115 Vapt Jobs

Securze is hiring Security Analysts (L2/L3) in Mumbai with 3+ yrs experience in pentesting, red/blue teaming, AD attacks, and network security. Hybrid role. Must be technically strong, confident, and eager to learn. Immediate joiners only.

Job Summary Assist in implementing, maintaining and testing SOX controls supporting the Application Managers for custom applications and 3rd party Applications, support internal and external audits, and identify potential SOX compliance risks. Key Responsibilities: Pre-Implementation Quality CheckConduct a thorough review of controls design and implementation before product/functional go-live, based on evidence submitted by engineering and application management teams. SOX ITGC and Automated Controls EvaluationTest and evaluate the effectiveness of SOX IT General Controls (ITGC) and automated controls using audit checklists prepared by the Controls team to: Maintain SOX controls for internal and third-party products Support internal and external audits related to SOX compliance Control Testing DocumentationDocument control testing procedures and findings in a clear and concise manner. Control Deficiency Identification and ReportingIdentify and report any control deficiencies or weaknesses to ensure prompt remediation. SOX Compliance ReportingPrepare comprehensive reports and documentation for SOX compliance activities, including testing results and control evaluations. Cross-Functional CollaborationCollaborate with cross-functional teams to ensure the thoroughness and accuracy of controls implementation and testing. Educational Qualifications: Bachelor's degree in engineering, finance, or a related field CIA, CISA or CISSP certification Experience: 5-7 years of experience in SOX compliance testing, internal controls, or auditing Knowledge: Strong understanding of SOX regulations, internal controls, and accounting principles. Familiarity with auditing Oracle, Workday and/or Salesforce suite of applications. Skills: Strong analytical and problem-solving skills Excellent communication and interpersonal skills Ability to work independently and as part of a team CertificationCISA preferred Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: GRC Consulting. Experience5-8 Years.

We are looking for candidates who have a zeal for technology and innovation. TheSelected candidates will be a part of any of the below Business Units. 1.Cyber Security Operations 2. CyberSecurity Engineering/ GRC EligibilityCriteria University degree in the field ofengineering and technology stream such as BE/ BTech/MTech/MSc/MCA preferablyspecialisation in Cyber Security, Computer Engineering, IT or EXTC Pass out: 2025 BatchONLY 10th & 12th 65 % & above Work Mode : Work From Office (5 Days) Experience/Knowledge: Fundamental knowledge in InformationTechnology Infra and Cyber Security Knowledge of Risk analysis , identification,resolution and management Awareness on Data security/privacy analysisand related practices Knowledge of Computer hardware / software /programming Networking and System/DatabaseAdministration knowledge Network Security Control knowledge asFirewall, Proxy, LB ,WAF etc. New Infra security project deploymentskills and excellent verbal and written communication skills Basic knowledge, VPN , VAPT , AD , SOC , DLP , Antivirus , Mail Gateway ,NAC etc Basic knowledge of Application & APISecurity best practices and standards including OWASP top 10, OSSTMM, SANS Top25, Attacks, Malware etc Basic knowledge about Information Security,network security, Data security, risk assessment and governance requirements. Understanding of secure coding practicesand application security Understanding of the IS and Cyber securityAudit Framework Excellent analytical skills Excellent English written and verbalcommunication. Good at public speaking and stakeholder management Responsibilities Cyber Security Operations Monitoring and protecting ITinfrastructure, edge devices, networks, and data. Responsible for preventing data breachesand monitoring and reacting to attacks. Supporting day-to-day support Tasks Cyber Security Engineering/GRC Basic documentation for Infra securityservices. Documentation of SOP, Product review. Perform Security configuration review &Hardening using CIS benchmarks. Define hardening documents for Firewalls,Load balancers, WAF, IPS/IDS, NTA etc Provide security compliance report tomanagement on periodic basis for Infrastructure landscape. Analysis and evaluation of openvulnerability within IT Infrastructure Responsible for deploying, tuning, andmaintaining security policies and enhancements on the web application firewall,Load balancer and infra devices.

