29 Security Assessments jobs in India

COMPANY INTRODUCTION

Emirates NBD is a market leader across the MENAT (Middle East, North Africa and Türkiye) region with a presence in 13 countries, serving over 20 million customers. The Emirates NBD Group has a total of 853 branches and 4,213 ATMs / SDMs. Emirates NBD is the leading financial services brand in the UAE with a Brand value of USD 3.89 billion

At the bank, we serve our customers and help them realise their financial objectives through a range of banking products and services including retail banking, corporate & institutional banking, Islamic banking, investment banking, private banking, asset management, global markets and treasury, and brokerage operations

We are a key participant in the global digital banking industry, with 97% of all financial transactions and requests conducted outside of our branches. We also operate Liv, the lifestyle digital bank by Emirates NBD. With close to half a million users, it continues to be the fastest-growing digital bank in the region

The Offensive Security Assessments Manager will manage and conduct covert targeted penetration testing for Emirates NBD installations and controls through focused threat based methodologies as a simulated adversary to expose and exploit vulnerabilities to improve Cyber readiness and review security controls and system configurations across IT systems across the group to ensure their security posture and compliance.

Key Responsibilities:

• Manage and maintain the Offensive Security Assessment program as part of the Threat and Compliance (TCM) Charter and associated operating procedures based on the requirements of Emirates NBD policy, audit, compliance and regulatory requirements
• Maintain and manage Emirates NBD threat modelling framework and operationalize these models into the offensive security assessment program
• Collect open source intelligence on threats and vulnerabilities applicable to Emirates NBD technology stack
• Carry out scenario based war gaming activities
• Ensure threat controls and systems are reviewed for appropriate, effective and optimal configuration across the Group
• Participate in event planning stages to develop Cyber assessment plans and conduct assessment tests against Emirates NBD group installations & controls
• Identify and track IT risks and gaps that are remediated through operational activities or treated via risk management process.
• Responsible for threat activity reporting and insight on the IT technology assets used by the group.
• Managing planned and ad-hoc review and reporting requests from stakeholders across Emirates NBD Group IT and business functions
• Develop attack vectors, exploit payloads and backdoors as necessary for the successful execution of the Offensive Security Assessment program
• Contribute on Offensive Security automation initiatives
• Conduct periodic Purple/Red Team assessments and other attack simulation goals.
• Programming language proficiency in one or more languages C, C++, Python, CSharp, ASM etc.
• Prepare and deliver technical and management reports and presentations
• Prioritize business requirements and manage backlogs for team deliveries
• Accountable for stakeholder engagement and relationships to deliver security assessments as per TCM Charter
• Research new threats vectors / attack methods that are cutting edge in testing control effectiveness
• Enhance technical security assessment & pen testing capabilities to ensure effective assessment for an evolving technology landscape
• Build new periodic assessment frameworks and methodologies that help contribute to a more efficient method of executing the charter
• Improve threat modelling framework to ensure that new relevant threat vectors are identified and are part of the framework
• Ensure coverage of policy, audit, compliance and regulatory requirements.
• Ensure that offensive security exercises are carried out cautiously without adverse business impact

Key Requirements:

• Bachelors or Master’s Degree in Computer Science, Mathematics or equivalent discipline
• Master’s Degree in Business Management or equivalent
• Certifications such as CISSP, OSCP, OSCE, OSEP, OSWE, CREST, GPEN, SANS GXPN
• 5-7 years of experience with technical Cyber security
• 3-4 years of experience with Red Team or penetration testing or offensive Cyber testing
• Experience with Bash scripting, Perl, Java, Python or R
• Strong hold of Cloud Security - CICD Security - Experience in various tools VAF
• Experience with malware analysis tools
• Experience with mobile and digitization platforms
• Experience with platforms like Cloud, DBMS (SQL or NoSQL based), Containerization Technologies & Micro services/API based architecture
• Experience with MITRE Attack Framework
• Strong technical background covering heterogeneous technologies and multiple security domains (Technical)
• Deep knowledge of the gaps and weaknesses of a typical heterogeneous banking environment including the toolsets required for security assessments (Technical)
• Deep experience in depicting proof of concept exploits for vulnerabilities, accurate threat assessment and mitigation recommendation. (Technical)
• Deep experience in the preparation and facilitation of war gaming. Identify gaps and opportunities by utilizing niche adversarial experience of the team (Technical)
• Deep experience in evaluating threats as per the latest threat environment affecting the region (EMEA & North Africa) and the world (Technical)
• Deep knowledge and skills in breaking controls and of polices ,standards and required controls (both technical and compliance based) (Technical)
• Deep threat modelling experience

COMPANY INTRODUCTION

Emirates NBD is a market leader across the MENAT (Middle East, North Africa and Türkiye) region with a presence in 13 countries, serving over 20 million customers. The Emirates NBD Group has a total of 853 branches and 4,213 ATMs / SDMs. Emirates NBD is the leading financial services brand in the UAE with a Brand value of USD 3.89 billion

At the bank, we serve our customers and help them realise their financial objectives through a range of banking products and services including retail banking, corporate & institutional banking, Islamic banking, investment banking, private banking, asset management, global markets and treasury, and brokerage operations

We are a key participant in the global digital banking industry, with 97% of all financial transactions and requests conducted outside of our branches. We also operate Liv, the lifestyle digital bank by Emirates NBD. With close to half a million users, it continues to be the fastest-growing digital bank in the region

The Offensive Security Assessments Manager will manage and conduct covert targeted penetration testing for Emirates NBD installations and controls through focused threat based methodologies as a simulated adversary to expose and exploit vulnerabilities to improve Cyber readiness and review security controls and system configurations across IT systems across the group to ensure their security posture and compliance.

Key Responsibilities:

• Manage and maintain the Offensive Security Assessment program as part of the Threat and Compliance (TCM) Charter and associated operating procedures based on the requirements of Emirates NBD policy, audit, compliance and regulatory requirements
• Maintain and manage Emirates NBD threat modelling framework and operationalize these models into the offensive security assessment program
• Collect open source intelligence on threats and vulnerabilities applicable to Emirates NBD technology stack
• Carry out scenario based war gaming activities
• Ensure threat controls and systems are reviewed for appropriate, effective and optimal configuration across the Group
• Participate in event planning stages to develop Cyber assessment plans and conduct assessment tests against Emirates NBD group installations & controls
• Identify and track IT risks and gaps that are remediated through operational activities or treated via risk management process.
• Responsible for threat activity reporting and insight on the IT technology assets used by the group.
• Managing planned and ad-hoc review and reporting requests from stakeholders across Emirates NBD Group IT and business functions
• Develop attack vectors, exploit payloads and backdoors as necessary for the successful execution of the Offensive Security Assessment program
• Contribute on Offensive Security automation initiatives
• Conduct periodic Purple/Red Team assessments and other attack simulation goals.
• Programming language proficiency in one or more languages C, C++, Python, CSharp, ASM etc.
• Prepare and deliver technical and management reports and presentations
• Prioritize business requirements and manage backlogs for team deliveries
• Accountable for stakeholder engagement and relationships to deliver security assessments as per TCM Charter
• Research new threats vectors / attack methods that are cutting edge in testing control effectiveness
• Enhance technical security assessment & pen testing capabilities to ensure effective assessment for an evolving technology landscape
• Build new periodic assessment frameworks and methodologies that help contribute to a more efficient method of executing the charter
• Improve threat modelling framework to ensure that new relevant threat vectors are identified and are part of the framework
• Ensure coverage of policy, audit, compliance and regulatory requirements.
• Ensure that offensive security exercises are carried out cautiously without adverse business impact

Key Requirements:

• Bachelors or Master’s Degree in Computer Science, Mathematics or equivalent discipline
• Master’s Degree in Business Management or equivalent
• Certifications such as CISSP, OSCP, OSCE, OSEP, OSWE, CREST, GPEN, SANS GXPN
• 5-7 years of experience with technical Cyber security
• 3-4 years of experience with Red Team or penetration testing or offensive Cyber testing
• Experience with Bash scripting, Perl, Java, Python or R
• Strong hold of Cloud Security - CICD Security - Experience in various tools VAF
• Experience with malware analysis tools
• Experience with mobile and digitization platforms
• Experience with platforms like Cloud, DBMS (SQL or NoSQL based), Containerization Technologies & Micro services/API based architecture
• Experience with MITRE Attack Framework
• Strong technical background covering heterogeneous technologies and multiple security domains (Technical)
• Deep knowledge of the gaps and weaknesses of a typical heterogeneous banking environment including the toolsets required for security assessments (Technical)
• Deep experience in depicting proof of concept exploits for vulnerabilities, accurate threat assessment and mitigation recommendation. (Technical)
• Deep experience in the preparation and facilitation of war gaming. Identify gaps and opportunities by utilizing niche adversarial experience of the team (Technical)
• Deep experience in evaluating threats as per the latest threat environment affecting the region (EMEA & North Africa) and the world (Technical)
• Deep knowledge and skills in breaking controls and of polices ,standards and required controls (both technical and compliance based) (Technical)
• Deep threat modelling experience

COMPANY INTRODUCTION

Emirates NBD is a market leader across the MENAT (Middle East, North Africa and Türkiye) region with a presence in 13 countries, serving over 20 million customers. The Emirates NBD Group has a total of 853 branches and 4,213 ATMs / SDMs. Emirates NBD is the leading financial services brand in the UAE with a Brand value of USD 3.89 billion

At the bank, we serve our customers and help them realise their financial objectives through a range of banking products and services including retail banking, corporate & institutional banking, Islamic banking, investment banking, private banking, asset management, global markets and treasury, and brokerage operations

We are a key participant in the global digital banking industry, with 97% of all financial transactions and requests conducted outside of our branches. We also operate Liv, the lifestyle digital bank by Emirates NBD. With close to half a million users, it continues to be the fastest-growing digital bank in the region

The Offensive Security Assessments Manager will manage and conduct covert targeted penetration testing for Emirates NBD installations and controls through focused threat based methodologies as a simulated adversary to expose and exploit vulnerabilities to improve Cyber readiness and review security controls and system configurations across IT systems across the group to ensure their security posture and compliance.

Key Responsibilities:

• Manage and maintain the Offensive Security Assessment program as part of the Threat and Compliance (TCM) Charter and associated operating procedures based on the requirements of Emirates NBD policy, audit, compliance and regulatory requirements
• Maintain and manage Emirates NBD threat modelling framework and operationalize these models into the offensive security assessment program
• Collect open source intelligence on threats and vulnerabilities applicable to Emirates NBD technology stack
• Carry out scenario based war gaming activities
• Ensure threat controls and systems are reviewed for appropriate, effective and optimal configuration across the Group
• Participate in event planning stages to develop Cyber assessment plans and conduct assessment tests against Emirates NBD group installations & controls
• Identify and track IT risks and gaps that are remediated through operational activities or treated via risk management process.
• Responsible for threat activity reporting and insight on the IT technology assets used by the group.
• Managing planned and ad-hoc review and reporting requests from stakeholders across Emirates NBD Group IT and business functions
• Develop attack vectors, exploit payloads and backdoors as necessary for the successful execution of the Offensive Security Assessment program
• Contribute on Offensive Security automation initiatives
• Conduct periodic Purple/Red Team assessments and other attack simulation goals.
• Programming language proficiency in one or more languages C, C++, Python, CSharp, ASM etc.
• Prepare and deliver technical and management reports and presentations
• Prioritize business requirements and manage backlogs for team deliveries
• Accountable for stakeholder engagement and relationships to deliver security assessments as per TCM Charter
• Research new threats vectors / attack methods that are cutting edge in testing control effectiveness
• Enhance technical security assessment & pen testing capabilities to ensure effective assessment for an evolving technology landscape
• Build new periodic assessment frameworks and methodologies that help contribute to a more efficient method of executing the charter
• Improve threat modelling framework to ensure that new relevant threat vectors are identified and are part of the framework
• Ensure coverage of policy, audit, compliance and regulatory requirements.
• Ensure that offensive security exercises are carried out cautiously without adverse business impact

