120 Vapt Jobs - Page 3

Location: Pune Experience Required: 5-7 years Company: Incred Money (www.incredmoney.com) Industry: Fintech / Financial Services About IncredMoney.com IncredMoney.com is a fast-growing digital wealth and investment platform empowering users with smart, simplified financial tools. We are passionate about financial inclusion, investor transparency, and secure digital experiences. As we scale, security remains central to our missionand thats where you come in. Role Summary We are looking for a dynamic and hands-on Senior Infosec Engineer who will be responsible for leading and implementing our information security and cyber-risk strategy. The ideal candidate will have strong experience in fintech or financial services, knowledge of regulatory frameworks (like RBI, SEBI), and the ability to build secure digital systems while enabling growth and innovation. Key Responsibilities Own and lead the company’s overall information security strategy. Build and implement policies, procedures, and controls aligned with industry best practices (e.g., ISO 27001, NIST, OWASP). Perform risk assessments, security audits, and regular vulnerability assessments of applications and infrastructure. Collaborate with engineering, DevOps, and product teams to embed security into the SDLC. Oversee data protection strategies (encryption, backups, data access) and ensure regulatory compliance (e.g., RBI, SEBI, GDPR, PCI-DSS if applicable). Manage internal and external security audits and ensure remediation of findings. Lead incident response planning and execution, including root cause analysis and post-mortem reviews. Evaluate and onboard security tools (e.g., SIEM, WAF, DLP, endpoint security). Build a security-first culture through training and awareness programs across teams. Serve as the primary point of contact for security with partners, auditors, and regulators. Key Requirements 4–7 years of progressive experience in Information Security, with at least 2 years in a leadership or ownership role. Strong understanding of cloud security (AWS preferred), web/mobile application security, and data privacy. Hands-on experience with firewalls, VPNs, intrusion detection/prevention systems, and endpoint protection tools. Familiarity with regulatory and compliance frameworks (especially RBI/SEBI guidelines for fintech). Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. Industry certifications like CISSP, CISM, CEH, or ISO 27001 LA are a strong plus. Excellent communication and stakeholder management skills. Preferred Skills Prior experience in fintech, wealth-tech, or BFSI domain. Experience leading security in a startup or early-stage company. Knowledge of DevSecOps practices and CI/CD pipeline security.

Static Code analysis Static/dynamic testing of mobile applications Vulnerability Assessment Penetration Testing. SAST Penetration testing Vulnerability Assessment

Manual Penetration Testing using OWASP checklists, Penetration Testing, Security Configuration Review, Cloud Security Assessment, Cyber Security, Manual Penetration Testing using OWASP checklists, Penetration Testing, Security Configuration Review, Cloud Security Assessment, Cyber Security 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms Notice: Immediate to 15 days

Penetration Testing, Manual Penetration Testing using OWASP checklists, Cloud Security Assessment, Security Configuration Review, Vulnerability Assessment, Vulnerability Mitigation, Cyber Security 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms

VAPT,switch security,ROUTER, Firewall

This role involves the development and application of engineering practice and knowledge in designing, managing and improving the processes for Industrial operations, including procurement, supply chain and facilities engineering and maintenance of the facilities. Project and change management of industrial transformations are also included in this role. - Grade Specific Focus on Industrial Operations Engineering. Develops competency in own area of expertise. Shares expertise and provides guidance and support to others. Interprets clients needs. Completes own role independently or with minimum supervision. Identifies problems and relevant issues in straight forward situations and generates solutions. Contributes in teamwork and interacts with customers. Skills (competencies)