We are looking for someone who has good hands on experience in VAPT. This role is with one of the government department of Maharashtra. Education: B.E/B. Tech / M.Sc. (Comp. Sci) / MCA / MBA/ M. Tech degree or equivalent. Should be a certified auditor. 6 or more years of overall experience with at least 6 years of relevant experience in Vulnerability Analysis, Penetration Testing and/or forensics. Must have experience in managing at least 3 projects for large, enterprise scale Clients. should have at least two industry certifications as mentioned below: 1. Licensed Penetration Tester (LPT) 2. Certified Penetration Testing Professional (CPENT) 3. Certified Expert Penetration Tester (CEPT) 4. GIAC Penetration Tester (GPEN) 5. CompTIA PenTest+ 6. Certified Ethical Hacker (CEH) 7. Certified Mobile and Web App Penetration Tester (CMWAPT) 8. Computer Hacking Forensic Investigator (CHFI) 9. Certified Information System Auditor (CISA) 10. Certified Information Security Manager (CISM) 11. Other acceptable industry related certification in VAPT. 12. OSCP

Roles and Responsibilities: VAPT: Assisting with Vulnerability Assessment and Penetration Testing of: Web Applications Mobile Applications APIs Network Infrastructure 2. ISMS/GRC : Assisting with tasks related to: ISO 27001 Governance, Risk, and Compliance (GRC) activities Eligibility Requirements: Status: Currently pursuing final year of B.Tech OR B.Tech Graduate Branch: Computer Science Engineering, Information Technology, Artificial Intelligence, or Cyber Security Communication: Excellent Communication Skills (preferably from ICSE board)

Job Title: VAPT Engineer (Bug Bounty Experience Preferred) Location: Ahmedabad, Gujarat (Only candidates from Ahmedabad will be considered) Job Description: We are seeking a passionate and skilled VAPT Engineer with a strong background in Bug Bounty programs and application security. The ideal candidate should be based in Ahmedabad and ready to contribute to our growing cybersecurity team. Key Responsibilities: Conduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, mobile apps, APIs, and networks. Identify and exploit vulnerabilities, especially business logic flaws, using manual and automated tools. Actively contribute to bug bounty programs and utilize the same methodology in internal assessments. Analyze scan results, identify false positives, and provide accurate risk ratings. Prepare comprehensive technical reports , document findings, and suggest remediation measures. Collaborate with development and infrastructure teams for patch management and fixing identified vulnerabilities. Follow and apply security standards such as OWASP Top 10 , SANS , and industry best practices . Required Candidate Profile: Education: B.Tech / B.E. / BCA / BSc in Computer Science or Information Technology. Experience: Fresh graduates or up to 1 year of hands-on experience in VAPT or Bug Bounty (professional or personal). Practical exposure to bug bounty platforms like HackerOne , Bugcrowd , or similar. Certifications: OSCP or equivalent (preferred).

Essential Services : Role & Location fungibility At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team . To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service . The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the role As a Lead Information Security Resiliency and Vulnerability Assessment & Penetration Testing Manager, you will be responsible for defining the scope for annual Vulnerability Assessment & Penetration Testing (VAPT) activity and handling end-to-end third party VAPT assessment activity. The selected applicant, would be accountable for managing organizations cyber resiliency and for implementing cyber resilience goals. Key Responsibilities Business Understanding Understanding/Knowledge of information security domains, risks, mitigation and overall management. Experience and knowledge of servers, networks, security devices etc. Collaborate Interaction with various stakeholders/teams on daily basis. Ability to communicate effectively with Heads of various teams. Proactively coordinating with different teams for tracking and closure of open observations and escalating when necessary. Vendor Management Facilitating the vendor with requirements for carrying out the VAPT assessment. Vendor selection, evaluation and finalization for the annual Vulnerability Assessment & Penetration Testing (VAPT) activity. Candidate should review the draft reports shared by vendors and suggest if any changes required, Validation of final reports. Timely communication of final reports to relevant stakeholders. Qualifications & Skills Educational Qualification Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent. Certifications ISO27001, CISSP, CISM Compliance Candidate should validate the security controls deployed across DC, DR, NDR and COLO environment and prepare the quarterly resiliency report to share with senior management. Synergize with Team Ability to work collaboratively with different teams for closure of activities. Strong analytical and problem-solving skills. Experience in the banking domain will add an advantage. Strong understanding and hands-on experience of VAPT activity and Information Security resiliency. Communication skills Excellent communication and interpersonal skills.

