870 Penetration Testing Jobs - Page 12

DLF Downtown - Gurgaon It s more than a career at NAB. It s about more meaningful work, more global opportunities and more innovation beyond boundaries . Your job is just one part of your life. When you bring your ideas, energy, and hunger for growth, you ll be recognised and rewarded for your contribution in return. You ll have our support to excel for our customers, deliver positive change for our communities and grow your career. NAB has established NAB Innovation Centre India as a centre for operations and technology excellence to support NAB deliver faster, better, and more personalized experience to customers and colleagues. At NAB India, we re ramping-up and growing at a very fast pace. Our passionate leaders recruit and develop high performing people, empowering them to deliver exceptional outcomes to make a positive difference in the lives of our customers and our communities. YOUR NEW ROLE Build and manage the Bank s 24/7 Cyber Response function based in NAB India, including daily operations, shift rosters, escalation, quality, reporting, supplier management, etc. Technically direct and lead the response to major incidents. Drive on-going uplift in Cyber Response capability, methodology and tradecraft Manage and report on operational performance and meet KPIs and stretch targets Work with stakeholders to improve BAU security posture and defence against current & emerging threats Work closely with other related teams including Cyber Threat Intelligence, Red Team, Vulnerability Management and Application Security and other related activities as required by Management. WHAT YOU WILL BRING 12+ years of experience in Security Domain At least 5+ experience in managing and leading a global security operation centre.Prior experience of 5+ years in handling a team of at least 10 people incident response methodologies and techniques Detection and mitigation strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration common cloud platforms/technologies, such as Azure, AWS and Google cloud Common enterprise technologies, such as Windows, Linux, Active Directory, DNS, DHCP, web proxies, SMTP, TCP/IP, AWS, Azure operational usage of common analysis and response tooling Performing penetration testing, including network, infrastructure and application exploitation and exploit development NIST framework,MITRE ATT&CK, Lockheed Martin Cyber Kill Chain or similar methodologies. Qualification Requirements Tertiary qualifications preferably in technology and cyber-security subjects

Job Title: SOC Analyst Work Type: Permanent Location: DLF Downtown - Gurgaon It s more than a career at NAB. It s about more meaningful work, more global opportunities and more innovation beyond boundaries . Your job is just one part of your life. When you bring your ideas, energy, and hunger for growth, you ll be recognised and rewarded for your contribution in return. You ll have our support to excel for our customers, deliver positive change for our communities and grow your career. NAB has established NAB Innovation Centre India as a centre for operations and technology excellence to support NAB deliver faster, better, and more personalized experience to customers and colleagues. At NAB India, we re ramping-up and growing at a very fast pace. Our passionate leaders recruit and develop high performing people, empowering them to deliver exceptional outcomes to make a positive difference in the lives of our customers and our communities. Your New Role: Respond to cyber-security threats, vulnerabilities, events and incidents Perform incident response investigations to resolution Support the team in meeting operational metrics and requirements Identify tactical detection/mitigation strategies across the environment Continuously contribute to the operational efficiency and maturity of the team, processes, detection use cases and response playbooks Maintain an up-to-date knowledge of cyber threats Research, new techniques, new tooling/development Contribute to continuous learning and knowledge sharing within the team Work in a business hours + rostered on-call environment As required, support internal stakeholders and projects Act as technical contributor during major security incidents Work with Threat Intelligence, Detection and Automation teams to prioritise and develop detection capability Work with the Red Team to actively test and validate detection/response capabilities Work in a business hours, non business hours, weekend shifts + rostered on-call environment Other related activities as required by Management or CSOC Leads What will you Bring 5+ years of experience in a SOC, Offensive Security, intelligence, detection, hunting and/or SOAR role Incident response methodologies and techniques Detection and mitigation strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration Common enterprise technologies, such as Windows, Linux, Active Directory, DNS, DHCP, web proxies, SMTP, TCP/IP, AWS and Azure Malware analysis and reverse engineering, including dynamic and static analysis Ability to perform vulnerability assessments and penetration testing, including network, infrastructure and application exploitation Operational usage of common analysis and response tooling, including Splunk, FireEye, Crowdstrike, Phantom, Akamai etc NIST framework MITRE ATT&CK, Lockheed Martin Cyber Kill Chain or similar methodologies A diverse and inclusive workplace works better for everyone: Our goal is to foster a culture that fills us with pride, rooted in trust and respect. NAB is committed to creating a positive and supportive environment where everyone is encouraged to embrace their true, authentic selves. A diverse and inclusive workplace where our differences are celebrated, and our contributions are valued. It s a huge part of what makes NAB such a special place to be. More focus on you: We re committed to delivering a positive experience for our colleagues and a workplace you can be proud of. We support our colleagues to balance their careers and personal life through flexible working arrangements such as hybrid working and job sharing and competitive financial and lifestyle benefits. We invest in our colleagues through world class development programs (Distinctive Leadership and Career Qualified in Banking), and empower you to learn, grow and pursue exciting career opportunities Join NAB India: This is your chance to join NAB India and along with your experience and expertise to help shape an innovation driven organisation that focuses on making a positive impact in the lives of its customers, colleagues and communities To know more about us please click here To know more about NAB Global Innovation Centres please click here We re on LinkedIn: NAB Innovation Centre India

