67 Oscp Jobs

Role & responsibilities Strong App Sec Background, Preferred candidate profile OSCP Certification Mandatory Preferred candidate profile

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture DesignMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Specialist, you will support the implementation and validation of security measures across vehicle systems and embedded platforms. You will assist in penetration testing, contribute to threat analysis activities, and help ensure secure communication and firmware integrity in alignment with automotive cybersecurity standards. Roles & Responsibilities:Assist in the execution of penetration testing activities targeting ECUs, in-vehicle communication networks, and diagnostic services to identify common vulnerabilities and misconfigurations.Support the use of automotive security tools such as CANoe, Wireshark, Scapy, and basic fuzzing frameworks to simulate attacks and gather system responses for analysis.Collect and organize logs, analyze test outputs, and document findings to assist senior security engineers in remediation and tracking of identified issues.Execute validation of standard UDS diagnostic services, including support for testing access controls, session management, and secure diagnostic configurations.Participate in asset identification and support foundational threat modeling efforts, including contributing to risk assessments and mitigation tracking under guidance.Assist in documenting security design considerations and implementation steps in alignment with ISO/SAE 21434 and internal cybersecurity processes.Collaborate with cybersecurity, software, and validation teams to support the integration of security controls across vehicle platforms.Continuously learn and apply core concepts of automotive cybersecurity, including secure communication, ECU hardening, and regulatory standards like WP.29 and ISO 26262. Professional & Technical Skills: 5+ years of experience in embedded systems, automotive engineering, or related fields, with growing specialization in cybersecurity principles and practices.Familiarity with in-vehicle communication protocols including CAN, UDS, and DoIP, with hands-on exposure to using tools such as CANoe, Wireshark, and Scapy for traffic analysis and basic attack simulation.Foundational understanding of penetration testing methodologies, vulnerability identification, and the use of fuzzers to evaluate ECU communication robustness.Exposure to diagnostics security concepts, including secure diagnostic sessions, seed-key mechanisms, and access control layers for UDS services.Basic knowledge of cybersecurity frameworks and risk assessment methodologies such as STRIDE, HEAVENS, and ISO/SAE 21434.Experience contributing to documentation of test results, secure design inputs, and mitigation reports under guidance from senior cybersecurity engineers.Understanding of secure firmware update concepts and cryptographic basics, including symmetric/asymmetric encryption, HSM usage, and key management fundamentals.Experience working in Agile or V-model development environments, collaborating with cross-functional teams including validation, software, and systems engineering.Demonstrated eagerness to learn new cybersecurity tools, standards, and technologies relevant to modern connected vehicle platforms.Strong analytical skills and attention to detail, with the ability to follow structured testing and security validation procedures. Additional Information:3+ years experience implementing and performing Automotive CybersecurityKnowledge of tools like CANoe, Wireshark, or Ghidra.Basic understanding of ISO 21434, seed/key security, OTA updates, and cryptographic modules.This position is based at our Bengaluru officeA 15-year full-time education is requiredGood to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture DesignMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Engineer, you will implement and validate security controls across in-vehicle systems, ensuring protection of ECUs, telematics units, and connected vehicle infrastructure. You will contribute to threat modeling and diagnostics hardening efforts, support penetration testing activities, and document the integration of cybersecurity measures in alignment with regulatory and technical requirements. Roles & Responsibilities:Support the development and implementation of cybersecurity controls across ECUs, telematics systems, and in-vehicle networks in alignment with ISO/SAE 21434 and company CSMS.Participate in security architecture and design reviews, contributing to the definition and validation of security requirements for embedded vehicle systems.Conduct and document threat modeling and risk assessments using methodologies such as HEAVENS, STRIDE, and custom attack graphs.Perform penetration testing and intrusion validation on in-vehicle protocols including CAN, DoIP, and Ethernet, as well as wireless interfaces such as Bluetooth and Wi-Fi.Assist in the execution of fuzz testing and vulnerability analysis using tools like CANoe, Wireshark, Scapy, and Python-based custom scripts.Contribute to the validation of secure boot mechanisms and assist in reverse engineering activities to verify firmware security compliance.Work with software and hardware teams to analyze security issues, identify root causes, and define corrective actions and mitigations.Maintain operational documentation, including test procedures, vulnerability logs, and mitigation tracking in compliance with regulatory requirements.Collaborate with cross-functional teams to integrate secure diagnostics, access control strategies, and key management protocols.Participate in internal assessments and support audit readiness for cybersecurity compliance frameworks such as UNECE WP.29 and ISO 26262. Professional & Technical Skills: Experience supporting in-vehicle cybersecurity programs with 8+ years in embedded or automotive systems development, including 34 years focused on penetration testing, diagnostics security, or secure ECU architecture.Hands-on experience conducting security testing and vulnerability assessments on vehicle communication interfaces such as CAN, DoIP, and Ethernet, as well as wireless protocols including Bluetooth, Wi-Fi, and cellular.Strong working knowledge of UDS diagnostics (ISO 14229), secure diagnostics access control, and protocol fuzzing techniques to uncover vulnerabilities in ECUs and vehicle gateways.Proficiency with security testing tools and platforms such as CANoe, Wireshark, Scapy, Python, and Ghidra for traffic analysis, custom scripting, and reverse engineering.Familiarity with cryptographic principles and practical usage of cryptographic libraries (e.g., OpenSSL, mbedTLS) and hardware security modules (HSM) for secure key storage, boot processes, and firmware authentication.Experience supporting OTA (Over-the-Air) update platforms and ensuring their secure integration using encryption, authentication, and rollback protection mechanisms.Exposure to cybersecurity development in Agile-based or V-model automotive environments, working collaboratively with software, systems, and validation teams.Knowledge of regulatory and compliance standards relevant to automotive cybersecurity, including ISO/SAE 21434, UNECE WP.29 (R155/R156), and functional safety (ISO 26262).Ability to document test cases, generate detailed security analysis reports, and provide engineering teams with clear recommendations and follow-up actions for mitigation.Demonstrated problem-solving skills and the ability to troubleshoot complex issues related to embedded systems security, communication integrity, and control system protection. Additional Information:5+ years experience implementing and performing Automotive CybersecurityExperience with AUTOSAR (Classic/Adaptive), ECU firmware security, or secure telematics units.This position is based at our Bengaluru officeA 15-year full-time education is requiredGood to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :AI Red Teaming Expert Adversarial ML, Threat Simulation, and AI Security StrategyWe are seeking a highly experienced and visionary AI Red Teaming Expert 12+ years of experience across cybersecurity and machine learning. This role is ideal for professionals who thrive in dynamic environments and possess a passion for securing cutting-edge AI/ML systems. You will lead red teaming operations, simulate adversarial threats, and guide the organizations AI security posture at strategic and technical levels. The ideal candidate demonstrates deep technical expertise, exceptional leadership, and a keen understanding of adversarial machine learning and risk mitigation frameworks. Roles & Responsibilities:Define and execute the AI red teaming strategy across the organization.Simulate realistic and advanced adversarial attacks against AI/ML systems aligned with business contexts.Review AI/ML system architecture to identify security gaps and advocate for secure design patterns.Establish internal standards and workflows for AI threat modeling, risk assessment, and adversarial testing.Stay ahead of evolving adversarial ML threats and guide the development of defensive strategies.Contribute to secure development practices for model deployment pipelines and lifecycle management.Lead and mentor a specialized team of AI security analysts and red teamers.Represent AI security strategy in executive forums and drive cross-functional alignment.Collaborate with engineering, data science, compliance, and legal stakeholders to integrate security into AI innovation cycles.Drive internal policy-making efforts around responsible and secure AI development practices.Own and lead remediation initiatives, translating findings into actionable improvements across teams. Professional & Technical Skills: Exceptional communication and leadership skills with the ability to convey technical issues to non-technical stakeholders.Proven experience managing high-impact security initiatives and leading diverse teams.Strategic thinker capable of aligning AI security objectives with business goals.Passionate about AI safety, responsible innovation, and emerging threat landscapes.Strong analytical and problem-solving skills in high-pressure environments.Hands-on expertise in red teaming AI/ML systems at scale.Strong understanding of adversarial ML techniques, threat simulation tools, and AI model manipulation tactics.Experience implementing and aligning with frameworks such as OWASP Top 10 for LLMs, ISO 42001, NIST AI RMF.Proficiency in AI/ML pipeline security, model risk evaluation, and secure MLOps practices.Familiarity with deep learning frameworks (e.g., TensorFlow, PyTorch) and their associated vulnerabilities.Demonstrated ability to design, execute, and scale red teaming programs in AI-native environments.- Additional Information:Bachelors or Masters degree in Computer Science, Information Security, Machine Learning, or related field.Recognized certifications such as CEH, OSCP, CISSP, or credentials specific to AI security (e.g., MITRE ATLAS experience) are a plus.- 12+ years of experience spanning cybersecurity, AI/ML, and adversarial testing- This position is based at our Bengaluru office- A 15 years full time education is required. Qualification 15 years full time education

