1330 Penetration Testing Jobs - Page 37

Ability to understand the technical implications and impact of various types of vulnerabilities on servers and applications including remote code execution, elevation of privilege, information disclosure. Ability to assess the risk associated with vulnerabilities, including impact and exploitability Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 3 plus years of experience Experience in vulnerability management, security operations, or a related field with a proven track record of identifying and mitigating vulnerabilities. Practical experience with vulnerability scanning, risk assessment, and patch management processes. Proficiency with vulnerability scanning tools such as Nessus, Qualys, Rapid7 Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Hands-on experience withTenable.SC (or an equivalent VM platform) including administration of Nessus remote and agent-based scans, profile creation and maintenance Skills in prioritizing vulnerabilities based on their severity, potential impact, and the organization’s risk profile, experience with ASM solution

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Vulnerability Management.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Active Directory.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: SAP GRC - Governance-Risk-Compliance.

As an Application Security Specialist,youll play a vital role in building secure systems from the ground up. Workingclosely with engineering, compliance, and DevOps teams, you will ensure ourapplications meet rigorous security and regulatory standards across globaljurisdictions. Your Impact on the Mission: Integrate security into the Software Development Lifecycle (SDLC) , embedding security controls at every phase. Conduct threat modeling , secure code reviews , and penetration testing for internal and third-party applications. Collaborate with development teams to address security issues across CI/CD pipelines (DevSecOps). Manage and mitigate application-level risks in line with security frameworks and regulatory requirements. Support compliance efforts for GDPR , NIS2 , PCI-DSS , and DORA by applying security controls and maintaining evidence. Drive secure practices in the software supply chain , improving defenses against attacks like those seen in SolarWinds. Business Impact Reduces application security vulnerabilities across internal and customer-facing systems. Helps ensure Noventiqs compliance with global cybersecurity regulations. Lowers production defects and remediation costs through early detection. Strengthens resilience ofcloud-native and third-party platforms. What Youll Bring to The Table About You: 5 years in Application Security, including secure development, testing, and DevSecOps. Solid understanding of OWASP Top 10 , SAST/DAST , threat modeling , and common attack vectors. Familiarity with CI/CD environments (e.g., GitLab, GitHub Actions, Azure DevOps). Hands-on experience with tools such as Burp Suite , OWASP ZAP , SonarQube , Checkmarx , or similar. Preferred Certifications Industry-recognized certifications are a plus, including: OSCP , GWAPT, CISSP, or CSSLP Bonus for Azure Security Engineer (AZ-500) or Certified DevSecOps Professional Frameworks Compliance Working knowledge of: OWASP , CIS Controls v8, ISO/IEC 27001 GDPR , NIS2 Directive, PCI-DSS, DORA Regulation

Hands-on experience on vulnerabilities and should know Life Cycle ofvulnerabilities, Perform data validation and prioritization The core team will work with the Program Manager for any emergency vulnerabilities and will work with all stakeholders with high-priority Validate the report for any anomalies Categorization of Vulnerabilities Validate Ageing of Vulnerabilities Validate Remediated Vulnerabilities Provide the patching Schedule, and classify based on criticality, OS, and Non-OS, and further sub-classify into config, registry and application vulnerabilities categories on a timely basis Prepare the teams shift roster based on the patching schedule Identify Vulnerabilities still shown as open despite remediation and raise withthe infosec team - update InfoSec Issue Trackers Identify Vulnerabilities and create Fixlets where solutions exist Work on and call out Known issues on KBs Provide technical solutions to all Vulnerabilities and engage with SMEfor any critical discussions Vulnerability Assessment, Vulnerability Mitigation, Static/dynamic testing of mobile applications, Cyber Security Assessment Consulting, Penetration Testing, Manual Penetration Testing using OWASP checklists. The core team will work with the Program Manager for any emergency vulnerabilities and will work with all stakeholders with high-priority