Role & responsibilities Conduct Web Application VAPT (Vulnerability Assessment and Penetration Testing), focusing on DAST. Perform vulnerability scans using tools such as IBM AppScan, HP WebInspect, Acunetix, Netsparker, NTO Spider, and Burp Suite Pro. Utilize Kali Linux penetration testing tools like SQLMAP, Dirbuster, etc. Understand and apply OWASP Top 10 frameworks and methodologies in assessments. Manage tracking and remediation of vulnerabilities , coordinating with development and support teams on timelines and action plans. Analyze and communicate security risks based on business impact and context. Collaborate with internal stakeholders to ensure vulnerabilities are mitigated efficiently. Clearly document findings, reports, and progress on identified issues. Communicate effectively with technical and non-technical audiences. Preferred candidate profile Experience : 12 years of relevant experience in Application Security / VAPT. Education : B.E./B.Tech or Master’s Degree from a reputed institute with a strong academic background. Technical Skills : Experience with Web Application Security Testing and DAST tools. Familiarity with web technologies (HTML, JavaScript) and web services (XML, SOAP, SAML). Knowledge of front-end (.NET, Java) and back-end (Oracle) environments is a plus. Exposure to common vulnerabilities (SQL Injection, XSS, CSRF) and bug bounty programs . Experience with SAST tools such as Fortify, Checkmarx, or Veracode is an added advantage. Soft Skills : Strong communication and interpersonal skills . Ability to understand business context and translate it into security assessments. Certifications : CEH certification is mandatory . OSCP certification is a strong plus.

Key Responsibilities: • Design and review secure systems and application architectures. • Lead threat modeling, risk assessment, and attack surface analysis. • Advise project teams on security best practices throughout SDLC. • Use SD Elements to capture risks, track remediation, and ensure traceability. • Contribute to architecture boards and governance processes. • Validate secure design for cloud, hybrid, and on-premises environments. Required Skills & Experience: • 7- 9 years in Information Security or related architecture roles. • Experience in VAPT (execution & remediation). • Strong knowledge of application security, secure SDLC. • Hands-on with SD Elements (mandatory). • Expertise in TOGAF, SABSA, or NIST architecture frameworks. • Cloud Security (preferably Azure), DevSecOps knowledge. Certifications (Mandatory/Preferred): • Mandatory: CISSP • Preferred: AZ-500, CCSP Tools/Frameworks Knowledge: • SD Elements, ThreatModeler, Microsoft Defender • TOGAF, SABSA, NIST CSF, OWASP Top 10, MITRE ATT&CK Email ID: akila.s@acesoftlabs.com

Role Responsibilities: A day in the life of an Infoscion • As part of the Infosys consulting team, your primary role would be to actively aid the consulting team in different phases of the project including problem definition, effort estimation, diagnosis, solution generation and design and deployment • You will explore the alternatives to the recommended solutions based on research that includes literature surveys, information available in public domains, vendor evaluation information, etc. and build POCs • You will create requirement specifications from the business needs, define the to-be-processes and detailed functional designs based on requirements. • You will support configuring solution requirements on the products; understand if any issues, diagnose the root-cause of such issues, seek clarifications, and then identify and shortlist solution alternatives • You will also contribute to unit-level and organizational initiatives with an objective of providing high quality value adding solutions to customers. If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Work Experience: 2 - 9 years of experience Educational Requirements: Master of Computer Science,MCA,Bachelor Of Computer Science,Bachelor of Engineering,BCA,BTech Additional Responsibilities: Ability to work with clients to identify business challenges and contribute to client deliverables by refining, analyzing, and structuring relevant data • Awareness of latest technologies and trends • Logical thinking and problem solving skills along with an ability to collaborate • Ability to assess the current processes, identify improvement areas and suggest the technology solutions • One or two industry domain knowledge Technical and Professional Requirements: Technical Requirements: • Primary skills:Domain->Network->Network Security Firewall & Policies,IDAM,IDAM->Cyberark,IDAM->Forgerock,IDAM->Microsoft Identity manager,IDAM->Okta,IDAM->Oracle Access Manager(OAM),IDAM->Oracle Identity Manager(OIM),IDAM->Ping/Federate,IDAM->Sailpoint,IDAM->Saviyant,Technology->Application Security->Application Security - ALL,Technology->Enterprise Mobility Solution->MS Azure AD, MS Azure RMS, MS Intune,Technology->Finacle-Core-Payments->Faster Payment Service->Advance,Technology->Infrastructure Security->Security Incident and Event Management (SIEM),Technology->Network->CISCO technologies,Technology->Network-Firewall_and_Media->Palo Alto Preferred Skills: IDAM,IDAM->Oracle Identity Manager(OIM),IDAM->Oracle Access Manager(OAM),IDAM->Sailpoint,IDAM->Cyberark,IDAM->Ping/Federate,IDAM->Forgerock,IDAM->Microsoft Identity manager,IDAM->Okta,IDAM->Saviyant,Domain->Network->Network Security Firewall & Policies,Technology->Application Security->Application Security - ALL,Technology->Infrastructure Security->Security Incident and Event Management (SIEM)->Splunk,Technology->Network->CISCO technologies,Technology->Enterprise Mobility Solution->MS Azure AD, MS Azure RMS, MS Intune,Technology->Network-Firewall_and_Media->Palo Alto,Technology->Cloud Security->AWS - GRC & responsibilities Preferred candidate profile for HUBLI