We are looking for a Penetration Tester to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Here is how, through this exciting role, YOU will contribute to BMC's and your own success: Primary Roles and Responsibilities: Lead security assessments of applications and solutions deployed on IBM z/OS-based environments. Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems.. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure youre set up for success, you will bring the following skillset & experience: 6+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture DesignMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Architect, you will define the end-to-end security architecture and strategy for in-vehicle systems, telematics, and cloud-connected services, ensuring alignment with regulatory requirements and industry best practices. You will also lead penetration testing efforts, document security controls across ECUs and communication interfaces, and guide the implementation of secure system designs across the vehicle ecosystem. Roles & Responsibilities:Define and implement end-to-end cybersecurity architecture for connected vehicles, ECUs, and backend services, ensuring alignment with ISO/SAE 21434, UNECE WP.29, and CSMS requirements.Develop secure communication and firmware update frameworks, supporting over-the-air (OTA) updates and in-vehicle data integrity.Perform threat modeling and risk analysis using industry-standard methodologies such as HEAVENS, STRIDE, and attack trees to identify vulnerabilities across vehicle networks and interfaces.Guide the definition of mitigation strategies and ensure full traceability between threats, assets, and controls throughout the development lifecycle.Plan and lead security validation activities, including advanced penetration testing and fuzzing of vehicle interfaces (CAN, DoIP, Ethernet, Bluetooth, Wi-Fi, Cellular).Create and maintain documentation for test cases, tooling, security controls, and validation outcomes across ECUs and connected modules.Collaborate with cross-functional teams to drive secure design practices in diagnostics, boot process, and firmware integrity verification.Conduct vulnerability assessments using tools such as CANoe, CANalyzer, Wireshark, Ghidra, and custom analysis scripts, and support remediation planning.Lead red team exercises and security reviews in coordination with product security and development teams.Represent cybersecurity in internal audits and regulatory assessments, ensuring alignment with WP.29 R155/R156 and ISO 26262.Work with suppliers and partners to evaluate and integrate security solutions aligned with evolving vehicle cybersecurity requirements. Professional & Technical Skills: Extensive experience (12+ years) in embedded and automotive systems, with over 6 years specializing in automotive cybersecurity strategy, architecture, and threat analysis.Hands-on experience designing and executing penetration testing of automotive systems, including ECUs, ADAS, telematics, infotainment, and V2X components, across in-vehicle networks and external interfaces.Strong knowledge of in-vehicle communication protocols such as CAN, LIN, FlexRay, DoIP, and automotive diagnostic protocols (UDS), as well as wireless technologies including Bluetooth, Wi-Fi, and Cellular.In-depth understanding of secure communication protocols and cryptographic standards, including TLS, MACsec, AES, RSA, ECC, and Public Key Infrastructure (PKI) for automotive applications.Proven experience in designing and implementing Secure Boot, Secure OTA (Over-the-Air) update mechanisms, and ECU firmware authentication using HSMs and trusted execution environments.Demonstrated ability to conduct and lead threat modeling and risk assessments using HEAVENS, STRIDE, attack trees, and DFD methodologies in compliance with ISO/SAE 21434.Familiarity with regulatory and compliance frameworks such as UNECE WP.29 (R155/R156), CSMS, and ISO 26262, and practical experience aligning security activities to these standards.Proficiency in security validation tools and platforms including Canoe, CANalyzer, Wireshark, Ghidra, Scapy, and custom-built tools for binary analysis, fuzzing, and reverse engineering.Experience guiding vulnerability remediation efforts across hardware and software development teams in an Agile or V-model development environment.Strong technical documentation skills and the ability to translate complex cybersecurity concepts into actionable guidance for engineering and compliance teams.Capable of engaging with external vendors, regulatory bodies, and cross-functional stakeholders to align security requirements, audits, and certifications. Additional Information:7+ years experience implementing and performing Automotive CybersecurityThis position is based at our Bengaluru officeA 15-year full time education is requiredGood to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education