Job Title: Lead SME Cybersecurity and Infosec Location: Pune About Zygal - Zygal is built on a decade of product development and manufacturing expertise, where innovation is at our core. From the outset, we recognized the limitations of conventional cameras in securing premises. Our relentless pursuit of an unparalleled security and surveillance ecosystem has positioned us at the forefront of AIoT innovation, driven by AI and Robotic Process Automation (RPA). We aspire to establish Zygal as a global brand in B2B security surveillance, leveraging our SaaS model to power our solutions. We have earned the trust of industry giants in critical sectors such as BFSI, retail, logistics, and supply chain management, serving over 25,000 locations nationwide. Our cloud- based AIoT ecosystem currently manages a vast network of over 3.5 million connected devices, processing more than 1.2 billion alerts annually to meet the ever-evolving demands of security and surveillance. Duties and Responsibilities 1. Discover and Mitigate Cyber Risks and exploitable vulnerabilities on the internet facing apps/assets 2. Conduct Regular Vulnerability Assessment and Penetration Testing of the applications 3. Experience with latest technologies and security standards such as OWASP, CVSS, Mitre etc. 4. Mobile App Reversing and pen testing as Android and iOS applications security standards 5. Familiarity with malicious code identification and common hacker attack techniques 6. Conduct regular Secure Code and Architecture Review, SAST and DAST 7. Latest technology security- API, Microservices, RPA, IOT etc. 8. Ethical Hacking and Red Teaming Activity (Addon preferred) 9. Assess Third Party Partner vulnerabilities and security risk 10. Remediations, Closures Tracking, Reporting and Management of all Cyber Risks 11. Engage with technology Teams and partners and business units to resolve identified vulnerabilities within acceptable timelines 12. Design and deliver actionable Information Security dashboards and scorecards 13. Work with partners in carrying out comprehensive VAPT assessment 14. Advanced understanding with working experience collecting and tracking threat intelligence 15. Experience working with tracking, communicating, and prioritizing vulnerabilities and cyber threats to an enterprise-wide organization Required Qualifications and Experience 1. Engineering / Computer Graduate with 3-5 years of Information / Cyber Security Experience 2. Relevant Security Certifications like CEH, CPENT, PNPT, EJPT, EWPT, OSCP etc. preferred 3. Prior experience of Security Testing, OWASP Top 10 and application security 4. Prior experience of Penetration Testing Web Application, Mobile Applications and API Security testing 5. Sound in latest application technologies and network attacks execution 6. Good Written and Verbal Communication with Presentation Skills Good Team Player and sound in stakeholder management 8. Threat Modelling, Cloud Security and WAF basics clarity 9. DevOps / DevSecOps and Source Code security review experience is added boon 10. Well versed with related tools and techniques of all the above Role: Lead SME - Cyber Security Department: IT & Information Security Employment Type: Full Time, Permanent Role Category: IT Security Experience: 5 to 8 Years Education