Vulnerability Assessment, Vulnerability Mitigation, Manual Penetration Testing using OWASP checklists, Penetration Testing, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Cyber Security Perform comprehensive penetration testing and vulnerability assessments on enterprise networks, firewalls, routers, switches other infrastructure components Identify and exploit vulnerabilities to assess the security posture of network components Provide detailed reports with risk ratings, remediation steps, and security recommendations Work with IT DevOps teams to ensure timely resolution of vulnerabilities Utilize industry-standard tools such as Nessus, Nmap, Metasploit, Burp Suite, Wireshark, Open VAS Implement and manage vulnerability scanning solutions across the organization Collaborate with IT, DevOps security teams to ensure patches and mitigations are applied effectively Conduct security assessments for cloud environments (AWS, Azure, GCP) including configuration audits Identify misconfigurations, privilege escalations security risks in cloud infrastructure Implement continuous monitoring logging solutions for cloud security visibility

Atlas Energy - Cybersecurity Analyst Security Analyst - Threat Management and Vulnerability Assessment Seeking a skilled Security Analyst (4-6 years) specializing in threatmanagement and vulnerability assessments. The ideal candidate will haveexperience with Defender for Cloud (migration from L1 to L2), Rapid7, andIntune, and a foundational understanding of Operational Technology (OT)systems, particularly the Dragos platform. This role involves advanced threatdetection and remediation, vulnerability assessments, patching, and hardeningtasks. Qualifications: - Experience with Defender for Cloud and Rapid7. - Proficiency in vulnerability assessments, patch management, and systemhardening. - Familiarity with Intune and Rapid7 agent deployment issues. - Basic understanding of OT systems and security, particularly the Dragosplatform. - NIST controls implementation. - Excellent communication and documentation abilities. Shift Timing - US CST hours

Dedicated lead to work with the Happiest Minds Shared SOC team and ITteam to enhance the overall Incident response processes Run any critical incident response along with SOC and IT team Review and update the use caserepository as applicable to Happiest Minds Environment Work on root causeanalysis and remediations for alerts/incidents raised by customers Review andupdate existing automation playbooks Continuous updates of detectiontechniques Periodic threat hunting Use cases to prioritize based on thefindings from the threat and vulnerability management program

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Data Security Assessment Consulting Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies Prepare detailed reports on findings from simulations and suggest improvements Facilitate training sessions for internal teams on security awareness and breach response tactics

Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, Static/dynamic testing of mobile applications, Static Code analysis Artifacts/Grey box Infra Activity (VA/CA) Windows Server - Performing Scanning and preparing reports - application Security Testing/ Infra VACA

Static Code analysis Static/dynamic testing of mobile applications Vulnerability Assessment Penetration Testing. SAST Penetration testing Vulnerability Assessment

Web App Pentesting SAST DAST and API. Static/dynamic testing of mobile applications Static Code analysis Vulnerability Assessment Penetration Testing

Manual Penetration Testing using OWASP checklists, Penetration Testing, Security Configuration Review, Cloud Security Assessment, Cyber Security, Manual Penetration Testing using OWASP checklists, Penetration Testing, Security Configuration Review, Cloud Security Assessment, Cyber Security 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms Notice: Immediate to 15 days

Penetration Testing, Manual Penetration Testing using OWASP checklists, Cloud Security Assessment, Security Configuration Review, Vulnerability Assessment, Vulnerability Mitigation, Cyber Security 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms

You are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following: o Understand and be compliant with the Service Level Agreements defined for the DevSecOps services; o Understand and deep knowledge of application security engineering principles, and helping clients development team and function to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes; o Well versed with the application deployment and configuration baselines, and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations; o Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service; o Perform manual and automated security assessment of the applications; o Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets; o Be a liaison between the Application development and infrastructure team, and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; o Identifying, researching and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and o Performing active monitoring and tracking of application related threat actors and tactics, techniques and procedures (TTPs), that could likely cause an impact to client organization

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps.

