Techniques of Malware Analysis. Knowledge of Malware kill chain and MITRE ATT&CK techniques and tactics. Knowledge of AV evasion techniques and Pen testing tools like - Veil (equal rank), PowerShell Empire, Meterpreter, Unicorn, Cactus Torch, and Any other similar tools Additionally, Experience with advanced persistent threats, human adversary compromises and incident response. Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements. Excellent analytical skills and ability to identify patterns and trends. Strong research skills, data knowledge, and ability to analyze and present complex data in a meaningful way. Strong understanding of Cyber Security, modern security problems and threat landscape, Operating Systems (internals), computer networking concepts. Required Skills: Olly DBG, IDA PRO, Static and dynamic malware analysis, PE and non-PE file analysis IF INTERESTED SEND YOUR RESUME ON Payal.banchare@ltimindtree.com

Malware Analyst Here are the some of the key skills which we are looking for it: Static and dynamic malware analysis(aware of file structure like, PE, PDF, OLE, windows short cut files etc...) someone who has hands on writing signatures for malware samples(at-least initial vector malware). Aware of trending malware family campaign and analysis for threat write ups for that follow up family. (example malware family - Emotet/Qakbot/AgentTesla etc..) Email security and Endpoint Security (EOP) Investigating the Phishing campaign and spam emails which users have received and reported. Threat Intelligence analysis/ Threat hunting Analyzing PE files (Dynamic and static analysis) and providing detection for malicious PE files.(RE/Malware Analysis) Analyzing non-PE file s (like OLE / PDF / HTML / HTA / VBS|VBE /JS/ WSF/JAR/LNK) andproviding detection for malicious files. Malware Analysis and Reversing. Reverse Engineering skills: familiar with debuggers, disassemblers, network protocols, file formats, sandboxes, hardware/firmware internals, software communication mechanisms, Classification, clustering and labelling of Malware. Knowledge of Advanced Techniques of Malware Analysis. Knowledge of Malware kill chain and MITRE ATT&CK techniques and tactics. Knowledge of AV evasion techniques and Pen testing tools like - Veil (equal rank), PowerShell Empire, Meterpreter, Unicorn, Cactus Torch, and Any other similar tools Additionally, Experience with advanced persistent threats, human adversary compromises and incident response. Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements. Excellent analytical skills and ability to identify patterns and trends. Strong research skills, data knowledge, and ability to analyze and present complex data in a meaningful way. Strong understanding of Cyber Security, modern security problems and threat landscape, Operating Systems (internals), computer networking concepts. Required Skills: Olly DBG, IDA PRO, Static and dynamic malware analysis, PE and non-PE file analysisRole & responsibilities Preferred candidate profile

LTIMindtree Hiring for Malware Analyst. Notice period-immediate to 15 days. Exp-3 to 5 yrs. Location- Hyderabad, Chennai, Pune, Bangalore if interested Share me these details along with CV-Richa.Srivastava@ltimindtree.com Total Experience- Current CTC- Expected CTC- Holding offers if any- Current Location- Preferred Location- Notice period- Skills- Date of Birth- PAN No- Passport size photo- Pan no- Availability for interview- Are you okay with Rotational shift- Job description- Static and dynamic malware analysis(aware of file structure like, PE, PDF, OLE, windows short cut files etc...) someone who has hands on writing signatures for malware samples(at-least initial vector malware). Aware of trending malware family campaign and analysis for threat write ups for that follow up family. (example malware family - Emotet/Qakbot/AgentTesla etc..) Email security and Endpoint Security (EOP) Investigating the Phishing campaign and spam emails which users have received and reported. Threat Intelligence analysis/ Threat hunting Analyzing PE files (Dynamic and static analysis) and providing detection for malicious PE files.(RE/Malware Analysis) Analyzing non-PE file s (like OLE / PDF / HTML / HTA / VBS|VBE /JS/ WSF/JAR/LNK) and providing detection for malicious files. Malware Analysis and Reversing. Reverse Engineering skills: familiar with debuggers, disassemblers, network protocols, file formats, sandboxes, hardware/firmware internals, software communication mechanisms, Classification, clustering and labelling of Malware. Knowledge of Advanced Techniques of Malware Analysis. Knowledge of Malware kill chain and MITRE ATT&CK techniques and tactics. Knowledge of AV evasion techniques and Pen testing tools like - Veil (equal rank), PowerShell Empire, Meterpreter, Unicorn, Cactus Torch, and Any other similar tools Additionally, Experience with advanced persistent threats, human adversary compromises and incident response. Excellent cross-group and interpersonal skills, with the ability to articulate business need for detection improvements. Excellent analytical skills and ability to identify patterns and trends. Strong research skills, data knowledge, and ability to analyze and present complex data in a meaningful way. Strong understanding of Cyber Security, modern security problems and threat landscape, Operating Systems (internals), computer networking concepts. Required Skills: Olly DBG, IDA PRO, Static and dynamic malware analysis, PE and non-PE file analysis