Role & responsibilities Responsibilities: Oversee and conduct tests for system vulnerabilities, such as: SOE Security Assessments Source Code Review Security Risk (ISO27k) & Privacy Impact (APP) Assessments NCSC Cyber Essentials Plus Assessments Red Team Attack Simulations Firewall and Password Audits Vulnerability Assessments (Internal, External, Web Application, and Database) Penetration Testing (Internal, External, Web Application, Database, Mobile, and Wireless) Preferred candidate profile Requirements: Minimum 3 years experience as a security consultant or penetration tester An existing penetration testing certification, such as OSCP, OSCE, or CREST is mandatory

We are looking for someone who has good hands on experience in VAPT. This role is with one of the government department of Maharashtra. Education: B.E/B. Tech / M.Sc. (Comp. Sci) / MCA / MBA/ M. Tech degree or equivalent. Should be a certified auditor. 6 or more years of overall experience with at least 6 years of relevant experience in Vulnerability Analysis, Penetration Testing and/or forensics. Must have experience in managing at least 3 projects for large, enterprise scale Clients. should have at least two industry certifications as mentioned below: 1. Licensed Penetration Tester (LPT) 2. Certified Penetration Testing Professional (CPENT) 3. Certified Expert Penetration Tester (CEPT) 4. GIAC Penetration Tester (GPEN) 5. CompTIA PenTest+ 6. Certified Ethical Hacker (CEH) 7. Certified Mobile and Web App Penetration Tester (CMWAPT) 8. Computer Hacking Forensic Investigator (CHFI) 9. Certified Information System Auditor (CISA) 10. Certified Information Security Manager (CISM) 11. Other acceptable industry related certification in VAPT. 12. OSCP

Key Responsibilities: Conduct red team exercises to simulate sophisticated, real-world attacks and evaluate the effectiveness of security controls. Perform targeted penetration tests and vulnerability assessments to uncover and exploit security weaknesses. Develop and execute complex attack scenarios to challenge the organizations defenses. Collaborate with defensive security teams to remediate identified vulnerabilities and enhance security measures. Utilize and integrate advanced offensive security tools, such as Metasploit, Burp Suite, and Kali Linux, into the red team testing framework. Provide expert analysis and interpretation of red team tools and their results. Create and maintain detailed documentation related to red team activities, including test plans, attack scenarios, and incident response procedures. Contribute to the development and delivery of specialized security training and awareness programs focused on red team techniques. Ensure design and implementation of security controls and best practices from a red team perspective. Support the Offensive Security Lead in developing and refining the red team program. Assist with the evaluation and implementation of new red team technologies and improvements to existing processes. Qualifications: Bachelor s degree in computer science, Information Security, or a related technical field. 4+ years of experience in offensive security, with a focus on penetration testing and red teaming. In-depth understanding of encryption technologies, authentication protocols, and other security mechanisms. Preferred Skills: Relevant security certifications (e.g., OSCP, OSCE, CEH, GPEN). Key Responsibilities: Conduct red team exercises to simulate sophisticated, real-world attacks and evaluate the effectiveness of security controls. Perform targeted penetration tests and vulnerability assessments to uncover and exploit security weaknesses. Develop and execute complex attack scenarios to challenge the organizations defenses. Collaborate with defensive security teams to remediate identified vulnerabilities and enhance security measures. Utilize and integrate advanced offensive security tools, such as Metasploit, Burp Suite, and Kali Linux, into the red team testing framework. Provide expert analysis and interpretation of red team tools and their results. Create and maintain detailed documentation related to red team activities, including test plans, attack scenarios, and incident response procedures. Contribute to the development and delivery of specialized security training and awareness programs focused on red team techniques. Ensure design and implementation of security controls and best practices from a red team perspective. Support the Offensive Security Lead in developing and refining the red team program. Assist with the evaluation and implementation of new red team technologies and improvements to existing processes. Qualifications: Bachelor s degree in computer science, Information Security, or a related technical field. 4+ years of experience in offensive security, with a focus on penetration testing and red teaming. In-depth understanding of encryption technologies, authentication protocols, and other security mechanisms. Preferred Skills: Relevant security certifications (e.g., OSCP, OSCE, CEH, GPEN).