Company Overview: Outsourced is a leading ISO certified India & Philippines offshore outsourcing company that provides dedicated remote staff to some of the world's leading international companies. Outsourced is recognized as one of the Best Places to Work and has achieved Great Place to Work Certification. We are committed to providing a positive and supportive work environment where all staff can thrive. As an Outsourced staff member, you will enjoy a fun and friendly working environment, competitive salaries, opportunities for growth and development, work-life balance, and the chance to share your passion with a team of over 1000 talented professionals. About the Role: Conduct web app, external, and internal penetration tests for global clients. Deliver high-quality reports and communicate findings to stakeholders. Work autonomously in a client-facing role with minimal supervision. Work Setup Location: Onsite - Bangalore Core hours: ~10 AM7 PM IST (but we're flexible) Key Responsibilities: Conduct full-scope penetration tests : Web apps (modern JS frameworks, APIs, microservices) External/internal networks (pivoting, privilege escalation) Cloud environments (AWS/Azure/GCP misconfigurations) Develop custom exploits for unique vulnerabilities (not just CVEs) Reverse engineer black-box systems when documentation is limited Client & Reporting: Translate technical findings into executive-level risk briefings Deliver actionable reports (we hate template spam) Guide clients through remediation validation Team Contribution: Mentor junior team members (optional but encouraged) Contribute to internal tool development (if interested) Participate in quarterly research sprints (choose your focus area) Requirements: OSCP-certified (must have current certification) 3-5 years of hands-on pen testing experience (not just vulnerability scanning) Can walk us through your methodology for: Web app testing (Burp Suite, custom exploits) Internal network pivoting Cloud environment testing (AWS/Azure/GCP) Communication chops – you'll be explaining XSS to CTOs Nice-to-Haves (Tell Us If You Have These): OSCE/OSEP/CREST certifications Cloud security certs (AWS/Azure/GCP) Published CVEs/blog posts/research Experience with red team operations What we Offer Health Insurance: We provide medical coverage up to 20 lakh per annum, which covers you, your spouse, and a set of parents. This is available after one month of successful engagement. Professional Development: You'll have access to a monthly upskill allowance of 5000 for continued education and certifications to support your career growth. Leave Policy: Vacation Leave (VL): 10 days per year, available after probation. You can carry over or encash up to 5 unused days. Casual Leave (CL): 8 days per year for personal needs or emergencies, available from day one. Sick Leave: 12 days per year, available after probation. Flexible Work Hours Outsourced Benefits such as Paternity Leave, Maternity Leave, etc.

Role & responsibilities Orange Business is hiring for Cybersecurity Expert - Pentest for Greater Noida location. Performing (Web, mobile, Cloud-based AWS, Azure, etc.), thick-clients business solutions and infrastructure pentest as assigned by the customer Work on full assessment & revalidation cases within customer defined timelines. Handling report creation based on pentest outcome as per customer template Develop new test cases, scenario & able to perform API pentesting Develops, tests and validates solutions to remediate exploitable conditions on devices such as web servers, mail servers, routers, firewalls and intrusion detection systems | Provide results report and help team to evaluates, codes and implements software fixes (patches) to address system vulnerabilities such as malicious code (e.g., viruses), system exploitation using SQL injection, cross-site scripting, buffer overflows, parameter tampering, hidden field manipulation, cookie poisoning and web services manipulation | Conducts security assessments of systems and applications using penetration tests, ethical hacking tools and risk assessment/mediation methodologies to evaluate vulnerabilities Perform source code review & configurations reviews against CIS benchmarks and security standards Participating in end user calls with customer for requirement gathering, explanation of findings, technical discussions. Preferred candidate profile Mandatory skill set Proficiency in Pentest tool such as using Burp suite and Kali Linux Proficiency in Python and Java, JavaScript, and Other coding languages • Good experience in performing security penetration testing and vulnerability assessment for internal, external web & mobile applications, wireless networks and IT infrastructure, end-points, cloud etc. Experience in testing diverse infra components including various enterprise platforms such as private clouds, Openshift infra, dockers/container infra etc. Experience in Source code reviews, red team exercises, security architecture configuration reviews, and technical security compliance reviews Knowledge on Web-based applications and services (SOAP/REST) Well versed in writing reports, test cases etc. OSCP/ OSWP / OSCE certification (preferred), SANS or Certified Penetration Tester, Certified Expert Penetration Tester or GIAC Certified Penetration Tester Secondary skill set Knowledge on Azure & scripting language Nice to have knowledge on other hacker tools;Appscan, Fortify, Wireshark, nmap, netcat, ZAP, FireBug, Nessus, John the Ripper.

