3,075 Security Analysis jobs in India

Responsibilities

• Client Engagement & Leadership
• Act as a trusted security advisor for multiple high-value clients.
• Manage end-to-end security assessment projects, including scoping, execution, reporting, and remediation guidance.
• Conduct technical and executive-level briefings to communicate findings, risks, and strategic recommendations clearly.
• Translate complex technical vulnerabilities into business risk insights to help clients prioritize actions.
• Collaborate closely with client stakeholders to ensure security recommendations are practical and actionable.
• Advanced Threat Modelling & Risk Assessment
• Design and maintain threat models tailored to client applications, networks, and cloud environments.
• Perform risk assessments focusing on business impact and likelihood of exploitation.
• Develop attack scenarios based on the latest threat intelligence and real-world attacker techniques.
• Guide clients in integrating security into their software development lifecycle (SDLC) and cloud infrastructure designs.
• Penetration Testing & Red Team Operations
• Lead advanced black-box, grey-box, and white-box penetration testing engagements for web applications, APIs, networks, and cloud environments.
• Conduct sophisticated Red Team exercises to simulate targeted attack campaigns.
• Design and develop custom exploits and testing tools to replicate specific attacker techniques.
• Perform social engineering tests (phishing campaigns, physical security assessments) in controlled and ethical scenarios.
• Provide detailed post-exercise analysis, including actionable remediation strategies and long term improvement plans.
• Comprehensive Reporting & Documentation
• Produce clear and technically thorough vulnerability assessment and penetration testing reports.
• Create executive-level summaries focused on business impact and compliance risks.
• Maintain structured and up-to-date testing methodologies and playbooks.
• Contribute to internal knowledge base, documenting research, custom tools, and successful testing strategies.
• Technical & Programming Expertise
• Expert in vulnerability assessment and exploitation techniques across a wide range of technologies.
• Proficient in security testing tools such as Burp Suite, Nessus, Metasploit, Nmap, OpenVAS, Cobalt Strike, Wireshark, and tcpdump.
• Strong scripting and automation skills (Python, Bash, PowerShell) to automate repetitive testing tasks and tool workflows.
• Capable of custom tool development and advanced exploit research to target unique client environments.
• Strong knowledge of application security vulnerabilities (OWASP Top 10, SANS Top 25) and attack surface analysis.
• In-depth understanding of cloud security risks, identity and access management, and container security (Docker, Kubernetes).
• Social Engineering & OSINT Expertise
• Design and execute social engineering and phishing simulations tailored to client environments.
• Perform physical security assessments through tactics like tailgating and badge cloning.
• Apply Open Source Intelligence (OSINT) techniques to gather reconnaissance data for assessments.
• Provide training and awareness recommendations based on assessment outcomes.
• Professional Attributes & Mindset
• Strong analytical, problem-solving, and creative thinking skills.
• Ethical hacker mindset with a continuous drive to research emerging threats, attack techniques, and defense bypass methods.
• Methodical and detail-oriented approach to testing with the ability to think like an attacker.
• Strong communication and presentation skills, able to engage both technical teams and business leadership.
• Proactively innovate by developing new tools, scripts, or methodologies to improve testing efficiency and depth.

Qualifications

• 7+ years of hands-on experience in Vulnerability Assessment, Penetration Testing, and security consulting.
• Strong technical expertise in application security, network security, cloud security (AWS, Azure, GCP), and infrastructure security testing.
• Proven experience using VAPT tools such as Burp Suite, Nessus, Qualys, Nmap, Metasploit, Nikto, OpenVAS, etc.
• Solid knowledge of exploitation techniques, post-exploitation frameworks, and manual testing methodologies.
• In-depth knowledge of web application vulnerabilities (OWASP Top 10) and network protocol analysis.
• Experience conducting cloud security assessments, including misconfigurations, IAM permissions analysis, and container security.
• Proficiency in scripting and automation (Python, Bash, PowerShell) to customize tests and tools.
• Familiarity with security frameworks and standards such as NIST, ISO 27001, MITRE ATT&CK.
• Strong reporting and documentation skills, able to translate technical findings into business friendly recommendations.
• Excellent communication and stakeholder management skills, able to lead client-facing engagements.
• Relevant certifications are a strong plus (e.g., OSCP, CREST, CISSP, CEH, GIAC GPEN).

Preferred Qualifications:

• Certifications such as OSCP, GPEN, CREST CRT, CRTO are highly desirable.
• Experience in DevSecOps, CI/CD pipeline security, or automated security testing frameworks.
• Familiarity with industry compliance frameworks like PCI-DSS, GDPR, HIPAA, SOC2, and ISO 27001.
• Prior consulting experience in a service delivery or customer-facing environment.
• Experience with threat intelligence platforms and indicators of compromise (IoCs).

This is a remote position.

Job Title: Cloud & Containers – Vulnerability Assessment & Scanning

Job Type: Freelance

Location: Remote

Experience: 10+ Years

Mode: Online

We are looking for a highly experienced Freelance Trainer with strong expertise in Cloud Security and Container Security to deliver professional training on Vulnerability Assessment and Scanning. The trainer will design and deliver sessions, share real-world scenarios, and provide hands-on lab guidance to participants.

Deliver online training on Cloud & Container Vulnerability Assessment & Scanning .

Provide hands-on labs, case studies, and practical demonstrations.

Train participants on industry best practices, compliance, and remediation strategies.

Guide learners in integrating vulnerability scanning into DevSecOps pipelines .

Ensure sessions cover both conceptual understanding and practical skills .