Summary Position Summary Cyber - Defense & Resilience - ASM+MPT -Senior Consultant Attack Surface Management (ASM) Services Overview Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloitte’s ASM team could be the place for you. About Deloitte’s ASM Team Focus: Transparency, innovation, collaboration, and sustainability. Mission: Deliver industry-leading services with fresh thinking and a creative approach. Collaboration: Work with teams across Deloitte, leveraging both commercial and public sector expertise. Goal: Be the premier integrated services provider transforming the cybersecurity services marketplace. As a Senior Consultant, you will: Work with global teams of engineers and analysts specializing in cybercriminal tactics, tools, and procedures. Help clients discover vulnerabilities and rogue assets (e.g., shadow IT) in their networks. Enable clients to achieve business growth while managing risk. K ey Responsibilities Conduct vulnerability assessments and manual penetration testing for: Web applications APIs Thick client applications Mobile applications Perform secure code reviews and analyze false positives from industry-standard tools. Respond to ad-hoc reporting and research requests from management and analysts. Develop and implement application security policies and procedures. Identify and prioritize security vulnerabilities. Coordinate with development and operations teams to assist with remediation plans and secure applications. Rapidly understand and deliver on company and client requirements. Participate in regular reporting (daily, weekly, quarterly, yearly) for clients, partners, and internal teams. Adhere to internal operational security and other Deloitte policies. Required Qualifications Education: Bachelor’s degree or higher in Computer Science, or equivalent experience. Experience: 5–9 years of hands-on experience in: Application security Vulnerability assessment Penetration testing Mobile application security Thick client and Web API security assessments Technical Skills: Strong understanding of OWASP Top 10 and other vulnerabilities. Manual assessment and exploitation of vulnerabilities (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling). Understanding of OAUTHv2/OpenID standards and associated vulnerabilities. Business logic vulnerability identification. Secure code review following OWASP Secure Coding Practices. Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc. Manual penetration testing and use of automated tools. Strong technical report writing skills. Knowledge of web application components (frontend, backend, databases, application servers). Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases). Experience with application security architecture review and threat modeling. Basic concepts of reverse engineering and memory analysis. Understanding of networking protocols (TCP/IP, DNS, HTTP/S). Familiarity with vulnerability classification (CVE/CVSS). Certifications: One or more of the following: CISSP OSCP OSWE BSCP GWAPT Preferred Qualifications Proficiency in web and mobile application security assessments, penetration testing, and secure code review. Relevant publications (blogs, tools, conference presentations, CVEs). Preferred certifications: OSWE, BSCP. Experience with automation and scripting (Python). Outstanding English written and oral communication skills. Strong understanding of web, mobile, and microservices vulnerabilities. Knowledge of malicious code operation and exploitation of technical vulnerabilities. Strong analytical and problem-solving skills. Self-motivated to upskill and learn new attack vectors. Desire to deeply understand the what, why, and how of security vulnerabilities. If you are passionate about cybersecurity and ready to make an impact, Deloitte’s ASM team offers a collaborative and innovative environment to grow your career. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 305700

Summary Position Summary Job Description: Cyber Risk Application Security Consultant Attack Surface Management (ASM) Services Overview Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloitte’s ASM team could be the place for you. Deloitte’s ASM business is committed to transparency, innovation, collaboration, and sustainability. We deliver industry-leading services through fresh thinking and creative approaches, collaborating across the organization to support our clients. Our goal is to be the premier integrated services provider transforming the cybersecurity marketplace. Role: Cyber Risk Attack Surface Consultant As a Consultant, you will: Work with global teams to identify vulnerabilities and rogue assets (e.g., shadow IT). Help clients achieve business growth while managing risk. Key Responsibilities Conduct vulnerability assessments and manual penetration testing for web, API, thick client, and mobile applications. Perform secure code reviews and analyze false positives from industry-standard tools. Respond to ad-hoc reporting and research requests. Develop and implement application security policies and procedures. Identify and prioritize security vulnerabilities. Coordinate with development and operations teams on remediation plans. Quickly understand and deliver on company and client requirements. Participate in regular reporting for clients, partners, and internal teams. Adhere to internal operational security and Deloitte policies. Required Qualifications Bachelor’s degree or higher in Computer Science, or equivalent experience. 