OSCP Certification is needed. Need to have solid hands-on experience with at least 3 of these , and a basic understanding of the rest -- Mac and/or Windows Thick Client Web Application & API & AI Mobile (Android and/or iOS) & IoT Infrastructure/Systems Network/Firewalls/Switches Competencies - 5+ years of penetration testing or related security experience. Network penetration testing and manipulation of network infrastructure. Web, mobile, and/or desktop application assessments. Social engineering assessments (email, phone, or physical). Automation or scripting using Perl, Python, Ruby, or similar languages. Exploit development or modifying shellcode and existing exploit tools. Application development in C#, ASP.NET, Objective C, or Java (J2EE). Reverse engineering malware, data obfuscation, or cryptographic systems. Regulatory penetration testing, particularly focusing on FTC and PCI compliance standards. Source code review for control flow and security vulnerabilities. Strong knowledge of operating systems and network protocols. Proficiency with tools such as Burp Suite, Checkmarx, Snyk, Wireshark, Fiddler, and Wiz. Ethical approach to security and business operations. Fluency in written and spoken English (B2 level or higher). Familiarity with Kali Linux and security frameworks like MITRE ATT&CK. Desire to continuously learn new techniques and attack vectors. Preferred Skills: Experience with wireless, web application, and network security testing tools. Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels. Basic understanding of AI and machine learning security, including adversarial attacks, model poisoning and secure deployment of AI systems. Working knowledge of Unix/Linux/Mac/Windows operating systems, including scripting in Bash and Powershell. Experience with security controls in AWS, GCP, and Azure cloud environments. Understanding of security principles like defense-in-depth and security architectures. Experience in guiding and mentoring junior team members, with a focus on developing technical skills and expertise. Industry certifications like OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CEH or equivalent are highly desirable.

BE, B.Tech, MSc (Information Technology), CISA, CISSP, CEH General Description: Candidates must possess hands-on audit experience in IT general controls. As Information Technology Auditor, you will examine, evaluate and verify policies, procedures and internal controls around information systems and networks. Exposure to ISO27001, SSAE16, Vulnerability Assessment and Penetration Testing, Security Technologies is an added advantage. Responsibilities: Timely completion of information technology and information security audits in a manner that is consistent with the professional standards set by Qadit. Adequately analyze and document all information systems and related controls, and develop an appropriate audit program to test the controls identified. Evaluate the adequacy of security and processing controls as they relate to each audit, and the effectiveness of general IT controls in effect in the IT environment. Review the means of safeguarding information assets and monitor ongoing performance metrics established by the IT and Security Departments of clients. Prepare audit work papers according to established corporate guidelines and industry standards, and as applicable create audit reports. Maintain and enhance audit work paper templates. Maintain active communication with clients to manage expectations, ensure satisfaction, make sure deadlines are met, and lead change efforts effectively. Team with partners and senior managers on proposals and business development calls. 1. Conducting vulnerability assessments & penetration testing analyzing related reports. 2. Running VA PT tools 4. IT general computer controls audits Position will be based in Chennai, but will need to travel extensively both within and outside India. Role Summary Support IT audits, risk assessments, and compliance tasks in the IT GRC domain. B.E./B.Tech (CS/IT/ECE), B.Sc/M.Sc (IT/CS), or B.Com/BBA with interest in IT GRC audit. Key Skills Basic understanding of ISO 27001 and other security frameworks including SOC 2, GDPR and HIPAA, audits, MS Office; good communication and analytical skills. Pursuing CISA, ISO 27001 Foundation, or DISA is a plus. Not mandatory; freshers are welcome. Hands-on exposure to cybersecurity, compliance, and IS audit under expert guidance. Lead and execute IS audits, risk assessments, and compliance reviews within the GRC framework. Graduate in B.E./B.Tech (CS/IT), B.Sc/M.Sc (IT/CS), or equivalent. Upto 2 years in information security, IT audit, or risk/compliance roles. Strong knowledge of ISO 27001 and other security frameworks including SOC 2, GDPR and HIPAA, ITGC, regulatory frameworks (RBI, SEBI), audit tools, and MS Office. CISA, DISA, ISO 27001 Lead Auditor (preferred). Opportunity to lead audits, enhance GRC maturity, and work with senior stakeholders in a dynamic environment.