We are looking for a Senior Linux Support Specialist to take full ownership of hybrid infrastructure environments hosted across AWS, Azure, and On-Premises setups. The ideal candidate will play a critical role in ensuring system stability, security, and performance while driving automation and standardization across 100s of Linux servers. This is a hands-on technical role requiring deep expertise in Linux, security hardening (CIS benchmarks), vulnerability remediation, and automation of infrastructure tasks. Key Responsibilities: Linux Server Management & Operations Manage, monitor, and support large-scale Linux environments (RHEL, CentOS, Ubuntu, etc.) Perform OS upgrades, patching, and package management across hundreds of servers Troubleshoot and resolve advanced Linux system issues (performance, kernel, services, etc.) Security Hardening & Compliance Implement and maintain CIS hardening standards across all Linux servers Remediate VAPT (Vulnerability Assessment and Penetration Testing) and CIS benchmark findings Develop automation scripts/tools to roll out security configurations across the fleet Work closely with the security team to ensure system compliance with industry best practices Automation & Configuration Management Automate OS hardening, patch management, and system provisioning using tools like Ansible, Bash, Python, or Terraform Create and maintain playbooks and scripts for repeatable tasks Streamline deployments and configuration drifts across cloud and on-prem environments Cloud & On-Premise Support Support hybrid environments on AWS, Azure, and On-Prem Assist in provisioning, scaling, and securing cloud-based Linux workloads Monitor platform uptime, availability, and performance metrics Cost & Resource Optimization Collaborate with DevOps/cloud teams to optimize cloud usage and reduce infrastructure costs Implement monitoring and alerting to proactively identify performance or cost anomalies Skills & Qualifications: Must-Have Skills: 3+ years of hands-on experience with Linux system administration Deep understanding of CIS benchmarks and security hardening techniques Strong scripting skills (Bash, Python, etc.) Proven experience with Ansible or similar configuration management tools Solid knowledge of AWS and Azure Linux instances and best practices Experience in managing vulnerability remediation and patch management Familiarity with VAPT assessments , security tools, and remediation workflows Good to Have: Experience with container technologies (Docker, Kubernetes) Infrastructure as Code (Terraform, CloudFormation) Monitoring tools (Prometheus, Nagios, CloudWatch, etc.) Certification in RHCE, AWS SysOps, Azure Administrator, or related areas

Role & responsibilities Main Priorities: Plan and execute VA/PT projects across digital assets. Identify, assess, and report vulnerabilities and risks. Collaborate with IT and development teams for remediation. Ensure compliance with cybersecurity standards (ISO 27001, NIST, GDPR). Provide regular updates and final reports to stakeholders. Drive continuous improvement in VA/PT processes. Preferred candidate profile Strong understanding of VA/PT methodologies and tools (e.g., Nessus, Metasploit, Burp Suite). Familiarity with operating systems, network protocols, and security frameworks. Knowledge of ISO 27001, NIST, GDPR compliance. Strong project management and documentation skills. Excellent communication, leadership, and problem-solving abilities.

Role: Technology Analyst - IT Services(Cyber Security) Location-PUNE Experience-6+Years Notice Period-Immediate Joiners Education-BE/BTECH Scripting experience Must have worked on security products like firewall, AV, Patch, VAPT, Qualys etc. Java, Python, firewell, scripting coding, power Shell scripting. Certification like basic MS, Linux or CCNA types ensuring basic should be clear. Experience of at least 5+ years Expertise in cloud security testing & validation Scripting experience like Python, PowerShell bash etc Team Management and Leadership Cybersecurity Expertise Vulnerability Assessment & remediation Penetration Testing IT Risk Management, Security Compliance & Governance. Exposure to the tools like Qualys, Nessus, Workspace one Regards, Infosys Recruitment Team

Role & responsibilities Responsibilities: • Escalate validated and confirmed incidents to designated SOC Lead/ Incidents response team. • Security Event Correlation as received from L2 SOC or Incident Response staff or relevant sources to determine increased risk to the business. • Indepth knowledge on multiple SIEM platforms like Securonix, IBM QRadar, LogRhythm, Arcsight, FortiSIEM , Microsoft Sentinel, and others • Support the SOC Manager in his duties (e.g. extension of SOC services) • Update Security Operations reporting • Triage security events and incidents, detect anomalies, and report/direct remediation actions. • Development and execution of SOC procedures • Should have indepth knowledge of Firewall, EDR, IDS/ IPS, VPN, Cloud Security • Should have hands on Experience in Threat Hunting. • Should have good hands-on experience in VAPT. • Should have good knowledge in integrating TI feeds and Third-Party tools. • Should have knowledge in Building SIEM platform with SOAR, NBAD, UEBA Integration. • Should have hands on experience in developing Use case and Parser Creation. • Should have knowledge in Breach simulation attack. • Sound knowledge in Unix, Linux, Windows, and security devices like firewall, etc. • Preparation of RCA, Preparation of runbook and Training to L2 and L1 team. Qualification: B.E./B.Tech/MCA Certification CEH, ECIH, CISSP, CISM, GCIH, GCFA, Certified Threat Hunter, SIEM certifications for platforms like (Qradar, LogRhythm etc) Work experience: 8 + Years NOTE : Work location will be Mumbai Andheri Seepz, and this is permanent Work from Office role NO HYBRID Option