3–5 years of hands-on experience in: Application security Vulnerability assessment Penetration testing Mobile application security Thick client and Web API security assessments Strong understanding of OWASP Top 10 and related vulnerabilities. Experience in manual assessment and exploitation (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling). Understanding of OAUTHv2/OpenID standards and business logic vulnerabilities. Experience with secure code review (OWASP Secure Coding Practices). Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc. Ability to perform manual penetration testing and use automated tools. Excellent technical report writing skills. Knowledge of web application components (frontend, backend, databases, application servers). Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases). Experience with application security architecture review and threat modeling. Basic concepts of reverse engineering and memory analysis. Understanding of networking protocols (TCP/IP, DNS, HTTP/S). Familiarity with vulnerability classification (CVE/CVSS). Certifications: CISSP, OSCP, OSWE, BSCP, GWAPT. Preferred Qualifications Proficiency in web and mobile application security assessments, penetration testing, and secure code review. Relevant publications (blogs, tools, conference presentations, CVEs). Preferred certifications: OSWE, BSCP. Experience with automation and scripting (Python). Outstanding English written and oral communication skills. Strong understanding of web, mobile, and microservices vulnerabilities. Knowledge of malicious code operation and exploitation. Strong analytical and problem-solving skills. Self-motivated and eager to learn new attack vectors. Desire to deeply understand the what, why, and how of security vulnerabilities. If you are passionate about cybersecurity and ready to make an impact, Deloitte’s ASM team offers a collaborative and innovative environment to grow your career. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 305698

Job Information Date Opened 06/18/2025 Job Type Full time Industry IT Services Work Experience 4-5 years City Bangalore State/Province Karnataka Country India Zip/Postal Code 560024 Job Description About Globals: Globals has drastically grown from a small home office to a globally recognized enterprise offering world-class quality solutions on Cybersecurity, Cyberwarfare, ERP Systems, AI, and Enterprise Application Development for various industries including Defence, Education, Government, Financial Services and Transport Industries. Globals has enabled its customers to be game-changers in their industry through its disruptive and innovative solutions. Globals is certified as a "Great Place to Work" organization for its laudable work culture that helps its team members manage work-life, have dedicated hours to upskill and reskill themselves, and most important to ensure that the projects that they are working on are always unique, challenging their status quo every time. Our unique work culture has made us one of the world’s fastest-growing technology companies as recognized and featured by The Economist. Our excellence in technical stewardship and service-offering expertise has facilitated our clients ranging from individual entrepreneurs to Fortune Global 500 – to explore new business opportunities, reduce their operational costs significantly and boost their revenues. Today, Globals enjoys a strong position in the industry as a high-performing leader through its technology innovation and remarkable domain expertise. Globals is a CMMI Level 3 certified company. About the Job Role: We are seeking a skilled Offensive Security Researcher with hands-on experience in penetration testing, vulnerability research, and exploit development with a focus on Windows systems. The ideal candidate will be responsible for identifying and exploiting security weaknesses across Windows systems, applications, and networks to simulate real-world cyberattacks. This role is critical in strengthening our organization's security posture by providing actionable insights, supporting incident response, and contributing to continuous security improvements. You will work closely with security engineers, blue teams, and development teams to bridge gaps between offense and defense. Responsibilities: Identify and analyze vulnerabilities in Windows OS (e.g., Windows 10/11, Windows Server), kernel components, drivers, and user- mode applications. Research zero-day vulnerabilities and develop PoC exploits to demonstrate impact. Analyze patch diffs and reverse-engineer Windows updates to uncover exploitable conditions. Analyze obfuscated malware samples to understand attack vectors and vulnerabilities. Document vulnerabilities, exploitation techniques, and PoC code in clear, reproducible formats. Contribute to vulnerability databases, advisories, or whitepapers with the vendor and to CERT. Conduct comprehensive penetration tests (VAPT) on web applications, APIs, networks, mobile apps, and cloud environments. Collaborate with blue teams to improve defensive controls based on offensive insights. Continuously research emerging threats, attack techniques (TTPs), and security trends to keep tools and techniques up-to-date. Support incident response teams during active breaches with offensive techniques such as attacker simulation and pivoting. Participate in threat modeling and security