Key Requirements:

• Bachelors or Master’s Degree in Computer Science, Mathematics or equivalent discipline
• Master’s Degree in Business Management or equivalent
• Certifications such as CISSP, OSCP, OSCE, OSEP, OSWE, CREST, GPEN, SANS GXPN
• 5-7 years of experience with technical Cyber security
• 3-4 years of experience with Red Team or penetration testing or offensive Cyber testing
• Experience with Bash scripting, Perl, Java, Python or R
• Strong hold of Cloud Security - CICD Security - Experience in various tools VAF
• Experience with malware analysis tools
• Experience with mobile and digitization platforms
• Experience with platforms like Cloud, DBMS (SQL or NoSQL based), Containerization Technologies & Micro services/API based architecture
• Experience with MITRE Attack Framework
• Strong technical background covering heterogeneous technologies and multiple security domains (Technical)
• Deep knowledge of the gaps and weaknesses of a typical heterogeneous banking environment including the toolsets required for security assessments (Technical)
• Deep experience in depicting proof of concept exploits for vulnerabilities, accurate threat assessment and mitigation recommendation. (Technical)
• Deep experience in the preparation and facilitation of war gaming. Identify gaps and opportunities by utilizing niche adversarial experience of the team (Technical)
• Deep experience in evaluating threats as per the latest threat environment affecting the region (EMEA & North Africa) and the world (Technical)
• Deep knowledge and skills in breaking controls and of polices ,standards and required controls (both technical and compliance based) (Technical)
• Deep threat modelling experience

Ready to be pushed beyond what you think you’re capable of?

At Coinbase, our mission is to increase economic freedom in the world. It’s a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform — and with it, the future global financial system.

To achieve our mission, we’re seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company’s hardest problems.

Our is intense and isn’t for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there’s no better place to be.

While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported.

The Application Security org at Coinbase is hiring for a Senior Offensive Security Engineer. In this role, you will lead and enhance penetration testing and red team activities. You will also take part in bug bounty triage, security automation, and incident support activities. This is a technical lead role that will also be overseeing the work of junior engineers located in the same time zone. You will work alongside other security engineers and collaborate with cross-functional teams to enhance the overall security posture of the company.

What you’ll be doing (ie. job duties):

What we look for in you (ie. job requirements):

Nice to haves:

Position ID: P69494

Pay Transparency Notice: The target annual salary for this position can range as detailed below. Full time offers from Coinbase also include target bonus + target equity + benefits (including medical, dental, and vision).

Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying.

Commitment to Equal Opportunity

Coinbase is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the Know Your Rights notice . Additionally, Coinbase participates in the in certain locations, as required by law.

Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations(at) to let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site a free compatible screen reader .

Global Data Privacy Notice for Job Candidates and Applicants

Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available . By submitting your application, you are agreeing to our use and processing of your data as required. For US applicants only, by submitting your application you are agreeing to arbitration of disputes as outlined

We are hiring a hands-on Penetration Tester to lead and execute end-to-end security assessments across Web, Infrastructure, and Cloud environments. As the technical backbone of our lean and growing VAPT practice, you’ll work closely with the Security Lead and directly engage with clients to deliver meaningful, high-impact security outcomes.