What Youll Do Drive international B2B sales across North America, Europe, and APAC marketsSell a wide suite of cybersecurity services, including: Information Security Compliance (ISO 27001, ISO 13485) Data Protection (GDPR, HIPAA, HITRUST) Vulnerability Assessments & Penetration Testing (VAPT)Threat Detection & ResponseCloud Infrastructure & Security Services Manage the entire sales cycle: prospecting, solutioning, pitching, negotiation, and closureBuild and maintain CXO-level relationships with decision-makersCollaborate with technical consultants to tailor solutions for client pain pointsMonitor emerging cyber threats and evolving compliance mandates to create relevant value propositions Who You Are 8–12 years of proven experience in international sales for IT or cybersecurity servicesHands-on experience in end-to-end solution selling with high-value deal closuresDeep understanding of cybersecurity frameworks, data protection regulations, and compliance standardsStrong communication, negotiation, and consultative selling skillsBased in or willing to relocate to Ahmedabad for a full-time office roleSelf-driven, strategic, and performance-focused with a flair for storytelling Why Join Us? Niche focus on cybersecurity for regulated industries Agile, innovation-driven work culture backed by Communication Crafts Direct access to leadership and opportunity to shape global growth Attractive performance incentives & career growth roadmap Apply for this job sharer with someone awesome VI

Who we think will be a great fit. A passion for information security with a hacker mindset! Self-motivation and Proactiveness Communication skills What we need... We want people with preferably two or more, of the following: 1. Web Application Security Testing. Knowledge about BURP Suite, manual and automated SQLi Bypass filters that detect SQLi, XSS, etc. People who don't think Injection means only SQLi but SSTI, SSJI, ORMi [HQLi], LDAPi, Eli, XMLi etc. 2. Network Infrastructure Testing. Ability to write custom scripts and wrappers. Knowledge of tools like Responder, Ettercap, tcpdump, Empire, etc.not just Nmap and Nessus Have good knowledge about PowerShell scripting and AD/DC infrastructure. 3. Mobile App Testing. Root/jailbreak and Certificate pinning bypass without any automated tool Dynamic instrumentation using Frida De-obfuscation of APK/IPA file 4. IoT Testing. MQTT attacks Fuzzing of IoT devices Firmware extraction 5. Cloud Testing. A good understanding of the cloud infrastructure that includes AWS, Azure and Google cloud. Have a good understanding of microservices architecture. 6. Secure Code Review. Ability to visualize and compile applications without any compiler (in your mind). Has the ability to learn a new programming language on-the-go. Preferred candidate profile : Candidates with relevant professional experience will be given preference.

https://zrec.in/ai3DV?source=CareerSite

Job Title: Cyber Security Engineer Location: Hyderabad Industry: Payment Card Processing / Fintech About the Role: We are looking skilled Cyber Security Engineers , you will be part of a global security landscape, helping enhance threat detection capabilities and ensure compliance readiness through active management and fine-tuning of SIEM systems and security tools. Key Responsibilities: Manage and fine-tune SIEM tools primarily Microsoft Sentinel and Wazuh Ingest, analyze, and correlate logs from tools such as CyberArk , JumpCloud , Encore , and other core platforms Update and optimize alert rules and detection logic to reduce false positives and improve threat visibility Assist in maintaining and managing the CyberArk PAM environment Collaborate with internal security teams and interface with audit teams to fulfill compliance obligations Support threat monitoring, detection, and initial incident triage activities across regions Provide technical input on security configurations and enhancements based on evolving threat and compliance needs Contribute to documentation and compliance reporting as required Help with Pen testing of all applications, coordinate with stakeholders to remediate the gaps. Key Requirements: 5–6 years of experience in Cybersecurity Engineering, SOC, or SIEM operations Hands-on experience with Microsoft Sentinel and/or Wazuh SIEM Familiarity with CyberArk or similar PAM solutions Proficiency in managing log ingestion pipelines and rule configuration Strong understanding of threat detection, incident response, and log correlation techniques Ability to work across teams and communicate effectively with audit/compliance stakeholders Experience working in a regulated environment (e.g., fintech, payment systems, banking) is a strong plus Nice to Have: Experience with compliance frameworks like PCI DSS, ISO 27001, or SOC 2 Familiarity with scripting or automation for security rule tuning Exposure to cloud-native security tools (Azure, GCP, etc.)

