868 Penetration Testing Jobs - Page 10

Design, implement, and assess cybersecurity controls across IT and OT environments. Conduct vulnerability assessments, develop secure architectures, and ensure compliance with standards Required Candidate profile Experienced in hands-on cybersecurity engineering and threat assessment with exposure to IT and OT. Strong in vulnerability scanning, architecture reviews, and cross-functional collaboration.

Information Security and Compliance Lead Experience: 6 - 10 Years Exp Salary : Competitive Preferred Notice Period : Within 60 Days Shift : 10:00AM to 6:00PM IST Opportunity Type: Hybrid (Bengaluru) Placement Type: Permanent (*Note: This is a requirement for one of Uplers' Clients) Must have skills required : Application Security, Compliance security, Security Testing OR Network Security OR security auditing OR Penetration Testing Hiver (One of Uplers' Clients) is Looking for: Information Security and Compliance Lead who is passionate about their work, eager to learn and grow, and who is committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you. Role Overview Description Opportunity: Hiver is currently seeking a dedicated Information Security and Compliance Lead to join our Information Security team. In this role, you will play a crucial part in ensuring the security and compliance of our systems and data. Your responsibilities will encompass reviewing and updating documentation, researching and evaluating security applications, assisting with web content management, and contributing to compliance monitoring and investigations. What you will be working on? Advocate security and secure practices throughout Hiver. Perform technical security assessments and infrastructure audits. You'll lead a small team of talented security engineers. Handle information security incidents and data breaches. Work with all business functions to make sure all security risks are effectively managed. Assist the Information Security team with external security audits. Perform privacy assessments as part of ISO 27001, HIPAA, GDPR, and other compliance frameworks. What are we looking for? A minimum of 6 to 10 years of professional experience in information security practices, with a strong focus on Application Security, Compliance and DevSecOps. Strong understanding of major cloud platforms (AWS, GCP) and their security offerings. Expertise in application security best practices, compliance requirements (e.g., ISO 27001, HIPAA, GDPR), and security frameworks (e.g., NIST Cybersecurity Framework). Conduct regular security assessments and vulnerability scans of cloud environments, identifying and remediating potential risks. Collaborate with stakeholders across the organization (IT, Security, DevOps, Engineering, etc.) to ensure secure cloud adoption and operations. How to apply for this opportunity: Easy 3-Step Process: 1. Click On Apply! And Register or log in on our portal 2. Upload updated Resume & Complete the Screening Form 3. Increase your chances to get shortlisted & meet the client for the Interview! About Our Client: Hiver gives teams the simplest way to deliver outstanding and personalized customer service. As a customer service solution built on Gmail, Hiver is intuitive, super easy to learn, and delightful to use. Hiver is used by thousands of teams at some of the best-known companies in the world to provide attentive, empathetic, and human service to their customers at scale. Were a top-rated product on G2 and rank very highly on customer satisfaction. At Hiver, we obsess about being world-class at everything we do. Our product is loved by our customers, our content engages a very wide audience, our customer service is one of the highest rated in the industry, and our sales team is as driven about doing right by our customers as they are by hitting their numbers. We’re profitably run and are backed by notable investors. K1 Capital led our most recent round of $27 million. Before that, we raised from Kalaari Capital, Kae Capital, and Citrix Startup Accelerator. About Uplers: Our goal is to make hiring and getting hired reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant product and engineering job opportunities and progress in their career. (Note: There are many more opportunities apart from this on the portal.) So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

An ICE IS Application Security Analyst is part of a team responsible for ensuring that ICE produces and maintains secure applications. The team member influences secure design, performs code analysis, identifies vulnerabilities through hands on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management. Core Duties IS AppSec (Application Security) Application Identification and Review Operates the Application Development Security Lifecycle from design review through automated and hands on testing. Standards and Policies Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS. Secure Design Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases. Tool Management Focuses on automation while implementing, maintaining and integrating cutting edge technologies to assess an application s security with static code analyzers (SAST), dynamic testing (DAST) tools, software composition scanners, Web Application Firewall (WAF) and bug bounty programs. Developer Education Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one on one education, Intranet blogs and other opportunities. Desirable Knowledge and Experience Software engineering experience in Java, C++, .NET and/or related languages Expert at deploying, configuring, and using SAST, DAST, and Software Composition in large environments Experience designing solutions to integrate transparently with the CI/CD pipeline Familiar with application development in large cloud environments University degree in Computer Science, Engineering, MIS, CIS, or related discipline Analyst, Engineer, and Sr. Engineer Distinction Seniority is determined by experience and demonstration of exceptional competencies including: Documenting and effectively publishing technology guidance and repeatable processes Mentoring peers in groups and individually Improving processes and introducing superior technology Taking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices

Security Engineer - IT Services and Software Development company We are looking for a Security Engineer with 1 to 2 years of experience to help protect and secure our IT infrastructure. The role involves monitoring systems, conducting vulnerability assessments, and responding to security incidents. Key Responsibilities Monitor and respond to security threats and incidents. Perform vulnerability assessments and implement security best practices. Manage security tools (e.g., firewalls, SIEM, antivirus). Assist in system hardening and patch management. Help develop and enforce security policies. Collaborate with IT teams on security initiatives. Requirements Bachelor s degree in Computer Science, Information Security, or related field. 1 to 2 years of experience in cybersecurity or related roles. Knowledge of firewalls, VPN, encryption, and security tools. Familiarity with cloud security (AWS, Azure, GCP) and web application security is a plus Basic experience with vulnerability scanning and penetration testing. Strong problem-solving and communication skills. Good communication and collaboration skills. Security certifications (e.g., CompTIA Security+, CEH) are a plus.