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Look for immediate joiner. Jd Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modelling: Ability to conduct threat modelling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

Date 31 May 2025 Location: Bangalore, IN Company Alstom At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, 80,000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars. Could you be the full-time Security into Project Specialist in Bangalore were looking for Your future role Take on a new challenge and apply your cybersecurity and project management expertise in a new cutting-edge field. Youll work alongside innovative, dedicated teammates. You'll ensure the robust integration of security within our IS&T projects, safeguarding our digital initiatives. Day-to-day, youll work closely with teams across the business (Security Architecture, GRC and ISMS team, Architects, Project Managers and PMO, Business teams), review and approve security deliverables and much more. Youll specifically take care of validating Security Inquiry for Partners (SIP) and ensuring secure configurations are applied, but also make informed decisions about security acceptance based on residual risk and asset value. Well look to you for: Reviewing and approving security deliverables Ensuring the application of the "Security into Project" policy Validating and signing off on Security Inquiry for Partners Applying secure configurations for projects or business initiatives Making decisions on security acceptance Implementing design patterns and standards All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Degree in Engineering/Technology Experience or understanding of cybersecurity, architecture and design Knowledge of security architecture and infrastructure Familiarity with cloud solutions (Microsoft Azure/O365) A CISSP or CISM certification Ability to analyze technical risks and vulnerabilities Fluency in English Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges and a long-term career free from boring daily routines Work with cutting-edge security standards for rail signalling Collaborate with transverse teams and supportive colleagues Contribute to innovative projects that shape the future of transportation Utilise our dynamic working environment Steer your career in whatever direction you choose across functions and countries Benefit from our investment in your development, through award-winning learning Progress towards leadership roles within the cybersecurity domain Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension) You dont need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, youll be proud. If youre up for the challenge, wed love to hear from you! Important to note As a global business, were an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. Were committed to creating an inclusive workplace for everyone.

Date 7 Jun 2025 Location: Bangalore, KA, IN Company Alstom Req ID:478631 Could you be the full-time Cybersecurity Engineer Cyber Applications in Bangalore were looking for Your future role Take on a new challenge and apply your cybersecurity and system/network administration expertise in a new cutting-edge field. Youll work alongside innovative, dedicated, and supportive teammates. You'll maintain and enhance the security of Alstoms products and solutions, ensuring the integrity and resilience of our transport networks. Day-to-day, youll work closely with teams across the business (such as V&V, platform validation, and regional cybersecurity), execute design and deployment activities, and much more. Youll specifically take care of the maintenance of cybersecurity tools and applications, but also prepare and execute design & deployment activities for various projects and programs. Well look to you for: Maintaining cybersecurity tools and applications Preparing and executing design & deployment activities Executing specific testing activities and preparing reports Supporting validation and verification teams Acting as the administrator for cybersecurity applications Identifying cybersecurity tools and practices and providing guidance All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Degree in Computer Science, Information Technology, or equivalent Experience or understanding of cybersecurity in the context of industrial control systems or network administration Knowledge of design & deployment of NIDS such as Fortinet, Nozomi, Dragos, etc. Familiarity with system administration of Windows or Linux servers/systems A certification like MCSE, RHCE, LPIC, CCNA, or Network+ Preferably a cybersecurity certification like ECSA, Security+ Strong communication skills and the ability to work in a matrix organization Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges and a long-term career free from boring daily routines Work with new security standards for rail signalling Collaborate with transverse teams and helpful colleagues Contribute to innovative projects Utilise our flexible working environment Steer your career in whatever direction you choose across functions and countries Benefit from our investment in your development, through award-winning learning Progress towards roles of greater responsibility and leadership Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension) You dont need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, youll be proud. If youre up for the challenge, wed love to hear from you! Important to note As a global business, were an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. Were committed to creating an inclusive workplace for everyone.