This is a remote position. Job Title: Freelance OSCP Trainer (Offensive Security Certified Professional) Location: Remote Engagement Type: Freelance Duration: Projuct Base Experience: 10+Years About the Role: We are seeking an experienced and passionate freelance OSCP-certified trainer to deliver hands-on training in penetration testing and ethical hacking . The ideal candidate will have a strong background in offensive security and a knack for simplifying complex concepts for learners of varying skill levels. Key Responsibilities: Deliver structured training based on the PWK (Penetration Testing with Kali Linux) curriculum. Guide students through lab exercises , real-world scenarios , and exam preparation . Provide mentorship and support to learners during and after sessions. Customize training content to suit the audiences technical level. Evaluate learner progress and provide constructive feedback. Required Skills & Qualifications: OSCP Certification (mandatory). Strong command of Kali Linux , Metasploit , Burp Suite , Nmap , Wireshark , and other offensive security tools. Proficiency in Active Directory attacks , privilege escalation , buffer overflows , and post-exploitation techniques . Solid understanding of networking , Linux/Windows systems , and scripting (Python/Bash) . Prior experience in training or mentoring is highly desirable. Excellent communication and presentation skills. " , "Work_Experience6" , "Job_TypeTraining" , "Job_Opening_NameOSCP" , "Number_of_Positions1" , "State":null , "Country":null , "Keep_on_Career_Site":false}]);

Position Purpose The role of the Third-Party Technology Risk Management Analyst / Consultant is to implement the set of operational activities to be carried out within BNP Paribas (Group & entities) to manage ICT & Cyber risks for the beneficiaries of sourcing (Outsourcing, purchasing & shoring) initiatives supported by ICT service providers and third parties involved in ICT projects or business projects with ICT components. She/he can operate within TPTRM scope governance, providers, beneficiaries & SMEs spread throughout global region. As part of his role, she/ he will have to work closely with German stakeholders. Especially, she / he will help clients assess the risks associated to their arrangement and provide recommendations for managing those risks.. Responsibilities Direct Responsibilities Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate business and technology risks related to their arrangements, and provide recommendations for managing those risks Define the contractual ICT security requirements applicable to the arrangement to protect confidentiality, integrity and availability of Beneficiary data and systems Provide periodic status updates (KPIs/KRIs) including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary Review thoroughly asset classifications and pre-existing asset related risks & control responses ensuring sync with TPTRM assessments responses Select the requirements to include in the specific ICT due diligence questionnaires to be sent to the shortlisted suppliers and analyze the providers feedback Support the Beneficiary answering ICT Security questions from the provider as part of the contract negotiation process List of the risks that should be formalized in a risk management plan given the third party's answers and report on the third party's ability to manage risks Support the Beneficiary recording the arrangement data in the various Group registers (ServiceNow, RISK360, etc.) Ensure periodic review of ICT arrangements and contracted ICT services Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Incident Response, Risk Management, Privacy and Data Protection, Encryption. Contributing Responsibilities Direct Responsibilities Perform third-party technology risk assessments to help beneficiaries/contract owners identify and evaluate business and technology risks related to their arrangements, and provide recommendations for managing those risks Define the contractual ICT security requirements applicable to the arrangement to protect confidentiality, integrity and availability of Beneficiary data and systems Provide periodic status updates (KPIs/KRIs) including potential risks and delays to the project delivery to beneficiary project manager, conduct workshops wherever necessary Review thoroughly asset classifications and pre-existing asset related risks & control responses ensuring sync with TPTRM assessments responses Select the requirements to include in the specific ICT due diligence questionnaires to be sent to the shortlisted suppliers and analyze the providers feedback Support the Beneficiary answering ICT Security questions from the provider as part of the contract negotiation process List of the risks that should be formalized in a risk management plan given the third party's answers and report on the third party's ability to manage risks Support the Beneficiary recording the arrangement data in the various Group registers (ServiceNow, RISK360, etc.) Ensure periodic review of ICT arrangements and contracted ICT services Demonstrate knowledge in one or more of the following cyber risk domains, including: Security Governance and Management, Security Policies and Procedures, Application Security Controls, Access Controls, Incident Response, Risk Management, Privacy and Data Protection, Encryption. Contributing Responsibilities Instruct the 5 European Bank Authority ICT risks categories and follow them throughout TPTRM assessments Participate in Initialization Committee/ Validation Committee & Go-Live committee for Supporting specific arrangements and results Provide support to beneficiary / contract owner to implement residual actions Facilitate the business/sponsor/beneficiary/SME decision-making with deep analysis based on relevant flagged risk families Provide support to contract owners and coordinate/ assist to ensure proper assessments are done Manage TPTRM inventory with follow-up tracker management Contribute to process improvement, upkeep with new policies, regulations, standards & guidelines Technical & Behavioral Competencies Functional Skills Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation. Experience in the Finance & IT industry with a strong exposure to IT Operations, Application Security, and/or network administration, IPS Demonstrate knowledge of Risk & Compliance, cybersecurity, cyber risk, cyber threats, Third Party Technology Risk Management/ Vendor assessments Working knowledge of global regulations, frameworks and standards (ISO, NIST, COBIT, PCI-DSS, HIPAA) and conversant in the tactics, techniques and procedures used by Risk adversaries. Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate. Good IT knowledge Technical : - Good understanding of organizations and IT Businesses - Good technical understanding of infrastructures and IT Security Productions and Systems - IT risk /Third Party risk analysis and management methods and should have worked on Risk Management Tools like, ServiceNow etc. - Knowledge of Cyber Resilience, IT continuity and business continuity - GRC - Governance, Risk Management and Compliance Management. - Firewall and Internet technologies; Cloud Security, Banking Tools & Technologies. - Secure access control mechanisms; Encryption and Key management technics Behavioral : - Strong Communication, Analytical and problem-solving skills. - Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills - Good documentation and reporting skills - Ability to work independently - Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back-office users - Good communication, technical writing/diagramming skills - Attention to detail and accuracy Specific Qualifications (if required) - One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CEH, CRISC, OSCP or Security+. - IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc. - IT Auditing (ISO27001/2, NIST 800 Series, ISO27005, ISO42001) - Regulatory Compliance MBA in Finance/Systems/IT, Masters in Technology, Bachelor of Commerce, Masters in Commerce, Bachelor in Science, Bachelor in Technology Skills Referential Behavioural Skills : (Please select up to 4 skills) Communication skills - oral & written Attention to detail / rigor Ability to deliver / Results driven Creativity & Innovation / Problem solving Choose an item. Choose an item. Choose an item. Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to manage a project Ability to understand, explain and support change Ability to develop and adapt a process Ability to anticipate business / strategic evolution Education Level: Bachelor Degree/ Master Degree or Equivalent Choose an item. Experience Level 5-7 years and 3-5 years Choose an item. Other/Specific Qualifications (if required) CISA/CISSP/CISM/CRISC

Responsibilities: * Conduct penetration tests, vulnerability assessments & ethical hacking. * Implement OWASP top 10 principles & network NPT methodologies. * Monitor cybersecurity risks & respond to incidents.