About Barry Wehmiller: - Barry Wehmiller Companies is a global supplier of manufacturing technology and services based in St. Louis Missouri. Although it was founded in 1885 as a maker of machinery for the brewing industry, since 1987 Barry-Wehmiller has acquired more than 80 companies that provide equipment and services for a variety of industries: packaging, paper converting, sheeting, corrugating, engineering, and IT consulting. In 2016 it was ranked no. 10 on the St. Louis Business Journal's list of the city's Top 150 Privately Held Companies. We believe our culture differentiates us from other firms. In India, Barry-Wehmiller operates as a hub of innovation and collaboration, housing our Global Competency Center (GCC) and other strategic functions. The GCC, based in Chennai, is an Engineering Center of Excellence that supports all Barry-Wehmiller divisions globally. The center focuses on areas such as design and development in mechanical, electrical, and controls engineering, software development, and additive manufacturing. We believe in: Ownership Youll drive features end-to-end, from design to deployment. Flexibility A friendly, results-oriented culture that respects your time. Empowerment Your insights are valued, and your work makes a visible difference. Learning & Growth Youll work on complex challenges with smart, passionate peersand have the support to level up continually. If youre ready to bring your best thinking to the table and grow in a high-impact, future-focused environment, wed love to hear from you. Job Description: The Enterprise IT Service Desk Workstation Vulnerability Analysts role is to help secure the company’s workstations against vulnerabilities. This will be done through analyzing scan data, researching vulnerabilities, and providing mitigation for said vulnerabilities within SLA timelines. Additionally, deployment of mitigations may be required. The Workstation Vulnerability Analyst will also need to present findings to IT leadership. Job Specifications: Proven analytical and problem-solving abilities. Ability to effectively prioritize and execute tasks in a fast-paced environment. Ability to shift between tasks as priorities change Strong written and oral communication skills. Strong troubleshooting skills and knowledge of IT hardware and software. Ability to conduct research into software issues and products as required. Strong organizational skills with keen attention to detail. Basic understanding of security principles, protocols, and technologies. Familiarity with vulnerability assessment tools (e.g., Nessus/Tenable, Qualys, OpenVAS) is a plus. Principal Duties and Responsibilities (Essential Functions): Analyze the results of vulnerability scans Understand business criticality of various systems Prioritize work based on risk Complete work within deadlines Assist in identifying and assessing vulnerabilities in the organization's systems, networks, and applications. Support the development and implementation of remediation plans to address identified vulnerabilities. Participate in regular vulnerability assessments and penetration tests to identify new security risks. Monitor security alerts and incidents and assist in determining the impact and necessary response. Assist with rollback if necessary Document and report on remediation activities, including progress and outcomes. Investigate and remediate malfunctioning security agents Function and communicate in a global support team. Analyze root cause and implement corrective solutions. Collaborate with IT, security, and development teams to ensure timely and effective remediation. When necessary, contact third-party software and PC equipment vendors. Maintain knowledge of current IT trends and advancements. Stay informed about the latest security threats, vulnerabilities, and mitigation techniques. Provide support to other teams on vulnerability management best practices. Required Education and Experience: An associate degree in the field of computer science or management information systems, and/or 3-5 years of related work experience is preferred. 3-5 years of vulnerability remediation preferred; experience with patch management and scripting is a plus. Experience working in a team-oriented, collaborative environment. Relevant certifications (e.g., CompTIA Security+, CEH) are a plus but not required. Travel: Travel could be up to 15% (in the country) as needed for remote support. What is it for you? This role is more than just a job. It’s an opportunity to be part of a global team that values people excellence, innovative solutions, and operational excellence. Barry-Wehmiller provides a unique environment where you can grow your skills, work on impactful projects, and collaborate with some of the brightest minds in the industry. In addition, we are deeply committed to your personal and professional growth, fostering a culture that helps you achieve your full potential. You can also apply to this job using the below Workday link https://bit.ly/4kPFsa7 (if the link doesn't work, simply copy paste the link in your browser) To understand more about our people-first philosophy, you may like to watch this short video by our CEO, Mr. Bob Chapman, on Truly Human Leadership : Watch the video https://bit.ly/4kSLZkE (if the link doesn't work, simply copy paste the link in your browser)