Key Responsibilities: Plan, execute, and lead red team operations, including adversary emulation, threat simulations, and advanced penetration testing. Conduct full-scope assessments across network, application, endpoint, cloud, and physical security layers. Use tools, tactics, and procedures (TTPs) that mimic real-world adversaries (APT-style attacks). Identify security weaknesses, misconfigurations, and exploitable vulnerabilities across the enterprise. Collaborate with the blue team to provide insights and help mature detection and response capabilities. Prepare detailed reports, attack paths, and executive-level summaries of red team findings and recommendations. Develop custom scripts, tools, or exploits as needed during engagements. Stay current on the latest threats, exploits, and TTPs used by threat actors. Required Skills & Qualifications: 5-8 years of relevant experience in red teaming, penetration testing, or offensive security. Strong knowledge of MITRE ATT&CK framework and adversary simulation methodologies. Proficient in tools such as Cobalt Strike, Metasploit, Empire, BloodHound, Mimikatz, Nmap, Burp Suite, etc. Solid understanding of network protocols, operating systems (Windows/Linux), and cloud environments (AWS, Azure, GCP). Strong scripting skills in Python, PowerShell, or Bash. Experience with EDR evasion, privilege escalation, lateral movement, and persistence techniques. Excellent analytical, documentation, and communication skills. Preferred Certifications (any of the following): OSCP / OSCE / OSEP CRTO / CRTP / CRTE CISSP / CEH (Advanced) GIAC GPEN / GXPN / GCP

Your potential, unleashed. Indias impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilientnot only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile As Assistant Manager in our Cyber Team youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Threat Modelling: Conduct threat modelling sessions to identify potential security risks to applications, networks, and infrastructure. Utilize various threat modelling frameworks (e.g., STRIDE, PASTA) to evaluate the risk associated with business processes and IT systems. Vulnerability Assessment & Penetration Testing: Perform regular vulnerability assessments and penetration testing on applications, systems, and networks to identify weaknesses and misconfigurations. Security Risk Analysis: Analyse vulnerabilities identified in VAPT engagements and prioritize them based on risk to the business. Provide recommendations for remediation and mitigation. Incident Response: Assist in responding to security incidents by analysing threat patterns, supporting forensic investigations, and recommending preventative measures. Collaboration with Teams: Work closely with developers, DevOps, and other stakeholders to design and implement secure development practices and advise on secure code development practices. Reporting: Document findings from threat modelling, vulnerability assessments, and penetration tests, and present them to management and other key stakeholders. Security Awareness: Promote awareness of cybersecurity risks within the organization and provide guidance on secure coding and risk mitigation strategies. Required Skills and Qualifications: Strong knowledge of Threat Modelling methodologies and tools (e.g., Microsoft Threat Modelling Tool, OWASP Threat Dragon). Hands-on experience in performing Vulnerability Assessment and Penetration Testing (VAPT) using tools like Nmap, Burp Suite, OWASP ZAP, Nessus, and Metasploit. Solid understanding of common vulnerabilities (e.g., SQL injection, Cross-Site Scripting, Buffer overflows) and security protocols (e.g., TLS/SSL, OAuth, OpenID). Familiarity with network security (firewalls, IDS/IPS, VPNs, etc.) and web application security. Experience in performing risk analysis, writing security reports, and presenting findings to both technical and non-technical audiences. Knowledge of OWASP Top 10, CVE, and vulnerability databases. Proficiency in one or more programming languages (e.g., Python, Java, C, or scripting languages) is a plus. Understanding of security frameworks and compliance requirements (e.g., NIST, ISO 27001, GDPR, SOC 2) is desirable. Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus. Strong problem-solving skills and the ability to work independently and in a team. Prior experience in BFSI would be preferred. Preferred Qualifications: Certification: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar penetration testing certifications. Certified Information Systems Security Professional (CISSP) or similar information security certifications. Previous experience in threat hunting, incident response, or application security. Understanding of security in Agile/Scrum development processes. Location and way of working Base location: Pune Professional is required to work from office. How youll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the worlds most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyones welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.