As a Product Security Engineer, you'll to ensure the security of GRAVTY throughout the development lifecycle. In this role, you will work closely with Engineering, DevOps, and Product teams to design and implement security controls, identify vulnerabilities, and drive secure coding practices. Your responsibilities will include and not limited to Conduct Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, API, and infrastructure. Think like an attacker and simulate advanced threat scenarios to proactively identify security gaps. Utilize leading security tools such as Burp Suite, Acunetix, OWASP ZAP, Snyk, Wiz, and others. Leverage offensive security platforms and toolkits like Wireshark, Metasploit, Kali Linux, and more. Perform API and mobile platform security testing, including vulnerability discovery and exploit validation. Execute and document Open-Source Intelligence (OSINT) investigations. Collaborate closely with DevOps/Engineering to integrate security tools into CI/CD pipelines and promote DevSecOps best practices. Contribute to secure coding reviews and vulnerability triage, and assist in patch, compliance, and access control management. Monitor and respond to production security alerts and assist with security incident handling. To be successful in this role, you should have A bachelors degree in Engineering, preferably CS/IT. 3-6 years of proven experience in penetration testing and vulnerability management. Minimum of 1-3 years of experience in Red Teaming Strong coding/scripting proficiency in Python, Java, Ruby, or similar. Familiarity with AWS cloud, Linux systems, Docker containers, and infrastructure security practices. Exposure to DevSecOps, including implementing security tools in CI/CD, and production environment protection. Experience in Secure Development Lifecycles, access controls, and patch compliance frameworks. Industry-recognized certifications like CEH, eWPT, eWPTX, or equivalent are a plus. Excellent analytical, communication, and collaboration skills. A curious mind, a passion for security, and a knack for staying one step ahead of adversaries.

We are hiring an information security analyst to work in our growing IT Security team. You will monitor our computer networks for security issues, install security software, and document any security issues or breaches you find. To do we'll in this role you should have a bachelors degree in computer science and experience in the information security field. Monitor computer networks for security issues. Investigate security breaches and other cybersecurity incidents. Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs. Document security breaches and assess the damage they cause. Work with the security team to perform tests and uncover network vulnerabilities. Fix detected vulnerabilities to maintain a high-security standard. Stay current on IT security trends and news. Develop company-wide best practices for IT security. Perform penetration testing. Help colleagues install security software and understand information security management. Research security enhancements and make recommendations to management. Stay up-to-date on information technology trends and security standards.