Job Title: Associate Engineer Experience: 2 to 3 years Location: Mumbai ( work from office) Security Testing Skilled Mobile Application Security Tester to join our cybersecurity team. The ideal candidate will be responsible for identifying vulnerabilities in mobile applications and ensuring that our products meet the highest security standards. You will work closely with development teams to implement security measures and enhance application security. Key Responsibilities: Conduct security assessments of mobile applications on iOS and Android platforms. Perform penetration testing to identify security vulnerabilities and risks. Analyze application architecture, design, and code for security weaknesses. Develop and execute test plans, test cases, and test scripts for mobile applications. Collaborate with development teams to remediate security vulnerabilities. Stay updated on the latest security threats, vulnerabilities, and industry trends. Provide detailed reports on findings, including risk assessments and remediation recommendations. Assist in the development of secure coding practices and security guidelines for mobile applications. Conduct security training and awareness sessions for development teams. Qualifications: Bachelor s degree in computer science, Information Security, or related field. Proven experience in mobile application security testing ( 0-2 years preferred ). Strong knowledge of mobile application architectures, security frameworks, and best practices. Familiarity with security testing tools such as OWASP ZAP, Burp Suite, and mobile specific tools (e.g., MobSF). Understanding of common vulnerabilities (OWASP Mobile Top 10) and secure coding practices. Experience with static and dynamic application security testing (SAST/DAST). Relevant security certifications Skills: Strong analytical and problem-solving skills. Excellent communication and collaboration abilities. Attention to detail and a proactive approach to security. Ability to work independently and manage multiple tasks effectively #Eviden

We are a fast-growing, category-leading organization with ambitious objectives and a positive, inclusive culture. Were looking for passionate professionals who want to grow their talents and achieve great things. If that sounds like you, we want to talk to you about joining our team. The Security Operations team is responsible for accelerating the delivery and improving the operations and security of our cloud-based software. The Role We are looking for an experienced application security engineer to join us as we build and improve our security posture. What will you do? Own and improve the security monitoring, detection and response infrastructure supporting our SaaS platform. Ensure that security infrastructure is appropriately designed, configured, and operated. Work with development teams to build and improve automated security scans in their delivery pipelines. Work with our engineering, compliance and solution engineering teams to gather security evidence and help maintain Flexera s certifications. Work with internal and external collaborators to run Flexera s penetration testing program Work with our compliance team to codify and automate our compliance processes. You should have. Experience designing and building security infrastructure services in AWS Cloud and/or Azure Cloud. Proficiency in one or more programming languages out of Golang, Nodejs, Python or Java Proficiency with one or more scripting languages Proficiency with Linux based operating systems like CentOS, RHEL, Ubuntu, Debian, Amazon Linux Knowledge of secure coding practices Familiarity with security framweworks and standards like the OWASP Top 10 and ISO27001 Deep understanding of web application architecture Proficiency with Security Tools and Technologies in the field of SAST, SCA, DAST and Penetration Testing Skills articulating security requirements to technical and non-technical teams. Strong interpersonal skills; mentoring, coaching, collaborating, and team building. Familiarity with DevSecOps, and agile concepts. Nice if you have Experience with securing container-based systems and delivery pipelines. Kubernetes knowledge esp. EKS and AKS FedRamp experience.

Key Responsibilities: Conduct red team exercises to simulate sophisticated, real-world attacks and evaluate the effectiveness of security controls. Perform targeted penetration tests and vulnerability assessments to uncover and exploit security weaknesses. Develop and execute complex attack scenarios to challenge the organizations defenses. Collaborate with defensive security teams to remediate identified vulnerabilities and enhance security measures. Utilize and integrate advanced offensive security tools, such as Metasploit, Burp Suite, and Kali Linux, into the red team testing framework. Provide expert analysis and interpretation of red team tools and their results. Create and maintain detailed documentation related to red team activities, including test plans, attack scenarios, and incident response procedures. Contribute to the development and delivery of specialized security training and awareness programs focused on red team techniques. Ensure design and implementation of security controls and best practices from a red team perspective. Support the Offensive Security Lead in developing and refining the red team program. Assist with the evaluation and implementation of new red team technologies and improvements to existing processes. Qualifications: Bachelor s degree in computer science, Information Security, or a related technical field. 4+ years of experience in offensive security, with a focus on penetration testing and red teaming. In-depth understanding of encryption technologies, authentication protocols, and other security mechanisms. Preferred Skills: Relevant security certifications (e.g., OSCP, OSCE, CEH, GPEN). Key Responsibilities: Conduct red team exercises to simulate sophisticated, real-world attacks and evaluate the effectiveness of security controls. Perform targeted penetration tests and vulnerability assessments to uncover and exploit security weaknesses. Develop and execute complex attack scenarios to challenge the organizations defenses. Collaborate with defensive security teams to remediate identified vulnerabilities and enhance security measures. Utilize and integrate advanced offensive security tools, such as Metasploit, Burp Suite, and Kali Linux, into the red team testing framework. Provide expert analysis and interpretation of red team tools and their results. Create and maintain detailed documentation related to red team activities, including test plans, attack scenarios, and incident response procedures. Contribute to the development and delivery of specialized security training and awareness programs focused on red team techniques. Ensure design and implementation of security controls and best practices from a red team perspective. Support the Offensive Security Lead in developing and refining the red team program. Assist with the evaluation and implementation of new red team technologies and improvements to existing processes. Qualifications: Bachelor s degree in computer science, Information Security, or a related technical field. 4+ years of experience in offensive security, with a focus on penetration testing and red teaming. In-depth understanding of encryption technologies, authentication protocols, and other security mechanisms. Preferred Skills: Relevant security certifications (e.g., OSCP, OSCE, CEH, GPEN).