Visa operates the worlds largest retail electronic payments network and is one of the most recognized global financial services brands. Visa facilitates global commerce through the transfer of value and information among financial institutions, merchants, consumers, businesses and government entities. We offer a range of branded payment product platforms, which our financial institution clients use to develop and offer credit, charge, deferred debit, prepaid and cash access programs to cardholders. Visas card platforms provide consumers, businesses, merchants and government entities with a secure, convenient and reliable way to pay and be paid in 200 countries and territories. The objectives of the DevSecOps team are to ensure application development and deployment processes are optimized, incorporate automation, are resilient and integrate security practices throughout the entire application development lifecycle. This individual contributor role, located in India, will help achieve these objectives by conducting day-to-day activities, closely collaborating with various stakeholders, that ensure applications remain impeccably secure, resilient, and all identified risks are addressed timely. For assigned areas, drive coordinated management of findings and exceptions, facilitate triaging, and ensure remediations occur or exceptions are filed, prior to the Required Remediation Date (RRD) to support achieving daily compliance. Serve as a first point of contact for Cybersecurity, Risk, and Operations. Participate in cross-team collaboration with developers, Security Architects, PEN Testers, Security Assessors, Risk and Governance teams. Work closely with Operations Infrastructure teams, developers and other stakeholders for cross-functional development activities. Help ensure Security Assessment compliance for PPD. Help identify security improvements for PPD environments to resolve or mitigate security findings or otherwise enhance security posture to achieve compliance with all security initiatives. Support development and delivery of security metrics (eg, dashboards, reports) which consolidate all finding sources and data. Collaborate with team in different locations to ensure clear and constant communications. Build an extensive network of positive relationships throughout Visa and its technology organizations to be leveraged to accomplish the broad requirements of this position. Basic Qualifications: Bachelors degree, OR 3+ years of relevant work experience Preferred Qualifications: 1 - 2 years of work experience with a bachelor s degree in computer science or related technical discipline. Some experience with vulnerability management such as provision of vulnerability scanners, agent provision and maintenance, interpretation of findings, ranking of finding scores, option assessment, management of superseded patches, false positives, reassignment of findings, remediation actions (i.e., patching), confirmation (i.e., re-scanning to confirm remediation), and management of remediation to a standard. Qualys experience is preferred but not required. Exposure with application development, software delivery lifecycle, and/or infrastructure development and administration. Awareness of DevOps and DevSecOps principles. Familiarity with cybersecurity best practices, principles, security protocols and standards. Understanding of common Cyber Threat terminology, vulnerability and penetration test methodologies, application reliability concepts, terminology. Understands, follows steps for assigned tasks and track the progress of work to completion. Able to communicate and collaborate with appropriate stakeholders to resolve issues. Familiarity with MS Excel, PowerPoint, Word, and SharePoint. Excellent verbal and written communication skills. Team player and passionate for contributing to a culture of innovation and flawless execution. Demonstrated ability to drive technical initiatives and identify improvement opportunities. Able to adapt to work across time zones as per project requirements

As a Cyber Security Analyst you will be responsible for the administration, endpoint protection, vulnerability management, intrusion detection system, security information & event management, Active Directory, Domain Controller and Email Security.

Job Description Responsibilities: Collaborate with engineering teams on architecting, implementing technologies, processes, and improvements around product security by performing threat models, penetrations tests, and sharing security expertise. Develop security testing plans to identify misconfigurations, vulnerabilities, and visibility shortfalls. Assist, mentor, and educate about internal secure development methodologies and CyberArk "Security Champions" program. Critical skills: 4+ years of experience working in the software development industry as a test engineer or an engineer with responsibilities relating to security. Background in Whitebox penetration testing. Bachelor s degree in Computer Science, Computer Information Systems, Software Engineering, or Mathematics or a related field, or its equivalent. Programming experience in one or more languages (Java, JavaScript, Python, Shell/BASH, C/C, C#). #LI-HK01 Qualifications Desirable skills: OSCP certification a huge plus. Experience with web application scanning tools (e.g. Static / Dynamic, Interactive, etc.) including Qualys WAS, Appspider, Acutenitx, Veracode, Burp Sui

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modeling: Ability to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