Your potential, unleashed. Indias impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilientnot only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile As Assistant Manager in our Cyber Team youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Threat Modelling: Conduct threat modelling sessions to identify potential security risks to applications, networks, and infrastructure. Utilize various threat modelling frameworks (e.g., STRIDE, PASTA) to evaluate the risk associated with business processes and IT systems. Vulnerability Assessment & Penetration Testing: Perform regular vulnerability assessments and penetration testing on applications, systems, and networks to identify weaknesses and misconfigurations. Security Risk Analysis: Analyse vulnerabilities identified in VAPT engagements and prioritize them based on risk to the business. Provide recommendations for remediation and mitigation. Incident Response: Assist in responding to security incidents by analysing threat patterns, supporting forensic investigations, and recommending preventative measures. Collaboration with Teams: Work closely with developers, DevOps, and other stakeholders to design and implement secure development practices and advise on secure code development practices. Reporting: Document findings from threat modelling, vulnerability assessments, and penetration tests, and present them to management and other key stakeholders. Security Awareness: Promote awareness of cybersecurity risks within the organization and provide guidance on secure coding and risk mitigation strategies. Required Skills and Qualifications: Strong knowledge of Threat Modelling methodologies and tools (e.g., Microsoft Threat Modelling Tool, OWASP Threat Dragon). Hands-on experience in performing Vulnerability Assessment and Penetration Testing (VAPT) using tools like Nmap, Burp Suite, OWASP ZAP, Nessus, and Metasploit. Solid understanding of common vulnerabilities (e.g., SQL injection, Cross-Site Scripting, Buffer overflows) and security protocols (e.g., TLS/SSL, OAuth, OpenID). Familiarity with network security (firewalls, IDS/IPS, VPNs, etc.) and web application security. Experience in performing risk analysis, writing security reports, and presenting findings to both technical and non-technical audiences. Knowledge of OWASP Top 10, CVE, and vulnerability databases. Proficiency in one or more programming languages (e.g., Python, Java, C, or scripting languages) is a plus. Understanding of security frameworks and compliance requirements (e.g., NIST, ISO 27001, GDPR, SOC 2) is desirable. Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus. Strong problem-solving skills and the ability to work independently and in a team. Prior experience in BFSI would be preferred. Preferred Qualifications: Certification: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar penetration testing certifications. Certified Information Systems Security Professional (CISSP) or similar information security certifications. Previous experience in threat hunting, incident response, or application security. Understanding of security in Agile/Scrum development processes. Location and way of working Base location: Pune Professional is required to work from office. How youll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the worlds most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyones welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.

As a Security Consultant, you play a pivotal role as a key advisor for IBM's clients. Your primary responsibility is to analyze business requirements and leverage your expertise to design and implement optimal security solutions tailored to meet the unique needs of our clients. Your technical skills will be crucial in finding the delicate balance between enabling and securing our client's organization, utilizing cognitive solutions that have contributed to making IBM the fastest-growing enterprise security business globally. - Develop a deep technical understanding of IBM Public Cloud offerings and infrastructure - Plan and perform red team exercises against various cloud offerings - Plan and perform full stack security tests against various system(s) and application(s) independently as well as within a team - Engage in security monitoring and visibility improvement activities across the IBM Public Cloud organization - Thoroughly document techniques, tactics, and proof of concepts used during security testing and red team exercises - Communicate with various business and technology leaders to interpret identified vulnerabilities and assist in the development and planning for risk mitigation plans - Research and continuously improve skills in attacker tools, methods, and techniques - Lead by example for the greater red team in professionalism, communication, and technical expertise Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Demonstrates strong understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Demonstrates strong ability to communicate highly technical aspects to Executives and IT staffs, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) Possess one or more of the following credentialsOSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 3+ years of demonstrating experience in system or application administration role(s) Preferred technical and professional experience 5+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Ability to communicate highly technical aspects to Executives and IT staff, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Expertise in developing exploits and customized attack tooling and approaches Demonstratedsecurity research leading to bug bounty and CVE awards Deep understanding of serverless services, containerization and other cloud technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) CGood to have one of these certsCRTP, CEH, OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 5+ years of demonstrating experience in system or application administration role(s)