Job Title : Cybersecurity Expert - Product, Platform & Solution Security Role Summary The Cybersecurity Expert plays a critical role in protecting the integrity, availability, and confidentiality of medical software and systems by embedding security principles throughout the development lifecycle. As part of the Cybersecurity Center of Competence, the expert collaborates cross-functionally with R&D, product teams, architects, regulatory stakeholders, and external security communities to lead threat analysis, ensure secure design, validate vulnerabilities, and shape the security posture of products and platforms. This role is both technical and consultative, requiring deep knowledge of secure engineering practices, standards, and incident response. Key Responsibilities 1. Security Consulting & Risk Mitigation Provide security consultation to product teams to eliminate or mitigate weaknesses in line with industry standards (e.g., IEC 62443, NIST, ISO 27001). Participate in design and architecture discussions to ensure alignment with secure design principles. Guide software architects in integrating cyber security requirements into product and solution design. 2. Vulnerability & Threat Management Perform threat modeling, risk analysis, and attack surface assessments. Analyze vulnerabilities (internal or third-party), validate remediation measures, and guide patching strategies. Perform security incident investigations and provide forensics support when required. Stay updated on new vulnerabilities, threat vectors, and exploits apply findings to continuously improve product security. 3. Security Engineering & Tooling Design or extend tools, scripts, or automation frameworks for vulnerability scanning and penetration testing. Perform or oversee activities such as: Fuzz testing Reverse engineering Code analysis (static/dynamic) Secure software supply chain checks Contribute to the integration of automated security tooling into CI/CD pipelines. 4. Secure Development Lifecycle Support Lead or support security activities throughout the Secure Software Development Lifecycle (SDLC). Participate in or lead security gate reviews, release readiness assessments, and milestone reviews. Create and maintain secure coding and design guidelines for developers. Conduct or support internal security audits and regulatory submissions. 5. Community Development & Training Conduct security awareness sessions and technical training for R&D teams. Develop reusable security patterns, checklists, and guidance material. Collaborate with Cybersecurity Officers, Product Owners, and Architects to ensure cohesive security implementation across programs. Contribute to internal and external knowledge sharing, security forums, and standardization groups. Required Qualifications & Skills Education and Experience : Bachelor s/Master s degree in Computer Science, Cybersecurity, or a related field. 5-8 years of experience in IT/software development, with 3+ years focused on cybersecurity. Technical Expertise Strong foundation in: Secure architecture and design Threat modeling / Security risk analysis Static and dynamic code analysis Fuzz testing / Penetration testing Security tooling and automation (e.g., SonarQube, Burp Suite, Fortify, Checkmarx) Operating systems and networking fundamentals DevSecOps pipeline and CI/CD integration basics Working knowledge of: HIPAA, HITECH, FDA Pre/Postmarket Cybersecurity Guidance (for medical devices) Regulatory standards: IEC 62443, ISO 27001, NIST SP 800-53/82/218, CLSI AUTO11-Ax, IEC 80001 Certifications (Preferred) CISSP - Certified Information Systems Security Professional CSSLP - Certified Secure Software Lifecycle Professional OSCP, CEH, or similar ethical hacking certifications Collaboration & Stakeholders Internal : Cybersecurity Officers (CYSO), R&D Development & Test teams, Quality/Risk Managers, Project Managers, Product Owners, Architects External : Standardization bodies, security tool vendors, customer security teams, and external cybersecurity communities Work Style and Engagemen t Must be able to support multiple concurrent projects. Requires proactive leadership and strong communication with cross-functional teams. Expected to contribute regularly to internal security initiatives, CoPs (Communities of Practice), and lessons learned.

What awaits you/ Job Profile This role focuses on enhancing and monitoring cybersecurity measures within the software development lifecycle. The analyst creates security-related documentation, performs conformity checks, identifies IT risks, and ensures compliance with industry standards and best practices. What should you bring along Create cyber security related artefacts, such as IT risk reports, conformity checks and cyber threat modeling (OWASP) Monitor the software development process, performing configuration management, identifying safety, performance, and compliance issues Identify potential IT risks, including cybersecurity threats, system vulnerabilities, and compliance gaps Analyze the potential impact of these risks on the business and its customers and assess the likelihood and severity of risks Ensure IT systems and processes comply with relevant regulations and organizational policies Stay informed about changes in regulations and industry best practices Conduct risk assessments and audits Provide training and awareness programs on IT risk management Support IT projects and initiatives related to risk management Must have skill Strong understanding of IT compliance requirements and security principles, Cyber threat modeling (OWASP) Proficiency in risk evaluation and documentation. Ability to implement security monitoring solutions and respond to security incidents effectively. Experience in conducting vulnerability assessments and penetration testing for cloud applications. Understanding of integrating security into DevOps practices to ensure secure application development and deployment.

Our Offensive Security professionals are on a mission to make the world a safer place, one company at a time. We believe that our work to help our clients discover and remediate their unique security risks makes every one of us safer. Our clients trust us to use cutting-edge offensive security tools, creativity, imagination, and expert knowledge to find cybersecurity risks in their networks, systems, and software.. We're looking to grow our team of penetration testers in India. We perform testing of web and smartphone applications, computer networks, cloud infrastructure, hardware devices, employees via social engineering, organizations via red team testing, and more.. As a Senior Consultant, you will report to a Principal Consultant in India. You will lead teams of consultants on cybersecurity projects for clients, large and small, across North America, EMEA, and APAC. You will be the technical leader of our engagements to our clients, scope solutions to their cybersecurity challenges, and act as their security subject matter expert and ours. You will mentor our Associate Consultants and Consultants during our engagements and act as a role model for their careers. You will think strategically and socialize your ideas to help us better ourselves.. Below are the roles and responsibilities for the Senior Consultant, Offensive Security role based in India:. Day to day responsibilities. Lead and deliver offensive security engagements such as web, mobile, API, and network penetration tests as an expert in the eyes of the client and your teammates. Solution and scope engagements for our clients, including penetration tests, cloud security projects, and more. Lead the technical delivery of our engagements by defining the execution strategy, delegating tasks to junior members of the team, evaluating their progress, and providing feedback. Execute internal strategic initiatives to help our practice grow, adapt, and evolve. Essential Traits. 6+ years in cybersecurity, with 3+ years in penetration testing, application security, or red teaming. Expert knowledge of application security, cloud security, infrastructure security, and other offensive or defensive security domains. A high degree of contextual and technological adaptability (i.e., tooland industry-agnostic). Generosity with your knowledge and patience with your apprentices. Excellent oral and written communication skills. A proven ability to lead and deliver cybersecurity engagements. Prerequisites. Bachelor’s degree or college diploma in information security, computer science or engineering, software engineering, or IT/System/Network administration. Excellent oral and written communication skills. Experience working both as part of a team and independently. About Kroll. Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll.. Kroll is committed to equal opportunity and diversity, and recruits people based on merit.. In order to be considered for a position, you must formally apply via careers.kroll.com. Show more Show less