Vulnerability Identification & Assessment: Manage and oversee vulnerability scanning tools (Qualys, Tenable, Rapid7, etc.). Analyze vulnerability data from multiple sources and assess the impact on business operations. Perform risk assessments and categorize vulnerabilities based on severity and exploitability. Remediation & Risk Mitigation: Collaborate with IT and development teams to ensure timely remediation of identified vulnerabilities. Prioritize vulnerabilities based on risk to the business and potential exploitability. Track remediation efforts and ensure proper closure of security gaps. Process & Policy Development: Define and maintain vulnerability management policies, standards, and procedures. Establish workflows for vulnerability detection, reporting, remediation, and validation. Ensure compliance with security frameworks such as NIST, CIS, ISO 27001, and regulatory standards like GDPR, HIPAA, and PCI-DSS. Security Monitoring & Threat Intelligence Integration: Work with threat intelligence teams to understand emerging threats and vulnerabilities. Ensure vulnerability management aligns with incident response and threat-hunting processes. Continuously enhance detection mechanisms to improve vulnerability discovery and response. Compliance & Audit Readiness: Ensure that vulnerability management practices align with regulatory and compliance requirements. Maintain records of assessments, remediation efforts, and compliance reports for audits. Support internal and external audits related to vulnerability management. Reporting & Metrics: Develop and present vulnerability status reports to security leadership and executive teams. Track key performance indicators (KPIs) related to vulnerability remediation SLAs and risk reduction Provide insights on security posture improvements based on trend analysis. Security Awareness & Collaboration: Conduct training sessions to educate teams on vulnerability risks and remediation best practices. Work closely with DevSecOps, SOC, and infrastructure teams to integrate security best practices into the development lifecycle Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Vulnerability Management Preferred technical and professional experience Qualys

About the Role Were seeking a hands-on and detail-oriented Security and Compliance Engineer to drive security across our applications, infrastructure, and compliance programs-especially in a healthcare environment. This role combines security engineering, DevSecOps, and risk management with a strong focus on application, cloud, AI, and data security. You will work closely with engineering, DevOps, and compliance teams to embed security into the development lifecycle, support regulatory frameworks, and ensure cloud-native environments and AI technologies are secure by design. Responsibilities Conduct web and mobile application penetration testing, vulnerability scanning, and remediation support across our platforms. Integrate DevSecOps practices into CI/CD pipelines, using tools like Snyk, Terraform, and container security scanners. Implement and monitor Cloud Security Posture Management (CSPM) tools such as Wiz to secure cloud configurations and infrastructure. Partner with DevOps to enforce secure provisioning via Infrastructure as Code (IaC). Lead and support compliance initiatives (HIPAA, SOC 2, HITRUST) using platforms like Drata (Compliance-as-a-Service). Design and enhance email gateway security (e.g., Barracuda) and bot protection (e.g., WatchGuard) to defend against phishing and automated threats. Evaluate and secure chatbots and AI systems, addressing risks like prompt injection, data leakage, and model integrity. Drive data security best practices including encryption, data loss prevention (DLP), and classification strategies. Collaborate with engineering to embed security controls in product design and conduct threat modeling, secure code reviews, and architecture reviews. Participate in incident detection, response, and root cause analysis, while ensuring effective logging and monitoring are in place. Maintain security documentation and support audits and third-party assessments. Required Skills & Qualifications 4-6 years of experience in security engineering, compliance, and DevSecOps. Proficiency in web and mobile application security, including OWASP Top 10, SAST/DAST tools, and manual testing with Burp Suite, etc. Strong exposure to DevSecOps workflows, with hands-on experience using tools like Snyk, Terraform, and container security. Deep understanding of HIPAA, SOC 2, and healthcare compliance requirements. Experience with cloud security, preferably on Microsoft Azure, and familiarity with CSPM tools like Wiz. Working knowledge of Drata or similar compliance automation platforms. Exposure to email security gateways, bot protection, and threat detection tools. Familiarity with AI and chatbot security concepts and current risks in the generative AI space. Strong grasp of data security principles-encryption, access controls, data classification, and DLP. Scripting or automation skills in Python, Bash, or equivalent are a plus. Strong written and verbal communication, documentation, and collaboration skills. Nice to Have Certifications like OSCP, CEH, CCSK, CISSP, HCISPP, or similar. Familiarity with tools like KnowBe4, Intune, or Azure AD for identity and endpoint security. Understanding of Zero Trust Architecture, RBAC, and endpoint detection and response (EDR) strategies. Previous experience in a health tech, SaaS, or AI-focused organization. Why Join Us Make a real impact in securing healthcare and AI systems at scale. Collaborate in a high-ownership environment with modern tools and cloud-native practices. Work in a security-forward company that values both innovation and compliance. Flexible work environment and growth opportunities in a fast-paced tech culture.