Job opportunity Lead Security Engineer (m/f/d) at thinkproject Introducing Thinkproject Platform Pioneering a new era and offering a cohesive alternative to the fragmented landscape of construction software, Thinkproject seamlessly integrates the most extensive portfolio of mature solutions with an innovative platform, providing unparalleled features, integrations, user experiences, and synergies. By combining information management expertise and in-depth knowledge of the building, infrastructure, and energy industries, Thinkproject empowers customers to efficiently deliver, operate, regenerate, and dispose of their built assets across their entire lifecycle through a Connected Data Ecosystem. What your day will look like We are seeking a skilled Lead Security Engineer to join our team and play a key role in safeguarding our organization from cyber threats while ensuring the operational uptime of our customer-facing and internal IT Security platforms. In this role, you will lead the day-to-day operations of the Security Engineering team, continually enhancing our capabilities in cyber security protection, mitigation, and control. The team is responsible for the deployment, management, and ongoing improvement of our IT security solutions, ensuring the integrity, confidentiality, and availability of our systems and data. You will also ensure our security solutions align with industry best practices and fulfil Thinkproject s compliance obligations across all platforms. The Lead Security Engineer will lead and mentor a team, driving a coordinated and strategic response to both emerging and ongoing threats. They will also ensure that the organizations cyber security controls, solutions and platforms are maintained in alignment with service level agreements (SLAs) for both customers and internal stakeholders. The ideal candidate will have extensive experience working within a Security Engineering team and possess hands-on expertise in implementing, configuring, and managing solutions for security logging, monitoring, threat detection, vulnerability management, endpoint protection, and infrastructure security. The candidate should bring leadership and mentoring capabilities, providing oversight and expert guidance to other security engineers while promoting a positive culture of continuous improvement. The Lead Security Engineer will also be responsible for monitoring the health of Thinkprojects IT security infrastructure, responding to health-related events. This role sits within the Product Operations and Corporate IT branch, reporting to the Director of Cyber Security and Networking, and operates as part of the broader Cyber Security, Network Engineering, and Operations team. What you need to fulfill the role Lead the daily operations of the Security Engineering team, ensuring effective management of incidents, requests, problems, and projects related to the IT security infrastructure, solutions and controls maintained by the team. Support the Security Operations Team with Investigation and response to security events and incidents, ensuring timely identification, containment, eradication, and recovery. Assist with development of event response procedures and playbooks Support the Central IT functions with Investigation and response to IT events and incidents, ensuring timely identification, containment, eradication, and recovery. Arrange and oversee frequent penetration tests of our solutions, ensuring they are conducted successfully and without impacting service. Ensure all security engineering operations are conducted in compliance with relevant regulatory requirements, industry standards, and internal policies. Assist in the preparation and maintenance of audit and compliance documentation. Manage the output of security issues from cyber security assessment tools, coordinating with key stakeholders to ensure timely mitigation and remediation of identified issues and threats. Contribute to the ongoing maturation of the Security Engineering team by introducing new solutions to enhance departmental operations and improve cybersecurity coverage. Oversee the day-to-day management of a comprehensive suite of security products and tools, including (but not limited to): Web Application Firewalls (WAF), Endpoint Detection and Response (EDR), Remote Access and Zero Trust solutions, Patch Management solutions, Vulnerability and Penetration Testing solutions, Threat Response solutions, Cloud Security Posture Management, Application Security Posture Management, Cyber Security Awareness Training, Email Security Gateways, Privileged Access Management, Software Composition Analysis, Static Code Analysis, Password Management, Public and Private PKI, SIEM, Identity Management, Dark/Deep Web Monitoring, Asset and Endpoint Management, and Data Classification/Data Loss Prevention (DLP) solutions. Ensure that deployed security controls and solutions consistently generate valuable and actionable alerts to support the Security Operations Centre (SOC), including regular tuning to minimize false positives and effective integration with SIEM and other monitoring systems. Assist in the development and management of the IT Security budget, providing input on resource planning, tooling requirements, training needs, and operational costs. Collaborate with leadership to ensure the budget aligns with strategic objectives and supports the ongoing growth and maturity of the SOC function Mentor and guide security engineers, fostering a positive culture of continuous improvement. Coordinate the team to ensure an effective and consistent response to both emerging and ongoing threats. Conduct daily, weekly, and monthly stand-up meetings with internal teams and the wider engineering and operations groups to ensure effective coordination and alignment on current and upcoming deliverables and objectives. Respond to security issues, vulnerabilities, and threats escalated to the Security Engineering team, and assist in resolving them using tools and solutions managed by the IT Security team. Assist with the management of Microsoft 365 platforms and solutions, ensuring optimal configuration to maintain confidentiality, integrity, and availability for our business operations Assist with the management of Cloud Hosting platforms and solutions, ensuring optimal configuration to maintain confidentiality, integrity, and availability for our business operations Ensure projects involving the Security Engineering team are effectively managed and delivered on schedule, with coordinated use of resources both within and outside the team. Work independently and coordinate resources under the direction of the Cyber Security Director to ensure the successful delivery of business objectives. You Must Have: Language & Communication Proficiency in spoken and written English, with the ability to communicate effectively across both technical and non-technical audiences The ability to communicate difficult or sensitive information tactfully Education & Experience: At least 5 years of relevant experience Strong knowledge of cybersecurity principles, threat landscapes, and incident response procedures Awareness of current and emerging cyber threats affecting SaaS organisations Technical Experience: Hands-on experience with Web Application Firewalls (WAF), Endpoint Detection and Response (EDR), Remote Access and Zero Trust solutions, Patch Management solutions, Vulnerability and Penetration Testing solutions, Email Security Gateways, Privileged Access Management, Password Management, Public and Private PKI, SIEM, Identity Management, Asset and Endpoint Management Solutions, and Data Classification/Data Loss Prevention (DLP) solutions Hands-on experience with Conditional Access, Multi Factor Authentication and Identity Management solutions. Hands-on experience with the Microsoft Azure cloud platform, Microsoft Entra, Microsoft Intune, and Microsoft 365, along with applying best-in-class security protections to these solutions. Understanding of common IT systems / concepts, including but not limited to; DNS (public and private), TCP/IP, Firewalling, Active Directory, APIs, Encryption, Access control, Infrastructure as code. Teamwork & Leadership: A positive, self-motivated attitude and the ability to inspire and motivate others The ability to work effectively in a team environment, collaborating with cross-functional teams to achieve shared objectives Strong time management and prioritisation skills, with the ability to manage your own workload and support others in doing the same The ability to perform effectively under pressure, prioritise tasks, and make sound decisions in high-stress or emergency situations A proactive mindset with the ability to critically evaluate your own work, identify improvement opportunities, and automate, simplify, or standardise processes where appropriate Experience taking ownership of project delivery and coordinating resources both internally and across teams to achieve business objectives. Experience ensuring adherence to business objectives and SLAs to deliver the best possible customer experience. It Would Be Good to Have: Language Skills: Proficiency in German (spoken and written) Leadership & Strategy: Experience leading a security engineering function to enhance operational maturity Experience developing and delivering security posture reports for diverse audiences, including stakeholders, customers, and senior management Experience leading an operational team and coordinating analyst resources Experience producing and managing key performance indicators (KPIs) to measure team performance and drive continuous improvement Experience managing team budgets and contributing to team financial planning Technical Experience: Hands-on experience with Threat Response, Cloud Security Posture Management, Application Security Posture Management, Cyber Security Awareness Training, Software Composition Analysis, Static Code Analysis, DDOS Protection, and Dark/Deep Web Monitoring solutions Hands-on experience with the Amazon AWS cloud platform, along with applying best-in-class security protections to these solutions. Practical knowledge of common cyber security standards (ISO27001, C5, Cyber Essentials, etc) Teamwork & Leadership: Experience conducting and facilitating daily, weekly, and monthly stand-up meetings to support effective team coordination and delivery What we offer Lunch n Learn Sessions I Womens Network I LGBTQIA+ Network I Coffee Chat Roulette I Free English Lessons I Thinkproject Academy I Social Events I Volunteering Activities I Open Forum with Leadership Team (Tp Caf ) I Hybrid working I Unlimited learning We are a passionate bunch here. To join Thinkproject is to shape what our company becomes. We take feedback from our staff very seriously and give them the tools they need to help us create our fantastic culture of mutual respect. We believe that investing in our staff is crucial to the success of our business. Please submit your application, including salary expectations and potential date of entry, by submitting the form on the next page. These cookies are necessary for a good functionality of our website and cannot be switched off in our system. We use these cookies to provide statistical information about our website. They are used to measure and improve performance. On some pages we embed content from social networks and other services. As a result, your personal data may be passed on to the operator of the portal from which the content originates, so that the operator can analyse your behaviour.