Desired Candidate The ideal candidate is a proactive and detail-oriented professional with strong leadership skills and a passion for cybersecurity. They should have excellent communication abilities to convey technical concepts to diverse audiences and a proven track record of managing teams and fostering a culture of security awareness. Adaptable and ethical, the candidate thrives in dynamic environments and collaborates effectively to address evolving cyber threats while maintaining the highest standards of confidentiality and integrity. Responsibilities: Strategic Planning: Develop, implement, and maintain a comprehensive cybersecurity strategy aligned with organizational goals. Risk Management: Identify, assess, and mitigate potential cybersecurity risks and vulnerabilities across systems, applications, and networks. Incident Response: Lead and coordinate incident response activities, ensuring quick containment, recovery, and root-cause analysis of security breaches. Compliance and Standards: Ensure adherence to relevant regulatory standards (e.g., GDPR, ISO 27001) and internal security policies. Team Collaboration: Lead and mentor the cybersecurity team, fostering skill development and ensuring alignment with security objectives. Stakeholder Communication: Act as a liaison between technical teams and senior management, translating technical risks into business terms. Continuous Improvement: Monitor and evaluate the effectiveness of security measures, and recommend enhancements to maintain a robust security posture. Tool and Technology Management: Oversee the deployment and management of security tools (e.g., SIEM, firewalls, endpoint protection, etc.) to ensure system integrity and confidentiality. Training and Awareness: Develop and conduct security training programs to promote awareness and compliance across the organization. Requirements: Education: Bachelors or Masters degree in Cybersecurity, Information Technology, Computer Science, or a related field. Experience: 6-10 years of experience in cybersecurity roles with progressive leadership responsibilities. Certifications: CISSP (Certified Information Systems Security Professional)[Ongoing is acceptable]. Additional certifications (e.g., CISM, CEH) are a plus. Technical Expertise: Strong understanding of security architecture, protocols, and best practices. Experience with tools like SIEM, IDS/IPS, endpoint security, firewalls, and vulnerability management systems. Knowledge of cloud security (AWS, Azure, GCP) and securing hybrid environments. Soft Skills: Excellent verbal and written communication skills for technical and non-technical audiences. Strong leadership, project management, and team collaboration abilities. Analytical and problem-solving mindset with attention to detail.

Responsibilities: * Ensure compliance with PCI DSS, NIST, HIPAA & ISO standards. * Design, implement & maintain secure systems using Infosec principles. * Conduct regular security audits & risk assessments. * Experience in SOC and SIEM tools-Qradar