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Primary mandate skill required Penetration Testing Secondary mandate skill required – Azure and AWS Cloud Pentest, Mobile Pentest At least 5 years of experience in Penetration testing Experience in pentesting web applications, infrastructure servers/operating systems, mobile applications and Cloud platforms like AWS, Azure, GCP using industry standards Work independently in a fast paced and dynamic environment Deep knowledge of technologies, solutions and attack vectors that apply to Cloud platforms Research and develop new attack methodologies and tools Constantly improve the capabilities of the penetration testing team Experience working with penetration testing tools like Kali linux, Metasploit, Prowler, etc Experience in python/powershell scripting Experience in security control testing using MITRE framework Understand vulnerabilities and develop relevant exploits/payloads Design, implement, and deploy integrated pentesting tools Recommend threat mitigations and participate in remediation efforts as needed

We are seeking a highly skilled and motivated Technical Security Professional specializing in Vulnerability Assessment and Penetration Testing (VAPT), Source Code Review, API Security, and Web Application Security. As a member of our team, you will be responsible for ensuring the security and integrity of our systems, applications, and networks. Responsibilities Conduct comprehensive Vulnerability Assessments and Penetration Tests (VAPT) on various systems, networks, and applications to identify security weaknesses and potential vulnerabilities. Perform thorough Source Code Reviews to identify security flaws, coding errors, and vulnerabilities in web applications and software products. Assess and enhance API security by evaluating API designs, configurations, and implementations for potential security risks and vulnerabilities. Evaluate and enhance the security posture of web applications by conducting thorough security assessments and implementing appropriate security controls. Develop and implement security testing methodologies, tools, and procedures to improve the efficiency and effectiveness of security testing activities. Provide technical expertise and guidance to development teams, system administrators, and other stakeholders on security best practices and mitigation strategies. Collaborate with cross-functional teams to remediate identified security vulnerabilities and implement security controls to mitigate risks. Stay updated on the latest security trends, vulnerabilities, and best practices to continuously improve the security posture of our systems and applications. : Bachelor's degree in Computer Science, Information Security, or a related field. (Master degree preferred) 5 to 7 years of experience in conducting Vulnerability Assessments and Penetration Tests (VAPT) on enterprise systems, networks, and applications. 4 to 7 years of experience in performing Source Code Reviews for web applications and software products. Proficiency in using industry-standard security testing tools such as Nessus, Metasploit, Burp Suite, etc. Strong understanding of web application security principles, common vulnerabilities (e.g., OWASP Top 10), and mitigation techniques. Experience in assessing and enhancing API security, including authentication, authorization, encryption, and access control mechanisms. Knowledge of secure coding practices and common programming languages (e.g., Java, Python, C/C++, etc.). Knowledge of cloud security and DevSecOps processes. Excellent analytical and problem-solving skills with the ability to identify and mitigate complex security risks and vulnerabilities. Strong communication and interpersonal skills with the ability to effectively collaborate with cross-functional teams and stakeholders. Relevant security certifications such as CISSP, CEH, OSCP, etc., are preferred.

Hello Visionary! We know that the only way a business thrive is if our people are growing. That’s why we always put our people first. Our global, diverse team would be happy to support you and challenge you to grow in new ways. Who knows where our shared journey will take you We are looking for Product and Solution Security Expert (PSSE) How do you craft the future Smart BuildingsWe’re looking for the makers of tomorrow, the hardworking individuals ready to help Siemens transform entire industries, cities and even countries. Get to know us from the inside, develop your skills on the job. You’ll make a difference by: 1. Integration with SDLC: Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Perform security code reviews and analyze vulnerabilities during different SDLC phases. Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. 2. Security Activities: Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. 3. Stakeholder Interaction: Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization. 4. Security Tools and Technologies: Implement and manage security tools such as static and dynamic analysis tools, intrusion detection systems, and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance the organization's security posture. 5. Incident Response: Assist in the development and implementation of incident response plans and procedures. Participate in security incident investigations and provide expertise in resolving security breaches. 6. Training and Awareness: Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security. You’ll win us over by: 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred: Certified Secure Software Lifecycle Professional (CSSLP). Experience: Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. You’ll win us over by: Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. Minimum 5 years of experience in cybersecurity, with a focus on application security. We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Create a better #TomorrowWithUs! This role, based in Pune, is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow Find out more about the Digital world of Siemens here[1] www.siemens.com/careers/digitalminds Find out more about Siemens careers at[2] www.siemens.com/careers