Key Responsibilities:

• Perform manual and automated penetration testing across:
• Web Applications (based on OWASP Top 10)
• Infrastructure (external/internal IPs, firewall review, patch audits)
• Cloud Environments (basic Azure/AWS – IAM, Storage, Networking)
• Identify, exploit, and report on vulnerabilities such as SSRF, RCE, IDOR, LFI, and S3 bucket exposures
• Use tools such as Burp Suite , Nmap , SQLMap , Nikto , Nessus/OpenVAS
• Write high-quality, detailed technical reports with:
• Screenshots for PoCs
• Remediation guidance
• Risk severity scoring (preferably CVSSv3 )
• Collaborate with clients to explain findings and provide actionable recommendations
• Contribute to toolchain improvements and lightweight automation (Python/Bash preferred)

Requirements

• 3–6+ years of hands-on experience in at least 2 of the following areas :
• Web Application Penetration Testing (OWASP Top 10)
• Infrastructure VAPT (internal/external, firewall, patch validation)
• Basic Cloud VAPT (AWS or Azure: IAM, Storage, Networking)
• Proficiency in:
• Manual testing techniques , fuzzing, and exploitation
• Burp Suite (Community or Pro)
• Tools like Nmap, SQLMap, Nikto, Nessus/OpenVAS
• Strong understanding of common vulnerabilities and exploitation techniques

Preferred Certifications

• CEH , eJPT , OSCP (or strong portfolio/proof of hands-on skill)
• AZ-500 or AWS Security Specialty (for cloud security exposure)

Good to Have

• Familiarity with scripting for automation (Python, Bash)
• Exposure to CVSSv3 for vulnerability scoring
• Experience with Dradis , Excel-based reporting , or similar tools

Apt Resources is hiring for our client, a leading cybersecurity services firm, seeking an experienced Senior Consultant – VAPT to join their expert team. The ideal candidate will have deep expertise in infrastructure and application security assessments, penetration testing, and a solid understanding of modern security threats and countermeasures.

• Conduct black-box and grey-box vulnerability assessments and penetration tests on system/network/cloud environments.
• Map network infrastructure, discover ports/services, and audit OS, network, and security configurations.
• Use tools like NMap, Nessus, Metasploit, Kali Linux for exploiting vulnerabilities.
• Stay current with CVEs and threat intelligence relevant to supported technologies.
• Prepare and present detailed findings and mitigation plans to clients.
• Deliver cloud infrastructure security assessments and configuration audits.
• Create and deliver comprehensive, client-specific technical reports.

• Perform vulnerability assessments of Web, Mobile, and Thick-client applications based on OWASP standards.
• Combine automated scanning with manual testing techniques to detect flaws.

• Conduct phishing and spear-phishing simulations to assess end-user security awareness.

Requirements

• Bachelor's degree in Computer Science, IT, or a related field.
• 8–10 years of hands-on experience in VAPT.
• CEH certification is required.
• OSCP or CREST certifications are a plus.
• Experience working in an MSSP (Managed Security Services Provider) environment is preferred.
• Strong understanding of Windows, Unix/Linux systems, firewalls, VPNs, and security infrastructure.

• Expertise in tools like NMap, Metasploit, Kali Linux, Nessus, NetCat, HPing, Qualys, and RetinaCS.
• Strong understanding of CVE databases, exploit development, and countermeasures.
• Familiarity with scripting languages such as C++, C#, Perl, HTML, Shell, etc.
• Knowledge of firewalls, IPS, DNS security, VLAN, web filtering, and VPNs.
• Experience with cloud security assessment across major platforms (AWS, Azure, GCP).

• Strong communication, presentation, and documentation skills.
• Ability to work independently and lead security assessments across client environments.
• Willingness to travel overseas for project deployments.
• Exposure to RFP response preparation, solution architecture, and client-facing presentations.

Benefits

Salary: Up to INR 18 LPA