Date 7 Jun 2025 Location: Bangalore, KA, IN Company Alstom Req ID:478631 Could you be the full-time Cybersecurity Engineer Cyber Applications in Bangalore were looking for Your future role Take on a new challenge and apply your cybersecurity and system/network administration expertise in a new cutting-edge field. Youll work alongside innovative, dedicated, and supportive teammates. You'll maintain and enhance the security of Alstoms products and solutions, ensuring the integrity and resilience of our transport networks. Day-to-day, youll work closely with teams across the business (such as V&V, platform validation, and regional cybersecurity), execute design and deployment activities, and much more. Youll specifically take care of the maintenance of cybersecurity tools and applications, but also prepare and execute design & deployment activities for various projects and programs. Well look to you for: Maintaining cybersecurity tools and applications Preparing and executing design & deployment activities Executing specific testing activities and preparing reports Supporting validation and verification teams Acting as the administrator for cybersecurity applications Identifying cybersecurity tools and practices and providing guidance All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Degree in Computer Science, Information Technology, or equivalent Experience or understanding of cybersecurity in the context of industrial control systems or network administration Knowledge of design & deployment of NIDS such as Fortinet, Nozomi, Dragos, etc. Familiarity with system administration of Windows or Linux servers/systems A certification like MCSE, RHCE, LPIC, CCNA, or Network+ Preferably a cybersecurity certification like ECSA, Security+ Strong communication skills and the ability to work in a matrix organization Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges and a long-term career free from boring daily routines Work with new security standards for rail signalling Collaborate with transverse teams and helpful colleagues Contribute to innovative projects Utilise our flexible working environment Steer your career in whatever direction you choose across functions and countries Benefit from our investment in your development, through award-winning learning Progress towards roles of greater responsibility and leadership Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension) You dont need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, youll be proud. If youre up for the challenge, wed love to hear from you! Important to note As a global business, were an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. Were committed to creating an inclusive workplace for everyone.

Your potential, unleashed. Indias impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilientnot only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile As Assistant Manager in our Cyber Team youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Threat Modelling: Conduct threat modelling sessions to identify potential security risks to applications, networks, and infrastructure. Utilize various threat modelling frameworks (e.g., STRIDE, PASTA) to evaluate the risk associated with business processes and IT systems. Vulnerability Assessment & Penetration Testing: Perform regular vulnerability assessments and penetration testing on applications, systems, and networks to identify weaknesses and misconfigurations. Security Risk Analysis: Analyse vulnerabilities identified in VAPT engagements and prioritize them based on risk to the business. Provide recommendations for remediation and mitigation. Incident Response: Assist in responding to security incidents by analysing threat patterns, supporting forensic investigations, and recommending preventative measures. Collaboration with Teams: Work closely with developers, DevOps, and other stakeholders to design and implement secure development practices and advise on secure code development practices. Reporting: Document findings from threat modelling, vulnerability assessments, and penetration tests, and present them to management and other key stakeholders. Security Awareness: Promote awareness of cybersecurity risks within the organization and provide guidance on secure coding and risk mitigation strategies. Required Skills and Qualifications: Strong knowledge of Threat Modelling methodologies and tools (e.g., Microsoft Threat Modelling Tool, OWASP Threat Dragon). Hands-on experience in performing Vulnerability Assessment and Penetration Testing (VAPT) using tools like Nmap, Burp Suite, OWASP ZAP, Nessus, and Metasploit. Solid understanding of common vulnerabilities (e.g., SQL injection, Cross-Site Scripting, Buffer overflows) and security protocols (e.g., TLS/SSL, OAuth, OpenID). Familiarity with network security (firewalls, IDS/IPS, VPNs, etc.) and web application security. Experience in performing risk analysis, writing security reports, and presenting findings to both technical and non-technical audiences. Knowledge of OWASP Top 10, CVE, and vulnerability databases. Proficiency in one or more programming languages (e.g., Python, Java, C, or scripting languages) is a plus. Understanding of security frameworks and compliance requirements (e.g., NIST, ISO 27001, GDPR, SOC 2) is desirable. Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus. Strong problem-solving skills and the ability to work independently and in a team. Prior experience in BFSI would be preferred. Preferred Qualifications: Certification: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar penetration testing certifications. Certified Information Systems Security Professional (CISSP) or similar information security certifications. Previous experience in threat hunting, incident response, or application security. Understanding of security in Agile/Scrum development processes. Location and way of working Base location: Pune Professional is required to work from office. How youll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the worlds most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyones welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.

As a Cyber Security Analyst you will be responsible for the administration, endpoint protection, vulnerability management, intrusion detection system, security information & event management, Active Directory, Domain Controller and Email Security.