So, what’s t he r ole all about? As a member of the Cloud Security team, a successful Cloud Security Analyst will need to be self-sufficient to collaborate effectively with multiple teams, such as Application Support, Infrastructure Operations, DevOps, Product R&D, Security teams, customers and 3 rd party auditors. This role will hold the responsibility of understanding the Cloud security policies, procedures, practices and technologies and documenting them appropriately as well as demonstrating to auditors and customers the excellent Cloud Security at NICE. A successful candidate in this role will be able to work in production cloud environments to collect and curate evidence and explain it to anyone who asks for it. Experience with Governance, Risk and Compliance (GRC) is a big plus! How will you make an impact? You will directly impact the success of the NICE cloud business by ensuring all customer and auditory security requirements are met and demonstrated. A diverse, merit-driven work environment which rewards a growth mindset and encourages innovation and continued professional development; The opportunity to work in a global, highly skilled, passionate workforce to deliver world-class service and products to market. Competitive pay and excellent benefits. Generous PTO policies. A highly focused security & compliance team which is collaborative, supportive, experienced, and driven to help everyone from the individual to enterprise to our customers realize the success for which they aim. Have you got what it takes? 1-2 years of experience with Information Security & Compliance or GRC University-level degree in InfoSec, Computer Science or other related field. knowledge with major compliance frameworks such as PCI, ISO 27001/17, SOC 2, HITRUST, GDPR. A burning curiosity to learn as much as you can about the NICE cloud environment and the services and products we offer our customers as well as the existing security infrastructure we have in place today; Excellent communications skills along to work collaboratively with security team members and operations and development teams or independently to achieve tactical and strategic security goals; Strong organization and prioritization skills; Education, training or experience with security and compliance fundamentals; Experience working with work tracking tools such as JIRA, Service Now or others. What’s in it for you? Join an ever-growing, market disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr! Enjoy NICE-FLEX! At NICE, we work according to the NICE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere. Requisition ID: 7117 Reporting into: Technical Manager Role Type: Individual Contributor

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Skills: Vulnerability Assessment,Penetration Testing,Manual Penetration Testing using OWASP checklists,Static/dynamic testing of mobile applications,OWASP Top 10 Roles and Responsibility: Roles and responsibility: Perform Web Application Security Assessment, API Security Assessment, Mobile Application Security Assessment & Thick Client Security Assessment. Report Preparation etc. Thanks and Regards, Ankita Ghosh

As a Customer Success Manager - Azure & Security, The incumbent will be the key point of contact for customers adopting Microsoft Azure and Cybersecurity solutions. The mission is to drive customer success by ensuring secure and effective adoption of TTBS offered services, managing customer relationships, and supporting long-term strategic cloud and security goals. Its an Individual Contributor role. Key Role Deliverables Act as a trusted advisor for customers implementing Azure infrastructure, services, and security frameworks. Lead onboarding, training, and enablement for customers transitioning to Azure and Microsoft Security solutions (e.g., Defender, Sentinel, Entra). Monitor customer health, usage, and satisfaction to proactively address risks and promote solution value. Drive adoption of Azure-native security tools and best practices to strengthen cloud environments. Collaborate with technical delivery, cloud architecture, and support teams to ensure customer success and alignment. Conduct regular Executive Business Reviews (EBRs) and strategic planning sessions with key stakeholders. Maintain a deep understanding of Microsoft Azure & Security roadmap to guide clients on optimization and innovation. Identify expansion and upsell opportunities in areas like Azure cost optimization, compliance, Zero Trust architecture, etc. Right Person (Qualification & Experience) B. Tech (Computer Science, Electronics etc.) Minimum 6 years of experience in Customer Success, Technical Account Management, or Cloud Consulting with a focus on Azure and/or cybersecurity. Strong knowledge of Microsoft Azure, including core services (IaaS, PaaS), networking, identity, and security features. Familiarity with Security solutions: Defender for Cloud, SIEM, SOAR, VAPT, SOC, Purview, etc. Experience with compliance frameworks (e.g., NIST, ISO 27001, GDPR) and security best practices in the cloud. Ability to manage technical conversations with C-level stakeholders and IT teams. Strong project management, communication, and interpersonal skills. Certifications preferred: Microsoft Certified: Azure Solutions Architect Expert Microsoft Certified: Security, Compliance, and Identity Fundamentals Microsoft Certified: Azure Security Engineer Associate