Are you a Product Security Analyst expert looking for a challenging opportunity?. Join our Product Security team.. We operate at the heart of the digital transformation of our business. Our team is responsible for Product Security including application security for our global organization.. Partner with the best.. We are looking for a Lead Product Security Analyst, with a focus in Product Security. In this role, you will work in a team and demonstrate working knowledge of systems and products and how they are secured in customers' businesses.. As a Senior Lead Product Security Engineer, you will be responsible for:. Building and executing engineering processes for early detection of design flaws, vulnerabilities, weaknesses, missing security controls, and secure implementation of product features.. Applying existing technologies, approaches, methodologies in new combinations to design new products, systems, or processes. Viewed internally and externally as a specialist in the discipline.. Presenting plans, technical roadmaps, ri Senior Lead Product Security Engineer Are you a Product Security Analyst expert looking for a challenging opportunity?. Join our Product Security team.. We operate at the heart of the digital transformation of our business. Our team is responsible for Product Security including application security for our global organization.. Partner with the best.. We are looking for a Lead Product Security Analyst, with a focus in Product Security. In this role, you will work in a team and demonstrate working knowledge of systems and products and how they are secured in customers' businesses.. As a Senior Lead Product Security Engineer, you will be responsible for:. Building and executing engineering processes for early detection of design flaws, vulnerabilities, weaknesses, missing security controls, and secure implementation of product features.. Applying existing technologies, approaches, methodologies in new combinations to design new products, systems, or processes. Viewed internally and externally as a specialist in the discipline.. Presenting plans, technical roadmaps, risks and recommendations to senior business and technical leaders. Lead programs related to Product Security Incident Response, Product Inventory, etc. Driving awareness, engagement, and improvements of Product Security metrics with business leaders. Demonstrating working knowledge of systems and products and how they are secured in a customer environment.. Implementing tools to automate and scale security processes.. Providing security leadership to the business segment product security teams. Experiencing with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance. Familiarity with cyber regulations (EU NIS2, CRA, etc). Fuel your passion. To be successful in this role you will:. Have a bachelor’s degree in computer science or “STEM” Majors (Science, Technology, Engineering, and Math).. Have a minimum of 10 years of professional experience in a STEM-related degree preferably with a Product Security / OT Security focus.. Have project management experience, and expertise with Agile development teams.. Have prior work experience with various development tools including threat modelling, vulnerability technologies, application security, and secure coding principles.. Have experience with penetration testing and ethical hacking.. Have experience securing applications within cloud platforms such as AWS, Azure, and alike.. Have experience with a broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment.. Working with us. Our people are at the heart of what we do at Baker Hughes. We know we are better when all our people are developed, engaged and able to bring their whole authentic selves to work. We invest in the health and well-being of our workforce, train and reward talent and develop leaders at all levels to bring out the best in each other.. Working for you. Our inventions have revolutionized energy for over a century. But to keep going forward tomorrow, we know we must push the boundaries today. We prioritize rewarding those who embrace change with a package that reflects how much we value their input. Join us, and you can expect:. Contemporary work-life balance policies and wellbeing activities. Comprehensive private medical care options. Safety net of life insurance and disability programs. Tailored financial programs.. Additional elected or voluntary benefits. About Us:. We are an energy technology company that provides solutions to energy and industrial customers worldwide. Built on a century of experience and conducting business in over 120 countries, our innovative technologies and services are taking energy forward – making it safer, cleaner and more efficient for people and the planet.. Join Us:. Are you seeking an opportunity to make a real difference in a company that values innovation and progress? Join us and become part of a team of people who will challenge and inspire you! Let’s come together and take energy forward.. Baker Hughes Company is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.. R136394. Show more Show less

Our Offensive Security professionals are on a mission to make the world a safer place, one company at a time. We believe that our work to help our clients discover and remediate their unique security risks makes every one of us safer. Our clients trust us to use cutting-edge offensive security tools, creativity, imagination, and expert knowledge to find cybersecurity risks in their networks, systems, and software.. We're looking to grow our team of penetration testers in India. We perform testing of web and smartphone applications, computer networks, cloud infrastructure, hardware devices, employees via social engineering, organizations via red team testing, and more.. As a Senior Consultant, you will report to a Principal Consultant in India. You will lead teams of consultants on cybersecurity projects for clients, large and small, across North America, EMEA, and APAC. You will be the technical leader of our engagements to our clients, scope solutions to their cybersecurity challenges, and act as their security subject matter expert and ours. You will mentor our Associate Consultants and Consultants during our engagements and act as a role model for their careers. You will think strategically and socialize your ideas to help us better ourselves.. Below are the roles and responsibilities for the Senior Consultant, Offensive Security role based in India:. Day to day responsibilities. Lead and deliver offensive security engagements such as web, mobile, API, and network penetration tests as an expert in the eyes of the client and your teammates. Solution and scope engagements for our clients, including penetration tests, cloud security projects, and more. Lead the technical delivery of our engagements by defining the execution strategy, delegating tasks to junior members of the team, evaluating their progress, and providing feedback. Execute internal strategic initiatives to help our practice grow, adapt, and evolve. Essential Traits. 6+ years in cybersecurity, with 3+ years in penetration testing, application security, or red teaming. Expert knowledge of application security, cloud security, infrastructure security, and other offensive or defensive security domains. A high degree of contextual and technological adaptability (i.e., tooland industry-agnostic). Generosity with your knowledge and patience with your apprentices. Excellent oral and written communication skills. A proven ability to lead and deliver cybersecurity engagements. Prerequisites. Bachelor’s degree or college diploma in information security, computer science or engineering, software engineering, or IT/System/Network administration. Excellent oral and written communication skills. Experience working both as part of a team and independently. About Kroll. Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll.. Kroll is committed to equal opportunity and diversity, and recruits people based on merit.. In order to be considered for a position, you must formally apply via careers.kroll.com. Show more Show less