Hello Visionary ! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. We are looking for a highly skilled and motivated Product & Solution Security Professional to join our team. The ideal candidate will be responsible for defining secure design principles and supporting cross-functional teams to ensure secure architecture, implementation, and testing of products and solutions. Key Responsibilities Integration with SDLC Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. Perform security code reviews and analyze vulnerabilities during different SDLC phases. 2. Security Activities Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. Stakeholder Interaction Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization . 4. Security Tools and Technologies Implement and manage security tools such as static and dynamic analysis tools and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance product’s security posture. 5. Training and Awareness Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security . Skills and Qualifications 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred CEH, Certified Secure Software Lifecycle Professional (CSSLP) or equivalent. Experience Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. 7 - 10 years of experience in cybersecurity, with a focus on application security. Make your mark in our exciting world at Siemens . This role, based in Bangalore , is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow We’ll support you with Hybrid working opportunities. Diverse and inclusive culture. Variety of learning & development opportunities. Attractive compensation package. Find out more about Siemens careers at www.siemens.com/careers

Look for immediate joiner. Jd Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

. "Responsible for monitoring, identifying, investigating and analyzing all response activities related to cybersecurity incidents within an organization. Identifies security flaws and vulnerabilities; responds to cybersecurity incidents, conducts threat analysis as directed and addresses detected incidents. Conducts network or software vulnerability assessments and penetration testing utilizing reverse engineering techniques. Perform vulnerability analysis and exploitation of applications, operating systems or networks. Identifies intrusion or incident path and method. Isolates, blocks or removes threat access. Evaluates system security configurations. Evaluates findings and performs root cause analysis. Performs analysis of complex software systems to determine both functionality and intent of software systems. Resolves highly complex malware and intrusion issues. Contributes to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations. Works with moderate guidance in own area of knowledge. Employees at all levels are expect to: - Understand our Operating Principles; make them the guidelines for how you do your job - Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services - Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences - Win as a team - make big things happen by working together and being open to new ideas - Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers - Drive results and growth - Respect and promote inclusion and diversity - Do whats right for each other, our customers, investors and our communities" Job Description Core Responsibilities Strong customer focus with the ability to advise and work closely with application teams and vendors on mitigation. Exposure to commercial and open-source tools such as Burpsuite, Metasploit, WebInspect, Nessus, Qualys, Nexpose, nmap, Kali Linux, etc. Experience cataloguing and risk-scoring vulnerabilities discovered through assessments. Good understanding and experience with: Web application security assessment, including hands-on techniques. Hands-on experience in identifying, mitigating, and remediating vulnerabilities based on OWASP Top10 (API, Web) Basic Scripting knowledge with the capability to automate analysis of technical engineering tasks. CVSS scoring and its use in risk rating What success looks like Prompt, effective curation of security vulnerabilities. Responsiveness to internal customer requests. Validation of remediated tickets within published service level agreements (SLAs). What You Can Expect A cool and casual work environment with opportunities to showcase your skills. A culture of innovation and continuous learning. Training, support, and mentoring to expand and evolve your expertise. Opportunities to impact the security of Comcast products in millions of homes and businesses What We Require: Bachelors Degree in Computer Science, Information Systems, or other related field or equivalent work experience. Disclaimer: This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. Thats why we provide an array of options, expert guidance and always-on tools that are personalized to meet the needs of your reality to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the benefits summary on our careers site for more details. Education Bachelors Degree While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience. Certifications (if applicable) Relevant Work Experience 2-5 Years Comcast is proud to be an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law.