Following are the details: ANZEN Technologies Private Limited stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. Job Summary: We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies. Key Responsibilities: Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews. Perform manual security assessments for web applications, APIs, and client-server applications. Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration. Develop and execute custom attack payloads using tools and scripts. Assess physical security controls and implement social engineering assessments when required. Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell. Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit. Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements. Execute full-scope Red Team engagements, including phishing, social engineering, and network penetration. Simulate advanced hacking techniques and replicate adversary tactics to uncover security weaknesses. Develop, extend, or modify exploits, shellcode, or tools to simulate sophisticated attacks. Perform reverse engineering of malware (advantageous but not mandatory). Write clear and actionable reports outlining vulnerabilities, exploitation techniques, and remediation strategies. Stay updated on the latest cyber threats, attack methods, and emerging technologies. Qualification: BE/B. Tech/ MCA/ M. Sc. (IT/Computers) Skills : Excellent communication and collaboration skills. Red Teaming, VAPT, Application Security (Web/Mobile/API), Red Teaming and Application Security domains. Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM. Experience with vulnerability scanning tools such as Burp Suite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc. Basic ability to write automation scripts (Bash or Python). Understanding of threat modelling and secure coding practices. Strong understanding of TTPs, threat modelling, and secure coding practices. Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques. Preferred Certificates : OSCP, CRTP, eWPTX, Security+, CREST, CRTO Job Location : Mumbai/Navi Mumbai Job Mode : Work from Office Need an immediate Joiner who may join by 15th June, 2025

About the Role As a Site Reliability Engineer in the SRE Audit & Compliance Enablement team, you will play a key role in ensuring PhonePe s infrastructure and operations are always audit-ready. You ll combine technical depth with process rigor to build a sustainable, scalable, and proactive approach to audit readiness spanning systems, backups, documentation, and control validation. Roles and Responsibilities Audit & Compliance Enablement Create and maintain reusable evidence artifacts (e.g., access logs, architectural diagrams, control narratives). Represent SRE systems during audit walkthroughs and demos. Collaborate with Compliance, InfoSec, and SRE domain owners for control gap closures and evidence gathering. Backup & Archival Infrastructure Own and operate infrastructure responsible for backups of databases, application/system logs, and audit logs. Perform scheduled validations including data restores and integrity checks. Maintain and update a comprehensive catalog of backup datasets and their retention policies. Generate audit-friendly backup status reports and recovery evidence. Infra Scans & Coordination Support scheduling and execution of VAPT, configuration reviews, access reviews, and internal audits. Track issues to closure by working with SRE and platform teams. Automation & Tooling Build scripts and tools to automate evidence generation and health checks (e.g., backup summaries, uptime reports). Maintain audit SOPs, checklists, and internal documentation to drive repeatability and consistency. Skills Required 4-7 years of experience in SRE, Infrastructure, or Platform roles with strong Linux and cloud fundamentals. Hands-on experience managing or validating backup and archival systems. Familiarity with log management, monitoring, and observability platforms. Exposure to compliance and audit requirements (e.g., ISO 27001, PCI-DSS, SOC 2). Strong scripting skills in Shell/Python/Perl and comfort with automation tooling (e.g., Ansible, Terraform). Excellent documentation and collaboration skills. Preferred Qualifications Experience working closely with InfoSec or Compliance teams on audits or certification cycles. Exposure to enterprise backup and DR systems. Prior ownership of critical infra components with clear SLAs. Certifications in cloud platforms, security, or compliance frameworks.