Senior Security Consultant (Secure Code Review + Web Application Penetration Testing). NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at?www.netspi.com/careers.. NetSPI is seeking a Senior Security Consultant who will serve as a resource for delivery of secure code review and web application penetration assessment. This position requires an understanding of various web technologies, enterprise secure development and risk management. In addition, it requires experience with application security assessments/testing, as well as demonstrated competencies in problem solving, client service, written/verbal communication, and project execution.. Responsibilities. Conduct in-depth penetration testing and secure code review assessments on web applications. Dynamically exploit vulnerabilities found in codebase and correlate insecure coding practices into dynamic application vulnerabilities. Deliver secure code review assessment on programming languages such as Java, C#, Python, C/C++, Perl, PHP. Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques. Train and assist developers in writing secure software and remediating existing vulnerabilities. Provide oversight to peers on service lines through QA process. Mentor and assist team members in effectively delivering assessments and enhancing skillsets. Present detailed penetration test findings to clients and assist in remediation planning. Engage in research to develop new penetration testing methods, tools, and innovative exploit techniques. Contribute to the cybersecurity community through tools, presentations, white papers, and blogging. Maintain consistency with other internal requirements related to day-to-day administration tasks (time keeping, status updates to clients, etc.). Minimum Qualifications. Minimum of 3-5 years of experience in application security including both secure code review and web application penetration testing. Exceptional familiarity in all Burp Suite functions. Published Burp extensions and ability to create new Burp Suite extensions preferred. Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code. Ability to explain risk and business impact of security vulnerabilities to variety of audience. Bachelor’s degree or higher, preferably in Computer Science, Engineering, Mathematics, IT, or a related field; equivalent experience will also be considered.. Preferred Qualifications. Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities using SAST and/or manual secure code review in at least two of the following languages: Java, C#, PHP, Python, C/C++. Experience in software development in at least one server-side programming language. We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.. Show more Show less

Our Offensive Security professionals are on a mission to make the world a safer place, one company at a time. We believe that our work to help our clients discover and remediate their unique security risks makes every one of us safer. Our clients trust us to use cutting-edge offensive security tools, creativity, imagination, and expert knowledge to find cybersecurity risks in their networks, systems, and software.. We're looking to grow our team of penetration testers in India. We perform testing of web and smartphone applications, computer networks, cloud infrastructure, hardware devices, employees via social engineering, organizations via red team testing, and more.. As a Senior Consultant, you will report to a Principal Consultant in India. You will lead teams of consultants on cybersecurity projects for clients, large and small, across North America, EMEA, and APAC. You will be the technical leader of our engagements to our clients, scope solutions to their cybersecurity challenges, and act as their security subject matter expert and ours. You will mentor our Associate Consultants and Consultants during our engagements and act as a role model for their careers. You will think strategically and socialize your ideas to help us better ourselves.. Below are the roles and responsibilities for the Senior Consultant, Offensive Security role based in India:. Day to day responsibilities. Lead and deliver offensive security engagements such as web, mobile, API, and network penetration tests as an expert in the eyes of the client and your teammates. Solution and scope engagements for our clients, including penetration tests, cloud security projects, and more. Lead the technical delivery of our engagements by defining the execution strategy, delegating tasks to junior members of the team, evaluating their progress, and providing feedback. Execute internal strategic initiatives to help our practice grow, adapt, and evolve. Essential Traits. 6+ years in cybersecurity, with 3+ years in penetration testing, application security, or red teaming. Expert knowledge of application security, cloud security, infrastructure security, and other offensive or defensive security domains. A high degree of contextual and technological adaptability (i.e., tooland industry-agnostic). Generosity with your knowledge and patience with your apprentices. Excellent oral and written communication skills. A proven ability to lead and deliver cybersecurity engagements. Prerequisites. Bachelor’s degree or college diploma in information security, computer science or engineering, software engineering, or IT/System/Network administration. Excellent oral and written communication skills. Experience working both as part of a team and independently. About Kroll. Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll.. Kroll is committed to equal opportunity and diversity, and recruits people based on merit.. In order to be considered for a position, you must formally apply via careers.kroll.com. Show more Show less

Our Offensive Security professionals are on a mission to make the world a safer place, one company at a time. We believe that our work to help our clients discover and remediate their unique security risks makes every one of us safer. Our clients trust us to use cutting-edge offensive security tools, creativity, imagination, and expert knowledge to find cybersecurity risks in their networks, systems, and software.. We're looking to grow our team of penetration testers in India. We perform testing of web and smartphone applications, computer networks, cloud infrastructure, hardware devices, employees via social engineering, organizations via red team testing, and more.. As a Senior Consultant, you will report to a Principal Consultant in India. You will lead teams of consultants on cybersecurity projects for clients, large and small, across North America, EMEA, and APAC. You will be the technical leader of our engagements to our clients, scope solutions to their cybersecurity challenges, and act as their security subject matter expert and ours. You will mentor our Associate Consultants and Consultants during our engagements and act as a role model for their careers. You will think strategically and socialize your ideas to help us better ourselves.. Below are the roles and responsibilities for the Senior Consultant, Offensive Security role based in India:. Day to day responsibilities. Lead and deliver offensive security engagements such as web, mobile, API, and network penetration tests as an expert in the eyes of the client and your teammates. Solution and scope engagements for our clients, including penetration tests, cloud security projects, and more. Lead the technical delivery of our engagements by defining the execution strategy, delegating tasks to junior members of the team, evaluating their progress, and providing feedback. Execute internal strategic initiatives to help our practice grow, adapt, and evolve. Essential Traits. 6+ years in cybersecurity, with 3+ years in penetration testing, application security, or red teaming. Expert knowledge of application security, cloud security, infrastructure security, and other offensive or defensive security domains. A high degree of contextual and technological adaptability (i.e., tooland industry-agnostic). Generosity with your knowledge and patience with your apprentices. Excellent oral and written communication skills. A proven ability to lead and deliver cybersecurity engagements. Prerequisites. Bachelor’s degree or college diploma in information security, computer science or engineering, software engineering, or IT/System/Network administration. Excellent oral and written communication skills. Experience working both as part of a team and independently. About Kroll. Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll.. Kroll is committed to equal opportunity and diversity, and recruits people based on merit.. In order to be considered for a position, you must formally apply via careers.kroll.com. Show more Show less

