5 Ethical Hacking Techniques jobs in Hyderabad

About Claranet

Founded at the beginning of the dot.Com bubble in 1996, our CEO Charles Nasser had a light bulb moment to develop a truly customer-focused IT business. Since then, Claranet has grown from an Internet Service Provider (ISP) in the UK to being one of the leading business modernisation experts, who deliver solutions across 11+ countries.

At Claranet, we’re experienced in implementing progressive technology solutions which help our customers solve their epic business challenges. We’re committed to understanding their problems, delivering answers quickly, and making a lasting impact to their business.

We are agile, focused and experienced in business modernisation. Our approach helps customers make genuine, significant shifts in their business strategy, to deliver financial savings, boost innovation, and create a resilient business. We continually invest in our people and the latest technologies, so our customers get peace of mind knowing that they have access to the best talent and services.

In the UK we have over 500 staff working in London, Gloucester, Warrington, Bristol, and Leeds or as homeworkers. we have 130 staff in India working for international projects.

Working For Claranet

Here at Claranet we pride ourselves on going the extra mile for and with our employees (yes, we really mean with). We offer an extensive benefits package that you can tailor to your needs, inclusive of a matching contribution pension scheme, healthcare, insurance.

Claranet are one of the 10 founding members of TC4RE (Technology Community for Racial Equality.) Being a part of a group of leading UK technology organisations, we are dedicated to building a more diverse and inclusive workforce.

Our Vision

Our vision is to become the most trusted technology solutions partner;
renowned for being the best and brightest, having lasting impact with our customers and delivering exceptional returns to our stakeholders.

Position Summary

Claranet Cyber Security is a world class business unit within Claranet, designed to give customers access to market-leading information security expertise and services spanning;
penetration testing, compliance consulting, training and managed services.

The primary function of the Penetration Tester in the CST team is to continually review the customers’ defined scope for vulnerabilities, identify additional targets that should be included in the scope, and report these to the client in a timely, accurate, and comprehensive manner. The Penetration Tester is also responsible for pre-engagement activities including scoping, statements of work, working with customers to determine their testing requirements and restrictions, on boarding customers into the service and contribute to the service improvement and further development.

To provide the best services to our clients, we need the best people working with us. With outstanding support from the business, all of our penetration testers will gain the experience needed to become the best they can be.

Our team is growing, and we need inspiring people to join us at all levels and help us to continue building a world leading cyber security operation whilst benefiting from a truly unique opportunity to fulfil their potential.

Essential Roles & Responsibilities

The Continuous Security Testing service is a consultant led vulnerability identification and verification service which makes use of automated vulnerability scanning along with significant manual testing against a broad scope in a continuing engagement. The purpose of the service is to continually monitor a customer’s external attack surface for new vulnerabilities, changes in the scope of the attack surface, and proactively inform customers of discovered issues along with recommended remediation;
with the overall aim ofreducing the lifetime of each vulnerability. Manual testing includes identification of issues which automation alone could not identify, exploitation of all issues, often chaining multiple findings together in order to determine the true impact of vulnerabilities for the customer.

Key Responsibilities:

• Manual identification and exploitation of vulnerabilities
• Manual verification and exploitation of scanner findings
• Detailed analysis of issues identified and exposure for the customer including proof of concept, reproduction steps, and recommended remediation
• Communication of findings to the customer in a detailed, accurate and manageable manner both orally and through written vulnerability/scope notifications and periodic summaries
• Continual professional development to maintain and develop knowledge and technical competencies
• Maintain professional technical qualifications to demonstrate competency to our clients
• Undertaking projects and support tasks as appropriate to the role

Progression:

During mentoring and experience progression, the Associate Penetration Tester will be tasked with:

• Pre-engagement activities including scoping of assessments and statements of work and determining customer requirements and restrictions
• Onboarding customers into the service including configuration of continual scanning and liaising with customer to resolve issues which may reduce the effectiveness of scanning
• Monitoring of the customers’ external perimeter for changes, and proactive discovery of new targets to include within the customer’s scope

Essential Technical

Core computing skills including but not limited to:

• Networking fundamentals – understanding of OSI Model, TCP/IP, HTTP, DNS, SMB, SMTP and relevant tools
• Microsoft Windows and Office proficiency along with proficiency in one or more Linux distributions

Good knowledge of web application technologies and security assessment including but not limited to:

• REST APIs, SOAP APIs, XML and JSON formats
• Vulnerability identification and exploitation (not limited to OWASP Top 10)
• Experience with common assessment tools such as MITM proxies (e.G. Burp Suite Pro) and SQLMap
• Good knowledge of internal and external infrastructure technologies and security assessment including but not limited to:

Identification and exploitation of misconfigurations or known vulnerabilities in common enterprise infrastructure and services (Windows Domains, Linux servers, virtualisation, databases, switches/routers, etc)

• Windows and Linux Sandbox/Desktop Breakout

Knowledge of a scripting language such as Python (preferred), Ruby, PowerShell, or Bash, for the development of new, or editing existing, tools

Essential General

• Must be self-motivated and able to work in an independent manner as well as part of a team
• Excellent written and oral communications skills
• Positive, collaborative and enthusiastic
• Appetite to shadow, train and develop to improve capabilities into all areas of security testing

In Addition, The Following Are Highly Desirable:

• CPSA - CREST Practitioner Security Analyst (or above)
• Public speaking experience
• A related Bachelor’s degree
• Experience with live bug bounties, particularly where automation has been implemented
• Knowledge of Open Source Intelligence gathering techniques. Including but not limited to use of Google dorks, DNS, domain registration, certificate transparency, and other public sources of information

About NopalCyber

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Through Managed Extended Detection and Response (MXDR), Attack Surface Management (ASM), Breach and Attack Simulation (BAS), and Advisory Services, we fortify our clients’ cybersecurity across both offense and defence.

Our AI-driven Nopal360° platform, NopalGo mobile app, and proprietary Cyber Intelligence Quotient (CIQ) enable organizations to quantify, track, and visualize their cybersecurity posture in real time. We democratize enterprise-grade security operations for organizations of all sizes by lowering the barrier to entry while raising the bar for security and service.

Location : Nopal Cyber, Hyderabad (Work from Office, 5 Days a Week)

Employment Type : Full-time

Key Responsibilities

• Perform advanced Vulnerability Assessment and Penetration Testing (VAPT) across external infrastructure, internal networks, web and mobile applications, APIs, and cloud environments (AWS, Azure, GCP).
• Conduct CIS Benchmark-based hardening assessments and implementations across operating systems (Windows, Linux), databases, middleware, network devices, and cloud platforms.
• Deliver customized hardening guides and security baselines mapped to client-specific compliance requirements and regulatory frameworks.
• Execute Dynamic Application Security Testing (DAST) on web and API applications (both authenticated and unauthenticated) using enterprise-grade tools;
  analyze, validate, and prioritize findings with actionable remediation guidance.
• Run Breach and Attack Simulation (BAS) scenarios to test resilience against real-world adversary tactics, techniques, and procedures (TTPs).
• Prepare comprehensive technical reports and executive-level summaries highlighting vulnerabilities, attack paths, misconfigurations, and compliance gaps.
• Continuously research emerging attack vectors, zero-day vulnerabilities, DAST methodologies, and new CIS benchmark updates to refine assessment strategies.
• Contribute to Ransomware Resiliency Assessments (RRA) by simulating ransomware behaviors and evaluating control effectiveness.

Required Skills & Experience

• 8–12 years of direct, hands-on cybersecurity consulting experience, with deep expertise in VAPT, CIS benchmarking, and application security testing (DAST).
• Proven track record performing end-to-end penetration tests and dynamic application security scans using industry tools such as Burp Suite Pro, OWASP ZAP, Nessus, Qualys, Netsparker, Acunetix, and custom scripts.
• Strong understanding of web application security flaws (OWASP Top 10, API security issues, authentication/authorization flaws, injection attacks, deserialization, SSRF, RCE, etc.) and ability to exploit and document them.
• Solid understanding of network protocols, operating system behaviors, and common application security principles relevant to modern IT environments.
• Hands-on experience with CIS Benchmark implementation and verification across diverse platforms, ensuring alignment with client compliance mandates.
• Familiarity with BAS tools and adversary emulation frameworks to measure detection and response maturity.
• Proficiency in scripting/automation (Python, PowerShell, Bash) to extend testing capabilities or validate findings.
• Working knowledge of security architecture frameworks (e.G., SABSA) and threat modeling methodologies (e.G., STRIDE, kill chains, attack trees) to support risk-informed vulnerability assessments, hardening efforts, and remediation planning.
• Ability to write and present detailed remediation reports, security recommendations, and compliance-aligned hardening outputs.
• Strong communication skills to convey technical findings to technical and executive stakeholders.