We are keenly looking for a resource with 10+ years of experience who had both technical and managerial experience to execute a lead position from offshore. Primary Skill: Azure DevOps, Jfrog Artifactory, SonarQ, DevSecOps(SAST & DAST), Azure native App Security Secondary Skill: Containerization and Orchestration tools. Shift details: Day shift overlapping with EST (2PM-10:30PM) Technical Leadership & team management at Offshore: • Technical Leadership: Provide guidance to ensure best practices and quality standard are maintained in deliverables. Understand Selective standards and help ensure deliverables meets and adhere to the standards. If standards are missing collaborate with the core team to build standards as needed/required • Team Guidance: Lead and support DevOps engineers to achieve project goals. • Team Management: Lead and coordinate offshore DevOps teams. • Sprint Planning: Assist with offshore sprint planning, estimates, and timelines for the work aligned. • Work Execution: Run stand-ups and manage work execution. • Resource Optimization: Optimize team member capacity utilization. • Risk Management: Identify and mitigate risks aligned to the work • Documentation: Maintain detailed documentation of processes and projects Mature Offshore-Driven Operations and Operational capabilities : • SOP Development: Create standard operating procedures for operational tasks. • Communication: Establish clear channels with DevOps service consumers and stakeholders. • Continuous Improvement: Encourage innovation and automation. • SRE for key DevOps tooling: Build Site Reliability Engineering around DevOps platforms and tools. Build health checks for the key platforms. • Keeping platforms/tooling evergreen. Report/track on tech currency • Improve & automate operational onboarding - drive platform Self service capabilities for our end customer Collaboration and Coordination: • Stakeholder Updates: Provide regular updates to stakeholders. • Team Collaboration: Work with development, QA, and operations teams. • Performance Tracking: Develop and monitor key performance indicators (KPIs).

Role & Responsibilities Proficiency in conducting Web Application VAPT (Black/Gray/White box) activities to identify and mitigate security vulnerabilities. Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security vulnerabilities. Proficiency in Conducting external and internal infra-Penetration testing. Assessing and scoping application security penetration test requirements Proficient in writing end to end penetration testing report including management and technical sections. Hands on experience on penetration testing tools such as Burp Suite, Qualys, Kali Linux, POSTMAN, SOAPUI, HCL AppScan Experience Required: Candidate must have 2+ years of relevant experience in VAPT. Certification: Must have CEH. Certification: Desired - eWAPT, ECSA, OSCP, GWAPT, eWPTX. Proficient in handling the Nexus vulnerability Management tool Should have working experience on configuring the Qualys Authentications, asset tags, asset groups, option profiles, reporting templates, policy compliance templates, scanning schedules etc. Should have experience in creating and providing vulnerability remediation updates to customer. Must have excellent customer handing and communication skills Experience Required: Candidate must have 2+ years of relevant experience in vulnerability management using Qualys

Perform security testing on applications using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools to identify vulnerabilities and recommend mitigations.

Project Planning, Delivery Oversight, InfoSec Governance, Client Handling,b) Firewalls - CISCO ASA, Palo Alto, WAF : F5 and Barracuda, SSL loaders and load balancers,F5, Radware, DDOS, IPS, IDS, APT, SIEM, VAPT, OS Hardening,SIEM, VAPT,OS Hardening

Role & responsibilities Responsibilities: • Escalate validated and confirmed incidents to designated SOC Lead/ Incidents response team. • Security Event Correlation as received from L2 SOC or Incident Response staff or relevant sources to determine increased risk to the business. • Indepth knowledge on multiple SIEM platforms like Securonix, IBM QRadar, LogRhythm, Arcsight, FortiSIEM , Microsoft Sentinel, and others • Support the SOC Manager in his duties (e.g. extension of SOC services) • Update Security Operations reporting • Triage security events and incidents, detect anomalies, and report/direct remediation actions. • Development and execution of SOC procedures • Should have indepth knowledge of Firewall, EDR, IDS/ IPS, VPN, Cloud Security • Should have hands on Experience in Threat Hunting. • Should have good hands-on experience in VAPT. • Should have good knowledge in integrating TI feeds and Third-Party tools. • Should have knowledge in Building SIEM platform with SOAR, NBAD, UEBA Integration. • Should have hands on experience in developing Use case and Parser Creation. • Should have knowledge in Breach simulation attack. • Sound knowledge in Unix, Linux, Windows, and security devices like firewall, etc. • Preparation of RCA, Preparation of runbook and Training to L2 and L1 team. Qualification: B.E./B.Tech/MCA Certification CEH, ECIH, CISSP, CISM, GCIH, GCFA, Certified Threat Hunter, SIEM certifications for platforms like (Qradar, LogRhythm etc) Work experience: 8 + Years NOTE : Work location will be Mumbai Andheri Seepz, and this is permanent Work from Office role NO HYBRID Option