Location/s: Bengaluru. Recruiter contact: Supriya Yadavalli. Mott MacDonald is a global engineering, management, and development consultancy with over 20,000 employees across more than 50 countries and 140+ offices.. We work across incredible global industries, delivering exciting work that is defining our future and making an important societal impact in the communities we serve. Our people power our performance – we succeed when they do. With countless opportunities to collaborate, learn, and grow, the possibilities for excellence are as varied as every individual.. Whether you want to grow as a subject matter expert or broaden your experience with roles across our international community, you’re surrounded by global specialists who want to combine their expertise and champion you to be your best. As a proudly employee-owned business, we benefit our clients, our communities, and each other, investing in creating the right space for everyone to feel empowered, included, and valued. Whatever your ambition, Mott MacDonald is where people come to be brilliant.. About The?business?unit. Mott MacDonald’s support services are the driving force behind our organisation enabling us to run efficiently and effectively. The team works collaboratively to offer specialist advice, best practice and technology to all areas of our business specifically designed for our global reach.. Job Description. Working as an IT Specialist in Cyber Security you will assist and advise the IT Manager for Cyber Security regarding Risk Analysis and Remediation. Risk Analysis and Remediation Service Desk analyst you will be the first point of contact for all employees seeking to resolve IT issues. Speedy and intelligent resolution of IT incidents is the key to ensuring that Mott MacDonald can deliver on its promises to its clients.. Key Duties And Responsibilities Include. Proactively seeking out the most effective means of monitoring information security related activities, by use of existing tools, or the investigation of new tools and methods. Developing and adopting appropriate Risk Assessment methodologies to ensure we are correctly prioritizing the risks we have identified.. Assist in the monitoring and resolution of all Information Security issues as they occur, driving through forensic investigation and remediation as appropriate.. Feedback all lessons learned into Operational and/or Governance systems.. Drive and support information security related change in Operational teams. Governance. Advice on appropriate security posture (approach, risks, technical measures, awareness) from the point of view of the business (both overall and specific teams). Assist with driving cultural change in the organization by helping people understand risks and make better choices to address enterprise security weaknesses.. Communications. Responsible for working with BMS and IT teams to communicate to the business and IT on known threats and best practices for information security, as they evolve.. Operational. Advice on all requirements around information security and appropriate use of specific systems or services, both those provided by IT or as required by the business, including projects with special security requirements and setup.. Acting as a point of contact for Information Security champions within operational IT teams, advising on appropriate responses, escalation as required.. Supervise the development of and relationship with the (planned) Security Operations Centre. Help to ensure that risk is measured and understood effectively by operational teams.. Penetration testing and vulnerability assessments. Assist with prioritisation of security controls and remediation.. Architecture. Review and recommend tools and processes for managing information security around new and existing systems.. Price out solutions and advise on the best risk solution portfolio.. Identify, review and evaluate technology risk.. Input to design choices for new systems to ensure security is addressed appropriately.. Scan and provide feedback on new products and risks to inform management strategy.. Essential. Candidate Specification:. Demonstrable experience of business operations and processes in a large multinational or global organisation. In-depth understanding of the Office 365 platform and Microsoft Windows Domain environment. In-depth understanding of modern cloud and network technologies and protocols. Demonstrate appreciation for user-centred design, experience, and usability. Experience with mobile applications. Working knowledge of international data privacy, data residency, and information security requirements. Desirable. High degree of understanding of the evolving global and internal IT environments. Knowledge of all Threat areas (deliberate, accidental, internal, external). Extensive experience of the ISO 27001 Information Security Management framework. Understanding of Cyber Essential Plus and similar government security standards. Personal Attributes. Passionate about technology and learning.. Ability to balance demands and priorities and think clearly under pressure.. Attention to detail and a focus on quality.. Excellent conflict resolution, communication, and collaboration skills.. Logical and analytical approach to solving problems.. We Can Offer (subject To Company’s Policy). Agile and safe working environment. Competitive annual leave and sick leaves. Group incentive scheme. Group term life insurance, Workmen’s compensation and Group medical insurance coverage. Short and Long-term Global employment opportunities. Global collaboration and knowledge sharing. Digital Innovation and Transformation. Equality, diversity and inclusion. We put equality, diversity and inclusion at the heart of our business, seeking to promote fair employment procedures and practices to ensure equal opportunities for all. We encourage individual expression in our workplace and are committed to creating an inclusive environment where everyone feels they have the opportunity to contribute.. Agile working. At Mott MacDonald, we believe it makes business sense for you and your manager to choose how you can work most effectively to meet your client, team and personal commitments. We embrace agility, flexibility and trust.. Location(s):. Bengaluru, KA, IN. Contract Type: Permanent. Work Pattern: Full Time. Market: Various. Discipline: Information technology. Job Ref: 9069. Recruiter Contact: Supriya Yadavalli. Show more Show less

We are looking for an experienced application security engineer to join us as we build and improve our security posture. What will you do Own and improve the security monitoring, detection and response infrastructure supporting our SaaS platform. Ensure that security infrastructure is appropriately designed, configured, and operated. Work with development teams to build and improve automated security scans in their delivery pipelines. Work with our engineering, compliance and solution engineering teams to gather security evidence and help maintain Flexera s certifications. Work with internal and external collaborators to run Flexera s penetration testing program Work with our compliance team to codify and automate our compliance processes. You should have. Experience designing and building security infrastructure services in AWS Cloud and/or Azure Cloud. Proficiency in one or more programming languages out of Golang, Nodejs, Python or Java Proficiency with one or more scripting languages Proficiency with Linux based operating systems like CentOS, RHEL, Ubuntu, Debian, Amazon Linux Knowledge of secure coding practices Familiarity with security framweworks and standards like the OWASP Top 10 and ISO27001 Deep understanding of web application architecture Proficiency with Security Tools and Technologies in the field of SAST, SCA, DAST and Penetration Testing Skills articulating security requirements to technical and non-technical teams. Strong interpersonal skills; mentoring, coaching, collaborating, and team building. Familiarity with DevSecOps, and agile concepts. Nice if you have Experience with securing container-based systems and delivery pipelines. Kubernetes knowledge esp. EKS and AKS FedRamp experience.