architecture reviews from an attacker’s perspective. Requirements Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience. Deep understanding of Windows kernel, memory management, process/thread handling, security and Windows APIs (kernel32.dll, ntdll.dll) Expertise in writing exploits for Windows vulnerabilities, bypassing mitigations like ASLR, DEP, and CFG. Strong skills in C/C++, Python, and Assembly (x86/x64); familiarity with PowerShell. Knowledge of network protocols and raw packet manipulation for exploit delivery (e.g., using raw sockets or PCAP). Familiarity with offensive security tools like Metasploit, Cobalt Strike, or custom exploit frameworks. Proficiency with tools like IDA Pro, Ghidra, WinDbg, OllyDbg, or Radare2 for analyzing Windows binaries/drivers and dynamic analysis tools (Process Monitor, Process Explorer). Strong proficiency with penetration testing tools such as Burp Suite, Metasploit, Cobalt Strike, Nmap, Wireshark, Nessus, and others. Practical experience in exploit development, reverse engineering, or binary analysis is a strong plus. Familiarity with social engineering techniques and phishing campaigns is a plus. Relevant certifications are highly desirable (e.g., OSCP, CEH etc.,). Apply Now

About Globals: Globals has drastically grown from a small home office to a globally recognized enterprise offering world-class quality solutions on Cybersecurity, Cyberwarfare, ERP Systems, AI, and Enterprise Application Development for various industries including Defence, Education, Government, Financial Services and Transport Industries. Globals has enabled its customers to be game-changers in their industry through its disruptive and innovative solutions. Globals is certified as a "Great Place to Work" organization for its laudable work culture that helps its team members manage work-life, have dedicated hours to upskill and reskill themselves, and most important to ensure that the projects that they are working on are always unique, challenging their status quo every time. Our unique work culture has made us one of the world’s fastest-growing technology companies as recognized and featured by The Economist. Our excellence in technical stewardship and service-offering expertise has facilitated our clients ranging from individual entrepreneurs to Fortune Global 500 – to explore new business opportunities, reduce their operational costs significantly and boost their revenues. Today, Globals enjoys a strong position in the industry as a high-performing leader through its technology innovation and remarkable domain expertise. Globals is a CMMI Level 3 certified company. About the Job Role: We are seeking a skilled Offensive Security Researcher with hands-on experience in penetration testing, vulnerability research, and exploit development with a focus on Windows systems. The ideal candidate will be responsible for identifying and exploiting security weaknesses across Windows systems, applications, and networks to simulate real-world cyberattacks. This role is critical in strengthening our organization's security posture by providing actionable insights, supporting incident response, and contributing to continuous security improvements. You will work closely with security engineers, blue teams, and development teams to bridge gaps between offense and defense. Responsibilities: Identify and analyze vulnerabilities in Windows OS (e.g., Windows 10/11, Windows Server), kernel components, drivers, and user- mode applications. Research zero-day vulnerabilities and develop PoC exploits to demonstrate impact. Analyze patch diffs and reverse-engineer Windows updates to uncover exploitable conditions. Analyze obfuscated malware samples to understand attack vectors and vulnerabilities. Document vulnerabilities, exploitation techniques, and PoC code in clear, reproducible formats. Contribute to vulnerability databases, advisories, or whitepapers with the vendor and to CERT. Conduct comprehensive penetration tests (VAPT) on web applications, APIs, networks, mobile apps, and cloud environments. Collaborate with blue teams to improve defensive controls based on offensive insights. Continuously research emerging threats, attack techniques (TTPs), and security trends to keep tools and techniques up-to-date. Support incident response teams during active breaches with offensive techniques such as attacker simulation and pivoting. Participate in threat modeling and security architecture reviews from an attacker’s perspective. Requirements Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience. Deep understanding of Windows kernel, memory management, process/thread handling, security and Windows APIs (kernel32.dll, ntdll.dll) Expertise in writing exploits for Windows vulnerabilities, bypassing mitigations like ASLR, DEP, and CFG. Strong skills in C/C++, Python, and Assembly (x86/x64); familiarity with PowerShell. Knowledge of network protocols and raw packet manipulation for exploit delivery (e.g., using raw sockets or PCAP). Familiarity with offensive security tools like Metasploit, Cobalt Strike, or custom exploit frameworks. Proficiency with tools like IDA Pro, Ghidra, WinDbg, OllyDbg, or Radare2 for analyzing Windows binaries/drivers and dynamic analysis tools (Process Monitor, Process Explorer). Strong proficiency with penetration testing tools such as Burp Suite, Metasploit, Cobalt Strike, Nmap, Wireshark, Nessus, and others. Practical experience in exploit development, reverse engineering, or binary analysis is a strong plus. Familiarity with social engineering techniques and phishing campaigns is a plus. Relevant certifications are highly desirable (e.g., OSCP, CEH etc.,). Show more Show less