As a Security Consultant, you play a pivotal role as a key advisor for IBM's clients. Your primary responsibility is to analyze business requirements and leverage your expertise to design and implement optimal security solutions tailored to meet the unique needs of our clients. Your technical skills will be crucial in finding the delicate balance between enabling and securing our client's organization, utilizing cognitive solutions that have contributed to making IBM the fastest-growing enterprise security business globally. - Develop a deep technical understanding of IBM Public Cloud offerings and infrastructure - Plan and perform red team exercises against various cloud offerings - Plan and perform full stack security tests against various system(s) and application(s) independently as well as within a team - Engage in security monitoring and visibility improvement activities across the IBM Public Cloud organization - Thoroughly document techniques, tactics, and proof of concepts used during security testing and red team exercises - Communicate with various business and technology leaders to interpret identified vulnerabilities and assist in the development and planning for risk mitigation plans - Research and continuously improve skills in attacker tools, methods, and techniques - Lead by example for the greater red team in professionalism, communication, and technical expertise Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Demonstrates strong understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Demonstrates strong ability to communicate highly technical aspects to Executives and IT staffs, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) Possess one or more of the following credentialsOSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 3+ years of demonstrating experience in system or application administration role(s) Preferred technical and professional experience 5+ years of demonstrating experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies Understanding of offensive cybersecurity operations and defensive integrations, including enumeration and exploitation of various cloud-based technologies and development of secure applications. Ability to communicate highly technical aspects to Executives and IT staff, respectively Demonstrates ability by creating custom tools for penetration testing and contributing to opensource technologies Expertise in developing exploits and customized attack tooling and approaches Demonstratedsecurity research leading to bug bounty and CVE awards Deep understanding of serverless services, containerization and other cloud technologies Demonstrates strong experience with various scripting languages (Python, Ruby, Bash, etc.) CGood to have one of these certsCRTP, CEH, OSCP, OSCE, OSWE, GWAPT, GPEN, GXPN, CRTP, Crest Penetration Certification. Familiarity with serverless services, containerization and other cloud technologies Strong familiarity with OWASP Top Ten, NIST, and MITRE ATT&CK 5+ years of demonstrating experience in system or application administration role(s)

Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analysing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world. The ability to be a team player, Strong communication collaboration Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Application Security, Threat Modelling, Secure Code Review, Penetration Testing, Vulnerability Testing, SAST (Static Application Security Testing), DAST (Dynamic Application security Testing), DevSecOps Implemented Clean Code principles, JUnit’s * Java development, JavaScript, Python, Ruby, C++/C#, Perl etc Must have strong business acumen with ability to work with application development, QA and security teams. A strong understanding of application security frameworks The ability and skill to train other people in procedural and technical topics As a Security Consultant, you will be a key advisor for IBM’s clients, analysing business requirements to design and implement the best security solutions for their needs Preferred technical and professional experience Must have a solid understanding of application security code reviews and penetration testing & Experience with enterprise java technologiesSpring, JUnit, Hibernate 4+ years' experience in application development and security. Practical understanding and use of commercial application security tools

Job Summary We are seeking a seasoned professional to manage and enhance the operations of the Saviynt platform. The ideal candidate will bring strong technical expertise leadership capabilities and a proactive approach to platform stability process improvement and stakeholder engagement. Responsibilities Key Responsibilities Platform Monitoring & Maintenance Oversee the health and performance of the Saviynt Platform including Saviynt Connect Portal and Connectors. Monitor JML (Joiner-Mover-Leaver) processes aggregation tasks and access requests. Hands on with SOD workflows tasks rules forms custom object access reviews and updates of JML configurations access requests and certification workflows. Guide the team to implement best practices for Access Management & RBAC. Play a key role in identifying areas for implementing Automations. Enhancements & Troubleshooting Implement minor enhancements and workflow changes as needed. Coordinate with the Saviynt product team for resolution of critical issues. Documentation & Compliance Maintain up-to-date SOPs runbooks and procedural documentation. Ensure timely patching of the Saviynt platform and its components. Support DR (Disaster Recovery) testing. Integration & Performance Management Manage and resolve integration issues with systems such as Active Directory and ServiceNow and any custom integrations. Periodically tune performance parameters to ensure optimal system efficiency. Operational Oversight Share service health status report to customer on daily basis validate logs and verify backups. Provide Weekly/monthly reports on incidents changes service requests and problem tickets. Attend Weekly/monthly review calls tracking actions and work towards closure. Process & Stakeholder Engagement Identify process gaps and propose remediation aligned with product and security standards. Present changes in CAB meetings participate in major incident bridges and engage with customers for requirement gathering and escalation handling. Additional Skills Strong understanding of ITIL processes. Working knowledge of NetIQ IDM is a plus. Proficiency in Microsoft Office Suite for documentation and presentations. Excellent communication skills to liaise effectively between internal teams and customers. Basic knowledge on scripting using PowerShell AD & Exchange commands. Knowledge on Active Directory Entra AD Entra AD connect for synchronization