Role & responsibilities We are looking to add a VAPT specialist to our team! This position will be conducting vulnerability assessments, penetration testing, and security audits to identify, report, and mitigate security weaknesses across applications, networks, and systems. Conduct vulnerability assessments and penetration tests on internal and external applications, networks, and systems. Develop, document, and implement testing methodologies based on industry standards and compliance requirements (e.g., OWASP, NIST, ISO 27001). Identify security risks, potential threats, and vulnerabilities and provide detailed reports with actionable recommendations. Collaborate with development, infrastructure, Network, SOC and application teams to guide them in remediating identified security issues. Perform re-testing to validate remediation actions taken to address vulnerabilities. Stay updated on emerging security threats, vulnerabilities, and tools related to penetration testing. Ensure testing activities comply with relevant security policies, regulatory requirements, and standards. Support the development of VAPT policies, standards, and guidelines. Prepare regular reports and dashboards for management and stakeholders, summarizing findings and status updates. Preferred candidate profile At least 1+ years of experience in vulnerability assessment and penetration testing in both application and network environments. In-depth knowledge of security standards, frameworks, and methodologies, such as OWASP, PTES, and MITRE ATT&CK. Proficiency with security testing tools like Burp Suite, Nessus, Metasploit, Nmap, and Wireshark. Strong understanding of network protocols, application security, and secure coding practices. Familiarity with regulatory standards, such as GDPR, HIPAA, and PCI-DSS, and how they impact VAPT requirements. Ability to communicate complex technical information to both technical and non-technical stakeholders. Relevant certifications (e.g., CEH, OSCP, GIAC GPEN, or GWAPT) are preferred. Vulnerability scanning and penetration testing Threat modeling and risk assessment Security auditing and report writing Collaboration and communication Analytical and problem-solving skills

We are looking for a skilled and motivated Penetration Tester to join our DART (Detection and Response Team) and help deliver high-impact Penetration Testing as a Service (PTaaS) engagements to our global clients. This is a hands-on role focused on continuous testing, real-world simulations, and providing actionable insights using industry-leading tools like Metasploit Pro and CIS-CAT Pro. Youll be part of a CREST-aligned team helping financial institutions, government bodies, and mid-market clients secure their infrastructure, web applications, cloud platforms, and internal networks. Key Responsibilities Perform internal and external network penetration testing Conduct web application and API testing using OWASP and custom test cases Simulate real-world attack vectors including privilege escalation and lateral movement Execute configuration audits using CIS-CAT Pro for hardening validation Design and run automated and manual exploit campaigns using Metasploit Pro Prepare detailed reports with technical findings, business risk, and remediation guidance Participate in client scoping sessions and debriefs Collaborate with the development and infrastructure teams to validate remediations Contribute to continuous improvements of our PTaaS platform and methodology What Were Looking For 36 years in penetration testing, red teaming, or offensive security Strong knowledge of security testing methodologies (OWASP, PTES, MITRE ATT&CK) Hands-on experience with Metasploit Pro, Burp Suite, CIS-CAT Pro, or similar tools Certifications preferred : OSCP, CREST CRT, CRTO, or equivalent Preferred candidate profile Familiarity with cloud security (Azure, AWS, M365) and Active Directory attacks Strong report writing and client communication skills

Hi We have the below opening with one of our prestigious client. If you are interested and willing to explore opportunity, Please shared your CV to vivitha.d@randstad,in Exp: 3+ Years Location: Bangalore Mode of work: 5 Days Work from office Shift time- 5:30 am or 7:30 am ( 9 Hours) Need only OSCP Certified candidates Role Description Responsibilities: Oversee and conduct tests for system vulnerabilities, such as: SOE Security Assessments Source Code Review Security Risk (ISO27k) & Privacy Impact (APP) Assessments NCSC Cyber Essentials Plus Assessments Red Team Attack Simulations Firewall and Password Audits Vulnerability Assessments (Internal, External, Web Application, and Database) Penetration Testing (Internal, External, Web Application, Database, Mobile, and Wireless) Provide complex technical advice, recommendations, and consultancy on networks, products, and services supplied to our managed service customers Compiling and presenting reports on the test results. Lead the design, implementation, operation, and maintenance of security management systems. Support internal security initiatives or mentoring junior team members Role Description Requirements: Minimum 3 years experience as a security consultant or penetration tester An existing penetration testing certification, such as OSCP, OSCE, or CREST is mandatory Experience delivering at least 6 of the different types of engagements listed above Extensive knowledge and experience within the IT Security industry Knowledge of a range of consulting and security vendor solution offerings Nice-to-have: Defence Force experience is desirable Hold a current active security clearance (NV-1 or NV-2) is desirable

Project description Security is a global organization within Group Technology Infrastructure and Security Engineering. Our services focus on preventing and detecting cyber threats and securing our IT systems. We provide consolidated and reliable security services that implement secure design principles and create best-fit solutions. You will be working in the Cyber Technology service team, providing security products and services for the Cyber Hygiene space - specifically for Infrastructure Scanning and vulnerability assessment. We provide consolidated and reliable security hygiene controls to our clients using the latest technology. As a Cyber Security Engineer, you will play a vital role in creating Infrastructure Scanning and Security Remediation capabilities, determining required IT business solutions, and assisting in implementing them. We offer flexibility in the workplace and equal opportunities to all our team members. Responsibilities Sound cloud security knowledge, specialized in Azure. Hands on experience on cloud security tools like Wiz.io. Evaluate & assess vulnerabilities/ threats published on internet's cyber space and analysis the relevance to organization. Emergency vulnerability management process. Analysis Zero days, vulnerabilities exploited in the wild to safeguard organization IT landscape. Collaborate with technology, platform, and security teams to mitigate the emerging threats. Conduct assessment on security advisories and support vulnerability advisory process. Maintain & improve existing severity risk rating mechanism and provide sustainable ways for risk mitigation. Skills Must have Ideally up to eight years of hands-on experience with vulnerability scanning tools. Certifications like CEH, OSCP etc will be additional advantage. Good knowledge of CVE's, EPSS, vulnerabilities and exploits. Proven experience in vulnerability management and in depth understanding of vulnerability management lifecycle. Potentially, experience with other security processes e.g. vulnerability scanning or configuration management Prioritisation of complex technical tasks Good at communicating and documenting technical information (MS Teams, Confluence, Gitlab) Skills to collaborate & manage technology partners and other security counterparts. Technical communication and documentation skills Nice to have N/A Other Languages EnglishC1 Advanced Seniority Senior