Summary Position Summary Job Description: Cyber Risk Application Security Consultant Attack Surface Management (ASM) Services Overview Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloitte’s ASM team could be the place for you. Deloitte’s ASM business is committed to transparency, innovation, collaboration, and sustainability. We deliver industry-leading services through fresh thinking and creative approaches, collaborating across the organization to support our clients. Our goal is to be the premier integrated services provider transforming the cybersecurity marketplace. Role: Cyber Risk Attack Surface Consultant As a Consultant, you will: Work with global teams to identify vulnerabilities and rogue assets (e.g., shadow IT). Help clients achieve business growth while managing risk. Key Responsibilities Conduct vulnerability assessments and manual penetration testing for web, API, thick client, and mobile applications. Perform secure code reviews and analyze false positives from industry-standard tools. Respond to ad-hoc reporting and research requests. Develop and implement application security policies and procedures. Identify and prioritize security vulnerabilities. Coordinate with development and operations teams on remediation plans. Quickly understand and deliver on company and client requirements. Participate in regular reporting for clients, partners, and internal teams. Adhere to internal operational security and Deloitte policies. Required Qualifications Bachelor’s degree or higher in Computer Science, or equivalent experience. 3–5 years of hands-on experience in: Application security Vulnerability assessment Penetration testing Mobile application security Thick client and Web API security assessments Strong understanding of OWASP Top 10 and related vulnerabilities. Experience in manual assessment and exploitation (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling). Understanding of OAUTHv2/OpenID standards and business logic vulnerabilities. Experience with secure code review (OWASP Secure Coding Practices). Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc. Ability to perform manual penetration testing and use automated tools. Excellent technical report writing skills. Knowledge of web application components (frontend, backend, databases, application servers). Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases). Experience with application security architecture review and threat modeling. Basic concepts of reverse engineering and memory analysis. Understanding of networking protocols (TCP/IP, DNS, HTTP/S). Familiarity with vulnerability classification (CVE/CVSS). Certifications: CISSP, OSCP, OSWE, BSCP, GWAPT. Preferred Qualifications Proficiency in web and mobile application security assessments, penetration testing, and secure code review. Relevant publications (blogs, tools, conference presentations, CVEs). Preferred certifications: OSWE, BSCP. Experience with automation and scripting (Python). Outstanding English written and oral communication skills. Strong understanding of web, mobile, and microservices vulnerabilities. Knowledge of malicious code operation and exploitation. Strong analytical and problem-solving skills. Self-motivated and eager to learn new attack vectors. Desire to deeply understand the what, why, and how of security vulnerabilities. If you are passionate about cybersecurity and ready to make an impact, Deloitte’s ASM team offers a collaborative and innovative environment to grow your career. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 302277 Show more Show less

Summary Position Summary Job Description: Cyber Risk Application Security Consultant Attack Surface Management (ASM) Services Overview Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloitte’s ASM team could be the place for you. Deloitte’s ASM business is committed to transparency, innovation, collaboration, and sustainability. We deliver industry-leading services through fresh thinking and creative approaches, collaborating across the organization to support our clients. Our goal is to be the premier integrated services provider transforming the cybersecurity marketplace. Role: Cyber Risk Attack Surface Consultant As a Consultant, you will: Work with global teams to identify vulnerabilities and rogue assets (e.g., shadow IT). Help clients achieve business growth while managing risk. Key Responsibilities Conduct vulnerability assessments and manual penetration testing for web, API, thick client, and mobile applications. Perform secure code reviews and analyze false positives from industry-standard tools. Respond to ad-hoc reporting and research requests. Develop and implement application security policies and procedures. Identify and prioritize security vulnerabilities. Coordinate with development and operations teams on remediation plans. Quickly understand and deliver on company and client requirements. Participate in regular reporting for clients, partners, and internal teams. Adhere to internal operational security and Deloitte policies. Required Qualifications Bachelor’s degree or higher in Computer Science, or equivalent experience. 