Educational Qualifications

• Bachelor’s degree in engineering, Computer Science, or related discipline.
• CEH Certification (Mandatory) plus one or more advanced certifications:
• OSCP (Offensive Security Certified Professional)
• eCPPT (eLearn Security Certified Professional Penetration Tester)
• CompTIA Pentest+
• CRTP / CRTE (Certified Red Team Professional/Expert)
• CIS-CAT Pro Assessor or equivalent CIS Benchmark credentials
• Familiarity with MITRE ATT&CK and adversary simulation frameworks.

Personal attributes

• Self-starter and quick learner requiring minimal ramp-up
• Excellent written, oral, and interpersonal communication skills
• Highly self-motivated, self-directed, and attentive to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment

Role Overview

As VP/AVP – Offensive security services, you will provide strategic and technical leadership for NopalCyber’s Offensive Security practice. You will lead and evolve core services such as Penetration Testing, Red Teaming, Application Security Assessments, BAS, AI Security and Threat Simulation. This role requires deep technical expertise, engagement leadership, and the ability to influence C-level clients while driving operational excellence across service delivery.

You will be accountable for the scaling, maturity, and quality of offensive security services across multiple client environments, and responsible for shaping the offensive security roadmap, delivery methodologies, and team capability development.

Key Responsibilities

Own and lead the Offensive Security & VAPT function, including service line P&L, strategic delivery roadmap, team management, and client satisfaction.

Architect and oversee enterprise-scale VAPT and red team engagements, driving delivery excellence across infrastructure, applications, APIs, mobile, and cloud environments.

Engage directly with senior client stakeholders (CISOs, CTOs, Risk Leaders) to translate business risk into actionable technical assessments and recommend mitigation strategies.

Define testing frameworks and reusable methodologies to standardize and elevate delivery across projects, including red teaming, threat emulation, and advanced attack simulations.

Direct a high-performing offensive security team, including Red Teamers, AppSec specialists, and security testers, ensuring their continuous development and engagement.

Lead strategic threat modeling and secure design reviews in collaboration with clients' architecture and engineering teams, integrating security into early lifecycle stages.

Govern quality of deliverables, including technical findings, risk summaries, and executive-ready reports, ensuring alignment with business impact and remediation feasibility.

Drive operational excellence across testing engagements, ensuring timelines, SLAs, and KPIs (e.G., MTTR, false positive rate, TTP coverage) are consistently met or exceeded.

Spearhead R&D initiatives to evaluate emerging threats, tools, and offensive capabilities relevant to client environments and evolving attack surfaces.

Collaborate with cross-functional internal teams (MXDR, GRC, Incident Response, Product) to align offensive security outputs with broader risk and advisory services.

Represent NopalCyber at industry forums, client executive reviews, and security advisory boards as a trusted expert in offensive cybersecurity.

Required Qualifications

Bachelor's degree in Engineering, Computer Science, or a related field;
a Master’s is preferred.

15–18 years of experience in cybersecurity with at least 5 years in leadership roles across VAPT, Red Team, or Application Security domains.

Demonstrated experience managing technical delivery and strategic outcomes for multiple clients or large-scale programs.

Preferred Certifications

Mandatory: OSCP, CEH

Highly Desirable: OSCE, OSWE, GPEN, GWAPT, GCIH, GXPN, CISSP

Desired Skills

In-depth understanding of modern attack vectors, OWASP Top 10, MITRE ATT&CK, and real-world exploitation techniques.

Strong command of tools such as Burp Suite Pro, Cobalt Strike, Metasploit, Nmap, Kali Linux, AppDetective, and WebInspect.

Proficiency in cloud security testing across AWS, Azure, or GCP;
experience with containerized and microservices-based environments.

Hands-on exposure to reviewing or attacking applications built using C++, Java, Python, Go, JavaScript, and working within Kubernetes or CI/CD pipelines.

Capability to present complex technical findings in clear, business-relevant language to executive stakeholders.

Leadership Attributes

Strategic thinker with a track record of scaling cybersecurity programs or service lines.

Proven ability to lead, mentor, and retain high-performing technical teams.

Exceptional client engagement and communication skills.

Ability to influence and collaborate across teams and functions to drive security outcomes.

#PenetrationTesting #RedTeamOperations #ApplicationSecurity #OffensiveSecurity #CybersecurityLeadership #CloudSecurity #ThreatModeling #OWASP #StakeholderManagement

#OSCP #MITREATTACK