(DDoS), Network next-generation Firewall, SSL Offloader, (NIPS), (APT), (WAF), Antivirus tools, (EDR), Server security solution, Vulnerability Assessment tools, Incident Handling, Forensic Analysis, (VAPT), SIEM, Patch Management etc.

- Information Security Manager shall be primarily responsible to : - Run and manage the BAU security infosec operations - Create and maintain ISMS Policy and Process documents - Ensure Infosec compliance with RBI and other regulatory agencies - Participate in IT Infosec Audits and ensure closure of observations within given timeliness - Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations - Identifying and evaluating new IT security technologies and services and implementing it - Ensure cyber security related polices and technologies are in place - Conducting regular Inforsec Awareness within users in the organization - The person needs to work closely with the CISO and other stakeholders Risk, IT and Audit teams. - The position will based at CreditAccess Grameen HQ in Bangalore, and may require short term travel on need basis to other CAGL offices. Key Accountability: - Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security - Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level - Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness -Tracking and reporting key risk indicators defined for IT processes - Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements - Create Review ISMS policy and process - Implement Strategic IT Infosec projects to strengthen the overall IT Security posture at CAGL.

Position- System security Analyst Location- Mohali Key Responsibilities: • Conduct Vulnerability Assessment and Penetration Testing (VAPT). • Perform Application Security (AppSec) reviews. • Conduct Source Code Reviews to identify and remediate security flaws. Preferred Certifications: • CEH (Certified Ethical Hacker) • OSCP (Offensive Security Certified Professional) Hands-on Experience With: • VAPT Tools: Burp Suite, Nessus, Metasploit • AppSec Tools: Acunetix, Checkmarx • Source Code Analysis Tools: Fortify, Veracode • Familiarity with scripting (Python, Bash) and DevSecOps principles is a plus.

Information Security Manager shall be primarily responsible to : - Run and manage the BAU security infosec operations - Create and maintain ISMS Policy and Process documents - Ensure Infosec compliance with RBI and other regulatory agencies - Participate in IT Infosec Audits and ensure closure of observations within given timeliness - Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations - Identifying and evaluating new IT security technologies and services and implementing it - Ensure cyber security related polices and technologies are in place - Conducting regular Inforsec Awareness within users in the organization The person needs to work closely with the CISO and other stakeholders Risk, IT and Audit teams. The position will based at CreditAccess Grameen HQ in Bangalore, and may require short term travel on need basis to other CAGL offices. Key Accountability: Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness Tracking and reporting key risk indicators defined for IT processes Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements Create Review ISMS policy and process Implement Strategic IT Infosec projects to strengthen the overall IT Security posture at CAGL Mandatory Key Skills BAU,ISMS Policy,IT Infosec Audits,VAPT,cyber security,CISO,Risk,IT Audit,key risk indicators,Information Security*

Position Summary We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies, ? Key Roles & Responsibilities Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises, Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews, Perform manual security assessments for web applications, APIs, and client-server applications, Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration, Develop and execute custom attack payloads using tools and scripts, Assess physical security controls and implement social engineering assessments when required, Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell, Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit, Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements, Preferred Qualification Preferred Certifications (Not Mandatory): OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO, Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API), 2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains, Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM, Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc Basic ability to write automation scripts (Bash or Python), Understanding of threat modeling and secure coding practices, Strong understanding of TTPs, threat modeling, and secure coding practices, Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques, Basic Qualifications Education: BE/MCA or University degree/Equivalent Experience: Required: 2 5 years, Excellent communication and collaboration skills,