This is a remote position. Job Title: Freelance OSCP Trainer (Offensive Security Certified Professional) Location: Remote Engagement Type: Freelance Duration: Projuct Base Experience: 10+Years About the Role: We are seeking an experienced and passionate freelance OSCP-certified trainer to deliver hands-on training in penetration testing and ethical hacking . The ideal candidate will have a strong background in offensive security and a knack for simplifying complex concepts for learners of varying skill levels. Key Responsibilities: Deliver structured training based on the PWK (Penetration Testing with Kali Linux) curriculum. Guide students through lab exercises , real-world scenarios , and exam preparation . Provide mentorship and support to learners during and after sessions. Customize training content to suit the audiences technical level. Evaluate learner progress and provide constructive feedback. Required Skills & Qualifications: OSCP Certification (mandatory). Strong command of Kali Linux , Metasploit , Burp Suite , Nmap , Wireshark , and other offensive security tools. Proficiency in Active Directory attacks , privilege escalation , buffer overflows , and post-exploitation techniques . Solid understanding of networking , Linux/Windows systems , and scripting (Python/Bash) . Prior experience in training or mentoring is highly desirable. Excellent communication and presentation skills. " , "Work_Experience6" , "Job_TypeTraining" , "Job_Opening_NameOSCP" , "Number_of_Positions1" , "State":null , "Country":null , "Keep_on_Career_Site":false}]);

Roles and Responsibilities: VAPT: Assisting with Vulnerability Assessment and Penetration Testing of: Web Applications Mobile Applications APIs Network Infrastructure 2. ISMS/GRC : Assisting with tasks related to: ISO 27001 Governance, Risk, and Compliance (GRC) activities Eligibility Requirements: Status: Currently pursuing final year of B.Tech OR B.Tech Graduate Branch: Computer Science Engineering, Information Technology, Artificial Intelligence, or Cyber Security Communication: Excellent Communication Skills (preferably from ICSE board)

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note : - Optional, experience in Source Code Assessment (SCA)/SAST, Mobile Testing Technical & Behavioral Competencies - Clear understanding of OWASP Top 10 - application security risks - Tools/OS: Burp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Inter personal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated - Team player Specific Qualifications (if required) CSSLP/CEH or equivalent certification preferred Education Level: Bachelor Degree or equivalent Experience Level At Least 3 years

Greetings from HR Central!!! We do have an Urgent Opening for One of the Leading Global Product Development Company for Sr Product Cybersecurity Engineer for Pune Location. (Working from Office) Please go through the JD below and let me know your interest to proceed with:Please share your updated CV. Role: Sr Product Cybersecurity Engineer Location: Pune Job Title: Sr. Product Cybersecurity Engineer Location: Pune, India What you will do: In this pivotal role within the Global Product Security team, you will be responsible for driving continuous improvement initiatives aligned with our cybersecurity maturity framework, ensuring proactive management of security and data privacy risks throughout the product lifecycle. You will leverage your expertise in secure software development practices to embed security and privacy by design within our product offerings. How you will do it: Provide cybersecurity guidance and expertise to product development teams and business leaders during all phases of the software development lifecycle. Architect security and privacy by design into software applications for mobile, embedded systems, and cloud environments. Drive secure SDLC activities including security requirements, architectures, threat models, and testing. Periodically assess and refine security policies, standards, and compliance metrics. Quantify product risk and identify appropriate security controls. Review product architectures for security vulnerabilities and collaborate on remediation strategies. Coordinate with third-party penetration testing teams to ensure comprehensive security assessments. Maintain awareness of current security threats and vulnerabilities impacting our products. Support incident response operations and vulnerability remediation activities. Drive security awareness and training initiatives across the organization. What we look for: Bachelor's or higher degree in Engineering, Cybersecurity, or a related technical field. 7-10 years of experience in product or application cybersecurity. Strong knowledge of secure SDLC practices, security architectures, and compliance activities. Proven experience in delivering results using agile methodologies. Solid understanding of security threats, attack vectors, and appropriate security controls. Excellent problem-solving and analytical skills. Strong communication and interpersonal skills to convey complex security concepts to diverse audiences. Familiarity with security frameworks such as NIST, ISO 27001, and GDPR. Relevant cybersecurity certifications (e.g., CISSP, CEH) are a plus. What we offer: Competitive salary and performance-based bonuses. Comprehensive benefits package including health, dental, and retirement plans. Opportunities for professional development and continuous learning. Collaborative and inclusive work environment. Candidates should have experience in the Application Security side and not Network Security. The role requires experience in software development/engineering with some cybersecurity experience. If interested, please share CV to anisha@hr-central.in or call me @ +91-95620-44988

Professional & Technical Skills: - Must To Have Skills: Proficiency in Infrastructure Penetration Testing. - Strong understanding of security testing methodologies and tools. - Solid understanding of cloud platforms, specifically Google Cloud Platform (GCP).