3–5 years of hands-on experience in: Application security Vulnerability assessment Penetration testing Mobile application security Thick client and Web API security assessments Strong understanding of OWASP Top 10 and related vulnerabilities. Experience in manual assessment and exploitation (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling). Understanding of OAUTHv2/OpenID standards and business logic vulnerabilities. Experience with secure code review (OWASP Secure Coding Practices). Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc. Ability to perform manual penetration testing and use automated tools. Excellent technical report writing skills. Knowledge of web application components (frontend, backend, databases, application servers). Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases). Experience with application security architecture review and threat modeling. Basic concepts of reverse engineering and memory analysis. Understanding of networking protocols (TCP/IP, DNS, HTTP/S). Familiarity with vulnerability classification (CVE/CVSS). Certifications: CISSP, OSCP, OSWE, BSCP, GWAPT. Preferred Qualifications Proficiency in web and mobile application security assessments, penetration testing, and secure code review. Relevant publications (blogs, tools, conference presentations, CVEs). Preferred certifications: OSWE, BSCP. Experience with automation and scripting (Python). Outstanding English written and oral communication skills. Strong understanding of web, mobile, and microservices vulnerabilities. Knowledge of malicious code operation and exploitation. Strong analytical and problem-solving skills. Self-motivated and eager to learn new attack vectors. Desire to deeply understand the what, why, and how of security vulnerabilities. If you are passionate about cybersecurity and ready to make an impact, Deloitte’s ASM team offers a collaborative and innovative environment to grow your career. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 302277 Show more Show less

Job Description – Malware Analyst A malware analyst examines malicious software, such as bots, worms, and trojans to understand the nature of their threat. This task usually involves reverse-engineering the compiled executable and examining how the program interacts with its environment. The analyst may be asked to document the specimen’s attack capabilities, understand its propagation characteristics, and define signatures for detecting its presence. Reverse engineering capabilities are also considered essential to a successful malware analysis. Malware analysts are responsible for conducting both dynamic and static analyses of suspicious code in order to establish signatures that indicate its presence. They also determine how such code spreads through systems and develop tools and procedures to detect the code in advance of any infection. Job responsibilities include: Document malware threats and identify procedures to avoid them Static and dynamic analyses using tools to identify threats Classify malware based on threats and commonalities Write alerts to let security personnel know about the latest threats Understand tools that identify zero-day cyber threats and work to protect from them Participate in research and development of malware protection tools Ability to setup collection mechanisms for malware samples (honey pots) Ability to setup virtualized environments for malware analysis Capabilities for Malware Analysis Fundamentals Networking and TCP/IP Operating system internals (Windows and Unix) Computer security Forensics and incident response Programming (Assembly, C, C++, Python, and Perl) Assemble a toolkit for effective malware analysis Examine static properties of suspicious programs Perform behavioral analysis of malicious executables Perform static and dynamic code analysis of malicious executables Contribute insights to the organization's larger incident response effort Malicious Code Analysis Core concepts for analyzing malware at the code level x86 Intel assembly language primer for malware analysts Identifying key x86 assembly logic structures with a disassembler Patterns of common malware characteristics at the Windows API level (DLL injection, function hooking, keylogging, communicating over HTTP, etc.) In-Depth Malware Analysis Recognizing packed malware Automated malware unpacking tools and approaches Manual unpacking of malware using OllyDbg, process dumping tools and imports-rebuilding utilities Intercept network connections in the malware lab Interact with malicious websites to examine their nature De-obfuscate browser scripts using debuggers and runtime interpreters JavaScript analysis complications Self-Defending Malware Bypassing anti-analysis defences Recovering concealed malicious code and data Unpacking more sophisticated packers to locate the Original Entry Point Identifying and disabling methods employed by malware to detect analysts' tools Analyzing shellcode to assist with the examination of malicious documents and other artefacts Malicious Documents and Memory Forensics Analyse malicious Microsoft Office (Word, Excel, PowerPoint) documents Analyse malicious Adobe PDF documents Analyse memory to assess malware characteristics and reconstruct infection artefacts Using memory forensics to analyse rootkit infections Essential Qualifications 2-4 years’ experience as a SOC specialist/Malware analyst Certifications in Networking, OS, Infosec and languages (C, C++, Perl, Python & Assembly) Bachelor’s degree in Computer Science Show more Show less