Hi , As per response to your profile which is uploaded in Job portals. We have an excellent job openings for Application Security-Techno Manager -Mumbai Location in IT MNC If your already received email or not looking for job change/ irrelevant - please ignore it. Note: Apply for only Relevant & interested candidates.(Apply for only Immediate to 30 days joiners) Job Description: Please find the Key skills for AppSec Lead - 10-18 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. skill: Vulnerability Assessment,Manual Penetration Testing using OWASP checklists,Penetration Testing,OWASP Top 10,OWASP ZAP,Ethical Hacking,Static/dynamic testing of mobile applications,Vulnerability Mitigation, any Certificates like CISSP, CISA, CISM, CRISC. Educational criteria: B.Sc (IT/CS/Security) / B.Tech/BE in Computer Science,BCA/MCA/MS/MSC/M TECH,ME Those who have relevant experience and Skills, as mentioned above please revert back soon. It"s a kind request, Please provide the below mentioned details in Ur CV/mail before u send it to us. Total Exp: Relevant Exp:- Current Company: Current CTC: Expected CTC: Current Location: Preferred location: Mumbai Only Notice Period: Apply only for Immediate to 30 days NP. DOB: Degree: Many Thanks Regards Sreenivas Sreenivasa.k@happiestminds.com

Sound cloud security knowledge, specialized in Azure. Hands on experience on cloud security tools like Wiz.io. Evaluate & assess vulnerabilities/ threats published on internets cyber space and analysis the relevance to organization. Emergency vulnerability management process. Analysis Zero days, vulnerabilities exploited in the wild to safeguard organization IT landscape. Collaborate with technology, platform, and security teams to mitigate the emerging threats. Conduct assessment on security advisories and support vulnerability advisory process. Maintain & improve existing severity risk rating mechanism and provide sustainable ways for risk mitigation. Skills Must have Ideally up to eight years of hands-on experience with vulnerability scanning tools. Certifications like CEH, OSCP etc will be additional advantage. Good knowledge of CVEs, EPSS, vulnerabilities and exploits. Proven experience in vulnerability management and in depth understanding of vulnerability management lifecycle. Potentially, experience with other security processes e.g. vulnerability scanning or configuration management Prioritisation of complex technical tasks Good at communicating and documenting technical information (MS Teams, Confluence, Gitlab) Skills to collaborate & manage technology partners and other security counterparts. Technical communication and documentation skills Nice to have N/A Other Languages English: C1 Advanced Seniority Senior Refer a Friend Positive work environments and stellar reputations attract and retain top talent. Find out why Luxoft stands apart from the rest. Recommend a friend Related jobs View all vacancies Pune, India Req. VR-114914 Cybersecurity BCM Industry 06/06/2025 Req. VR-114914 Apply for Cyber Security Systems Engineer in Pune *

We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure you re set up for success, you will bring the following skillset & experience: 5+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

Job Description As a TS Security Engineer specializing in Network equipment, your primary responsibility will be to ensure the security of the organization's Network Equipment In this role, you will be responsible for designing and implementing security testing frameworks and carrying out thorough security assessments to identify vulnerabilities and weaknesses in the Network Equipment architecture. Your expertise in network security protocols, firewalls, intrusion detection systems, and other security tools will be instrumental in ensuring the integrity, confidentiality, and availability of the Network devices. Additionally, you will be required to work collaboratively with cross-functional teams to develop and implement security policies and procedures that align with industry best practices and regulatory requirements. Responsibilities Create a test plan for the network equipment as per ITSAR standards . Conduct security assessments and penetration tests on various IP Router and Wi-Fi CPE devices. Identify and analyze vulnerabilities, misconfigurations, and weaknesses in ITSAR IP Router and Wi-Fi CPE. Develop and execute test plans, methodologies, and tools to assess the security of IP Router and Wi-Fi CPE. Collaborate with network architects, engineers, and developers to design and implement secure IP Routers and Wi-Fi CPE and configurations. Provide recommendations and remediation strategies to address identified security issues and improve the overall security posture of Network Equipment. Stay up to date with emerging threats, vulnerabilities, and security best practices related to IP Router and Wi-Fi CPE and technologies. Participate in incident response activities and security incident investigations related to network equipment security breaches or incidents. Document and communicate security findings, assessment results, and recommendations to stakeholders and management. Contribute to the development and enhancement of security policies, standards, and procedures specific to 5G network security. Qualifications Test plan and testing experience in a broad range of network security protocols both IPV4/IPV6. knowledge of Network Defense, Proxy, Firewalls, and Authentication Servers (LDAP, RADIUS, Local Auth, etc.,) Hands-on Security protocols - Captive Portal, Port Security, VPNs, IPSEC, DOT1x, Web Auth, and EAP Methods. Penetration tests and vulnerability assessments on computer systems, networks, and applications to identify potential security risks and vulnerabilities. Knowledge of cryptographic encryption algorithms, key exchange algorithms, hashing/message authentication algorithms, PKI, random number generators, TCP/IP, SSH, HTTPS, SSL/TLS, IKE, etc. Tools experience is desirable, exposure to any or all these tools IXIA, Wireshark, Burp Suit, Hydra, Fuzzers, Nmap, Nessus, etc. Experience building testing environments, performing testing, and reporting results (technical writing). Excellent written/oral communication skills and strong analytical and problem-solving skills. Additional Qualifications would be a plus: Knowledge of OpenSSL, OpenSSH and/or OpenPGP. Vulnerability Analysis and/or penetration testing experience/expertise. Knowledge of various programming languages (C, C++, Python & Scapy) and development environments. Security Certification is a CCNA/CCNP and CEH along with VPAT knowledge Knowledge of OWASP TOP 10 and CWE Top 25 is additional good to have along with X.509/Digital certificates and their attributes as well as protocols such as CRL and OCSP. Self-motivated individual with the ability to collaborate and work in a high-performing team with an eagerness to learn.