About the role Our support application team performs application vulnerability assessments and document vulnerabilities which were found and provides recommendations for remediation according to BFSI guidelines and industry best practices. As an Application Security Manager, you will provide guidance to the application team on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. You will work along with cross functional business teams to get closure of identified gaps and utilize escalation matrix effectively wherever necessary. You will conduct application security assessment results review and mitigation approval. You will keep abreast of new technologies to ensure that the organization remains at the forefront of security. Key Responsibilities Support and Testing Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets with security tools like BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc. Analysis Perform in-depth analysis of VAPT results, Review assessment reports to provide risk mitigation & recommendations on that basis. Collaboration Collaborate with the application team and provide them guidance on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. Qualifications & Skills Educational Qualification Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with relevant experience Certifications OSCP Compliance Knowledge of cyber security trends & hacking techniques, MITRE ATT&CK framework with hacker mindset. Network Security Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Key Technologies Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance, Knowledge of Networking concepts & Good understanding of latest Network /security technologies such as Cloud security and recent trends.

Job Title: VAPT Engineer (Bug Bounty Experience Preferred) Location: Ahmedabad, Gujarat (Only candidates from Ahmedabad will be considered) Job Description: We are seeking a passionate and skilled VAPT Engineer with a strong background in Bug Bounty programs and application security. The ideal candidate should be based in Ahmedabad and ready to contribute to our growing cybersecurity team. Key Responsibilities: Conduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, mobile apps, APIs, and networks. Identify and exploit vulnerabilities, especially business logic flaws, using manual and automated tools. Actively contribute to bug bounty programs and utilize the same methodology in internal assessments. Analyze scan results, identify false positives, and provide accurate risk ratings. Prepare comprehensive technical reports , document findings, and suggest remediation measures. Collaborate with development and infrastructure teams for patch management and fixing identified vulnerabilities. Follow and apply security standards such as OWASP Top 10 , SANS , and industry best practices . Required Candidate Profile: Education: B.Tech / B.E. / BCA / BSc in Computer Science or Information Technology. Experience: Fresh graduates or up to 1 year of hands-on experience in VAPT or Bug Bounty (professional or personal). Practical exposure to bug bounty platforms like HackerOne , Bugcrowd , or similar. Certifications: OSCP or equivalent (preferred).

As a Product Security Architect (Software, Hardware/Firmware) , you will be responsible for ensuring the security, integrity, and confidentiality of the hardware, software systems and applications developed by Luminous. You will work closely with development teams, project managers, and other stakeholders to design, implement, and maintain robust security measures and best practices throughout the software development lifecycle. Your primary objective will be to identify potential security vulnerabilities, define security requirements, and implement effective solutions to safeguard sensitive data and protect against cyber threats. Qualification/ Personal Attributes Qualification Bachelors / Master s degree in Computer Science, Information Security or similar Experience 8-10 years of experience in software & firmware security (for Web application, Mobile App in IoT domain) Proven experience as a Software & firmware Security Architect or in a similar role. In-depth knowledge of software security principles, secure coding practices, Database security and common security vulnerabilities. Drafting polices related to product security. Expertise in Cloud Security Experience in DevSecOps Experience with security testing tools and methodologies, including static code analysis, dynamic analysis, and penetration testing. Strong understanding of authentication and authorization protocols (e.g., OAuth, SAML, JWT) and encryption techniques. Familiarity with compliance standards such as OWASP, ISO 27001, NIST, and PCI DSS. Proven experience as an IoT Security Architect or a similar role with a focus on IoT security. Solid understanding of IoT architectures, protocols, and technologies. In-depth knowledge of IoT security principles, secure design patterns, and common IoT vulnerabilities. Experience with IoT security frameworks and industry standards (e.g., IoT Security Foundation, IEC 62443, NIST SP 800-53). Familiarity with IoT device security features (e.g., hardware security modules, Trusted Platform Modules). Strong understanding of network security and encryption technologies Excellent communication and collaboration skills to work effectively with cross-functional teams. Relevant certifications such as CISSP, CSSLP, or CISM are a plus. Team handling experience (with Pen tester, Security analyst & DevSecOps engineer) Skills & Attributes Problem-solving skills with a sharp analytical mind Capability to collaborate with cross functional teams/3rd parties Understanding the business side of the application An ardent researcher of market trends and technology evaluation Job Description Responsibilities 1. Security Architecture Design: Develop and design the security architecture for software applications and systems, taking into consideration various factors like scalability, performance, and usability while ensuring robust security measures. Create and maintain security policies, standards, and guidelines for the development and deployment of software applications. 2. Threat Modeling and Risk Assessment: Perform threat modeling and risk assessments for software projects to identify potential security risks and vulnerabilities. Collaborate with cross-functional teams to prioritize and address security issues based on the severity of risks. 3. Secure Coding Practices: Advise development teams on secure coding practices and conduct code reviews to identify and rectify security flaws. Promote the adoption of security-related best practices and coding standards across the development teams. 4. Security Testing: Plan and oversee security testing activities, including penetration testing, vulnerability scanning, and code analysis. Plan and oversee security testing activities for IoT devices and applications, including penetration testing and vulnerability assessments. Analyze and interpret the results of security testing and work with the development teams to address identified issues. 5. Authentication and Authorization: Design and implement strong authentication and authorization mechanisms to control access to software applications and data. Integrate industry-standard authentication and authorization protocols into the software systems. 6. Encryption and Data Protection: Ensure the appropriate use of encryption techniques to protect sensitive data at rest and in transit. Implement data protection mechanisms to safeguard the confidentiality and integrity of data. 7. Incident Response and Security Monitoring: Collaborate with the incident response team to develop incident response plans and participate in security incident handling and investigations. Implement security monitoring solutions to detect and respond to security incidents proactively. 8. Compliance and Governance: Support compliance audits and assessments related to software security. Stay up-to-date with industry security trends, regulations, and best practices to ensure compliance with relevant security standards. 9. IoT Data Security: Establish data security and privacy measures for IoT data storage, transmission, and processing. Implement encryption and data access controls to safeguard sensitive data collected by IoT devices. 10. Network Security for IoT: Design and implement secure communication protocols for IoT networks, ensuring data confidentiality and integrity. Implement network segmentation and access controls to isolate and protect critical IoT components.