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modeling: Ability to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

Hello Visionary! We know that the only way a business thrive is if our people are growing. That’s why we always put our people first. Our global, diverse team would be happy to support you and challenge you to grow in new ways. Who knows where our shared journey will take you We are looking for Product and Solution Security Expert (PSSE) How do you craft the future Smart BuildingsWe’re looking for the makers of tomorrow, the hardworking individuals ready to help Siemens transform entire industries, cities and even countries. Get to know us from the inside, develop your skills on the job. You’ll make a difference by: 1. Integration with SDLC: Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Perform security code reviews and analyze vulnerabilities during different SDLC phases. Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. 2. Security Activities: Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. 3. Stakeholder Interaction: Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization. 4. Security Tools and Technologies: Implement and manage security tools such as static and dynamic analysis tools, intrusion detection systems, and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance the organization's security posture. 5. Incident Response: Assist in the development and implementation of incident response plans and procedures. Participate in security incident investigations and provide expertise in resolving security breaches. 6. Training and Awareness: Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security. You’ll win us over by: 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred: Certified Secure Software Lifecycle Professional (CSSLP). Experience: Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. You’ll win us over by: Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. Minimum 5 years of experience in cybersecurity, with a focus on application security. We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Create a better #TomorrowWithUs! This role, based in Pune, is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow Find out more about the Digital world of Siemens here[1] www.siemens.com/careers/digitalminds Find out more about Siemens careers at[2] www.siemens.com/careers

Hello Visionary ! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. We are looking for a highly skilled and motivated Product & Solution Security Professional to join our team. The ideal candidate will be responsible for defining secure design principles and supporting cross-functional teams to ensure secure architecture, implementation, and testing of products and solutions. Key Responsibilities Integration with SDLC Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. Perform security code reviews and analyze vulnerabilities during different SDLC phases. 2. Security Activities Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. Stakeholder Interaction Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization . 4. Security Tools and Technologies Implement and manage security tools such as static and dynamic analysis tools and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance product’s security posture. 5. Training and Awareness Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security . Skills and Qualifications 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred CEH, Certified Secure Software Lifecycle Professional (CSSLP) or equivalent. Experience Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. 7 - 10 years of experience in cybersecurity, with a focus on application security. Make your mark in our exciting world at Siemens . This role, based in Bangalore , is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow We’ll support you with Hybrid working opportunities. Diverse and inclusive culture. Variety of learning & development opportunities. Attractive compensation package. Find out more about Siemens careers at www.siemens.com/careers

Job Summary We are seeking a seasoned professional to manage and enhance the operations of the Saviynt platform. The ideal candidate will bring strong technical expertise leadership capabilities and a proactive approach to platform stability process improvement and stakeholder engagement. Responsibilities Key Responsibilities Platform Monitoring & Maintenance Oversee the health and performance of the Saviynt Platform including Saviynt Connect Portal and Connectors. Monitor JML (Joiner-Mover-Leaver) processes aggregation tasks and access requests. Hands on with SOD workflows tasks rules forms custom object access reviews and updates of JML configurations access requests and certification workflows. Guide the team to implement best practices for Access Management & RBAC. Play a key role in identifying areas for implementing Automations. Enhancements & Troubleshooting Implement minor enhancements and workflow changes as needed. Coordinate with the Saviynt product team for resolution of critical issues. Documentation & Compliance Maintain up-to-date SOPs runbooks and procedural documentation. Ensure timely patching of the Saviynt platform and its components. Support DR (Disaster Recovery) testing. Integration & Performance Management Manage and resolve integration issues with systems such as Active Directory and ServiceNow and any custom integrations. Periodically tune performance parameters to ensure optimal system efficiency. Operational Oversight Share service health status report to customer on daily basis validate logs and verify backups. Provide Weekly/monthly reports on incidents changes service requests and problem tickets. Attend Weekly/monthly review calls tracking actions and work towards closure. Process & Stakeholder Engagement Identify process gaps and propose remediation aligned with product and security standards. Present changes in CAB meetings participate in major incident bridges and engage with customers for requirement gathering and escalation handling. Additional Skills Strong understanding of ITIL processes. Working knowledge of NetIQ IDM is a plus. Proficiency in Microsoft Office Suite for documentation and presentations. Excellent communication skills to liaise effectively between internal teams and customers. Basic knowledge on scripting using PowerShell AD & Exchange commands. Knowledge on Active Directory Entra AD Entra AD connect for synchronization