Join Team Amex and lets lead the way together. How will you make an impact in this role? Responsible for contacting clients with overdue accounts to secure the settlement of the account. Also they do preventive work to avoid future overdues with accounts that have a high exposure. A PCI Penetration Tester, often referred to as a security expert or ethical hacker, is responsible for simulating real-world cyberattacks on systems and networks to identify vulnerabilities related to the Payment Card Industry Data Security Standard (PCI DSS). Their role involves performing vulnerability assessments, exploiting weaknesses, and providing actionable recommendations for remediation to ensure compliance with PCI DSS requirements. Key Responsibilities: PCI DSS Compliance: Ensuring that systems and networks meet the security requirements outlined in PCI DSS standards. Vulnerability Assessment: Identifying and classifying security flaws in systems, networks, and applications within the Payment Card Industry (PCI) environment. Penetration Testing: Simulating attacks on systems and networks to exploit identified vulnerabilities and assess their impact. Reporting and Recommendations: Documenting findings, including risk assessments, and providing detailed recommendations for improving security posture and addressing identified weaknesses. Compliance and Security: Collaborating with IT and development teams to implement security measures and ensure compliance with PCI DSS and other relevant standards. Staying Updated: Keeping abreast of the latest security threats, vulnerabilities, and testing methodologies to enhance their expertise. Specific Tasks: Network Scanning: Using tools like Nmap to identify open ports, services, and potential vulnerabilities within the network. Application Testing: Evaluating web applications, mobile apps, and APIs for security weaknesses and potential exploitation points. Reporting: Creating detailed reports, including risk assessments, technical findings, and remediation recommendations, for stakeholders. Skills and Qualifications: Bachelor s Degree in Computer Science, Information Systems, Business 10+ years of experience in cyber security Penetration testing Strong understanding of PCI DSS requirements and compliance. Experience in penetration testing methodologies and tools. Proficiency in network protocols, operating systems, and web application technologies. Knowledge of common security vulnerabilities and exploitation techniques. Ability to communicate technical findings clearly and concisely. Certifications: Industry certifications like CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or similar can be beneficial.