Here's an updated version of the job description, incorporating your specified details: Staff Product Security Engineer (Embedded & IoT) Work Flexibility: Hybrid Work Mode: Hybrid Location: Bengaluru Work Flexibility Definitions: Remote Role allows you to work the majority to 100% of time from an alternate workplace. These roles could have travel expectations, and you must work within the country of the job requisition location. Field-based – You can expect to regularly work a majority to 100% of time at customer facilities and has a set territory or expectation to travel within a set boundary. Almost all sales roles would likely be qualified as field-based. Onsite – Role is 100% located at a company facility. Some ad hoc flexibility may be available depending on role, level, and job requirements. Manufacturing roles and any role that requires physical presence at the office would qualify under this category. Hybrid – You can expect to regularly work in both an alternate workplace and a company facility. Roles that are partially remote or co-located would qualify as hybrid, and the expectation to be on site would be defined and agreed upon by your manager/supervisor. What you will do: Provide technical leadership and guidance to a team of Web, Embedded, and IoT Security engineers. Execute and oversee Penetration Testing and Vulnerability Assessment activities for Embedded Systems and IoT devices. Leverage DevSecOps to embed security testing ( SAST, DAST, Host Scanning, ATO Scanning, SBOM Generation ) into all phases of the Software Development Life Cycle (SDLC). Develop/review technical documentation (procedures/work instructions/guidance documents) for technical services. Develop and maintain comprehensive test plans, methodologies, and tools for security testing. Conduct in-depth analysis of security vulnerabilities and propose mitigation strategies. Collaborate with cross-functional teams to design and implement secure Embedded and IoT solutions. Lead the Software Bill of Materials (SBOM) Management program , ensuring accurate identification and documentation of software components and dependencies. Drive continuous improvement initiatives related to Embedded and IoT security, testing, and vulnerability management. What you need: Required Qualifications: Bachelor's or Master’s in Computer Science Engineering or a related field. 4 to 10 years of experience in product security, with a strong focus on embedded systems and IoT . Experience with threat modeling, risk assessment , and security architecture reviews for Embedded Systems and IoT solutions. Proficiency in C, C++, and Python programming languages. Familiarity with relevant security standards and frameworks such as OWASP, NIST Cybersecurity Framework , and ISO 27001 . Solid understanding of software development lifecycles and methodologies, particularly in the Embedded Systems and IoT context. Preferred Qualifications: Proficiency in using security testing tools such as Burp Suite, Wireshark, Nessus, and Metasploit , and experience applying DevSecOps principles. Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby, or Python. Understanding of Cloud-based environments like Azure and AWS . At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams. Additional Details: Travel Percentage: 10% Mode of Interview: Face-to-Face

As an Application Security Specialist,youll play a vital role in building secure systems from the ground up. Workingclosely with engineering, compliance, and DevOps teams, you will ensure ourapplications meet rigorous security and regulatory standards across globaljurisdictions. Your Impact on the Mission: Integrate security into the Software Development Lifecycle (SDLC) , embedding security controls at every phase. Conduct threat modeling , secure code reviews , and penetration testing for internal and third-party applications. Collaborate with development teams to address security issues across CI/CD pipelines (DevSecOps). Manage and mitigate application-level risks in line with security frameworks and regulatory requirements. Support compliance efforts for GDPR , NIS2 , PCI-DSS , and DORA by applying security controls and maintaining evidence. Drive secure practices in the software supply chain , improving defenses against attacks like those seen in SolarWinds. Business Impact Reduces application security vulnerabilities across internal and customer-facing systems. Helps ensure Noventiqs compliance with global cybersecurity regulations. Lowers production defects and remediation costs through early detection. Strengthens resilience ofcloud-native and third-party platforms. What Youll Bring to The Table About You: 5 years in Application Security, including secure development, testing, and DevSecOps. Solid understanding of OWASP Top 10 , SAST/DAST , threat modeling , and common attack vectors. Familiarity with CI/CD environments (e.g., GitLab, GitHub Actions, Azure DevOps). Hands-on experience with tools such as Burp Suite , OWASP ZAP , SonarQube , Checkmarx , or similar. Preferred Certifications Industry-recognized certifications are a plus, including: OSCP , GWAPT, CISSP, or CSSLP Bonus for Azure Security Engineer (AZ-500) or Certified DevSecOps Professional Frameworks Compliance Working knowledge of: OWASP , CIS Controls v8, ISO/IEC 27001 GDPR , NIS2 Directive, PCI-DSS, DORA Regulation

Role Overview We are seeking a highly capable and visionary Technical Manager Cybersecurity Solutions to lead the planning, execution, and delivery of advanced security programs across our enterprise. This role demands deep technical expertise, strategic thinking, and the ability to lead cross-functional teams to secure complex IT environments. Key Responsibilities Drive the design, implementation, and lifecycle management of advanced cybersecurity tools and platforms. Lead end-to-end delivery for key technologies including: Data Discovery & Classification File Upload Security Attack Surface Management (ASM) Breach and Attack Simulation (BAS) and Red Teaming Decoy/Honeypot Solutions Secure Data Backup & Ransomware Protection Oversee the deployment and optimization of Phishing Simulation, MDM, AD Security, and NAC. Provide technical leadership and mentorship to security engineering and L3 teams. Collaborate with GRC, IT Ops, and Risk teams to align security initiatives with compliance standards. Evaluate vendor solutions and manage third-party security integrations. Represent the security function in internal and external audits, assessments, and executive briefings. Required Skills & Experience 8+ years of experience in cybersecurity, including leadership of technical teams. Proven expertise in deploying and managing enterprise-grade security solutions (as listed above). Strong understanding of regulatory frameworks (ISO 27001, NIST, GDPR, etc.). Experience in red teaming, threat simulation, or adversary emulation is a strong plus. Exceptional communication, project management, and stakeholder engagement skills. Bachelors or Master's degree in Computer Science, Information Security, or related field. Relevant certifications (e.g., CISSP, CISM, OSCP) preferred.