Strong knowledge of Cloud Platforms : AWS, Azure, GCP.

Hands-on with Containers & Orchestration : Docker, Kubernetes, OpenShift.

Expertise in Vulnerability Scanning Tools: Qualys, Tenable, Prisma Cloud, Aqua, Twistlock, Trivy, Clair .

Deep understanding of Security Standards : CIS Benchmarks, NIST, OWASP Top 10, CVE/CVSS.

Experience with DevSecOps (CI/CD pipeline integration, IaC scanning).

10+ years of experience in Cloud Security, Container Security, or Vulnerability Management .

• Monitor security systems and analyze logs for suspicious activity and potential security breaches.
• Investigate security incidents, perform forensic analysis, and document findings.
• Implement and maintain security tools and technologies, such as firewalls, intrusion detection/prevention systems, and SIEM solutions.
• Conduct vulnerability assessments and penetration testing.
• Develop and update security policies, procedures, and guidelines.
• Assist in the development and execution of incident response plans.
• Stay informed about the latest cybersecurity threats, vulnerabilities, and trends.
• Provide security awareness training to employees.
• Collaborate with IT teams to ensure secure system configurations and deployments.
• Manage security-related documentation and reporting.
• Participate in security audits and compliance efforts.
• Recommend and implement security enhancements to protect against cyber threats.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field; relevant certifications (e.g., CompTIA Security+, CEH, CISSP) are highly desirable.
• Minimum of 3-5 years of experience in cybersecurity operations or analysis.
• Proficiency in network security principles and protocols.
• Experience with security monitoring tools (SIEM, IDS/IPS) and vulnerability scanning tools.
• Strong understanding of threat landscape and incident response procedures.
• Analytical and problem-solving skills with attention to detail.
• Excellent communication and reporting skills.
• Ability to work independently and manage time effectively in a remote setting.
• Experience with cloud security (AWS, Azure, GCP) is a plus.

• Monitor security alerts and events from various security tools (SIEM, IDS/IPS).
• Investigate and respond to security incidents in a timely and effective manner.
• Perform vulnerability assessments and penetration testing.
• Analyze security logs and network traffic for suspicious activities.
• Implement and maintain security controls and technologies.
• Develop and update security policies, procedures, and documentation.
• Conduct security awareness training for employees.
• Collaborate with IT teams to ensure the security of systems and applications.
• Stay current with emerging cybersecurity threats and technologies.
• Participate in incident response planning and execution.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 3-5 years of experience in cybersecurity or information security.
• Proficiency with security tools such as SIEM, IDS/IPS, firewalls, and endpoint protection.
• Strong understanding of networking protocols, operating systems, and common cyber threats.
• Experience with vulnerability assessment and penetration testing methodologies.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong communication and interpersonal skills.
• Ability to work effectively in a hybrid work environment.
• Relevant certifications such as CompTIA Security+, CISSP, or CEH are a plus.

• Monitoring security alerts and logs to detect and respond to potential security breaches in real-time.
• Conducting regular vulnerability assessments and penetration testing to identify weaknesses in the system.
• Developing and implementing security policies, procedures, and guidelines to protect sensitive data.
• Investigating security incidents, analyzing their root causes, and recommending corrective actions.
• Configuring and managing security tools and technologies, such as firewalls, intrusion detection systems (IDS), and antivirus software.
  
• Ensuring compliance with relevant data protection regulations and industry standards.
  
• Providing security awareness training to employees to foster a security-conscious culture.
  
• Collaborating with IT teams to implement and maintain secure network configurations.
  
• Staying up-to-date with the latest cybersecurity threats, trends, and technologies.
  
• Developing and maintaining incident response plans and disaster recovery strategies.
  
• Performing security audits and reviews to ensure the effectiveness of security controls.
  
• Analyzing security risks and developing mitigation strategies.
  

• Monitor security systems, including firewalls, intrusion detection/prevention systems, and antivirus software, for suspicious activity.
• Analyze security alerts and events to identify potential threats and vulnerabilities.
• Investigate security incidents, perform root cause analysis, and recommend remediation actions.
• Implement and maintain security measures and controls to protect company networks and data.
• Conduct vulnerability assessments and penetration testing to identify weaknesses.
• Develop and update security policies, procedures, and guidelines.
• Respond to security breaches and incidents, managing containment, eradication, and recovery efforts.
• Stay current with the latest cybersecurity threats, trends, and technologies.
• Educate employees on security best practices and provide training on cybersecurity awareness.
• Collaborate with IT teams to ensure the security of systems and applications.
• Generate regular reports on security status, incidents, and recommendations.
• Ensure compliance with relevant data protection and privacy regulations (e.g., GDPR, IT Act).
• Participate in security audits and assessments.
• Assist in the development and maintenance of disaster recovery and business continuity plans.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 3-5 years of experience in cybersecurity analysis or a similar role.
• Strong understanding of network protocols, operating systems (Windows, Linux), and security technologies.
• Experience with SIEM (Security Information and Event Management) tools.
• Knowledge of vulnerability assessment and penetration testing methodologies.
• Familiarity with security frameworks and standards (e.g., NIST, ISO 27001).
• Excellent analytical, problem-solving, and critical-thinking skills.
• Strong communication and interpersonal skills, with the ability to explain technical concepts to non-technical audiences.
• Relevant certifications such as CompTIA Security+, CISSP, CEH are highly desirable.
• Ability to work independently and collaboratively in a hybrid environment.
• Experience with incident response and forensic analysis is a plus.