2,745 Security Consultants jobs in India

Mizuho Global Services Pvt Ltd (MGS) is a subsidiary company of Mizuho Bank, Ltd, which is one of the largest banks or so called ‘Mega Banks’ of Japan. MGS was established in the year 2020 as part of Mizuho’s long term strategy of creating a captive global processing centre for remotely handling banking and IT related operations of Mizuho Bank’s domestic and overseas offices and Mizuho’s group companies across the globe.

At Mizuho we are committed to a culture that is driven by ethical values and supports diversity in all its forms for its talent pool. Direction of MGS’s development is paved by its three key pillars, which are Mutual Respect, Discipline and Transparency, which are set as the baseline of every process and operation carried out at MGS.

What’s in it for you?

o Immense exposure and learning

o Excellent career growth

o Company of highly passionate leaders and mentors

o Ability to build things from scratch

Know more about MGS:

Job Title - VAPT SME

Job Location - Chennai

Job Description :

We are seeking a highly skilled and experienced Vulnerability Assessment SME to join our dynamic team. You will play a critical role in safeguarding our organization's information assets by identifying, assessing, and mitigating vulnerabilities.

Roles and Responsibilities:

- Conduct vulnerability assessments using industry-leading tools (e.G., Nessus, Tenable, Qualys).

- Analyze vulnerability assessment results to identify and prioritize risks.

- Develop and maintain vulnerability management processes and procedures.

- Coordinate vulnerability remediation activities with relevant stakeholders.

- Perform penetration testing to assess the effectiveness of security controls.

- Stay up-to-date on the latest security threats and vulnerabilities.

Relevant Skills and Experience:

- 5-7 years of experience in vulnerability assessment, penetration testing.

- Strong understanding of vulnerability management concepts, principles, and best practices.

- Proficiency in using vulnerability assessment tools (e.G., Nessus, Tenable, Qualys).

- Experience in conducting penetration testing using various methodologies (e.G., black box, gray box, white box) and custom scripting.

- Knowledge of common security threats, vulnerabilities, and attack vectors.

- Experience with network and system security tools (e.G., firewalls, intrusion detection systems, antivirus).

- Experience with scripting languages (e.G., Python, PowerShell).

- Experience with cloud security (e.G., AWS, Azure, GCP).

- Familiar with KALI Linux & Parrot OS Qualifications:

- Bachelor's degree in computer science, information technology, or a related field.

- Security certifications (e.G., CISSP, CISM, CEH, OSCP).

- Strong problem-solving and analytical skills.

- Excellent communication and interpersonal skills.

- Ability to work independently and as part of a team. Additional Skills (Preferred):

- Experience with source code analysis tools.

- Experience with web application security testing.

- Experience with mobile application security testing.

- Experience with security incident response

Address: 16th Floor, Tower-B Brigade, World Trade centre, 142, Rajiv Gandhi Salai, OMR, Perungudi, Chennai, Tamil Nadu ,

JOB DESCRIPTION :

Position : Senior VAPT Consultant

Experience : 8+ years

Loc : Bengaluru

CTC : 35 % Hike on current CTC

Job type : Fulltime(Onsite)

Job Description

We are seeking an experienced and highly skilled Senior VAPT Consultant with 8+ years of hands-on experience in offensive security. The ideal candidate will possess deep technical expertise in assessing and securing complex enterprise environments, including Active Directory, web applications, networks, cloud infrastructures, APIs, and advanced adversarial simulation. This role demands a strong ability to lead engagements, mentor junior consultants, deliver high-quality technical reports, and interface with clients to provide both tactical and strategic security recommendations.

Key Responsibilities:

· Lead and conduct end-to-end penetration testing engagements across web applications, mobile apps, APIs, networks, WiFi, Active Directory, and cloud platforms (AWS, Azure, GCP).

· Execute red team and adversary simulation exercises, including phishing, lateral movement, persistence, and data exfiltration scenarios.

· Perform advanced Active Directory exploitation (on-prem, Azure AD, hybrid environments) including Kerberoasting, unconstrained delegation, golden/silver tickets, and modern AD attack chains.

· Assess and exploit cloud-native vulnerabilities, IAM misconfigurations, container/Kubernetes environments, and serverless workloads.

· Conduct wireless/WiFi pentesting (WEP/WPA/WPA2/WPA3 attacks, rogue AP, evil twin).

· Perform basic to intermediate reverse engineering and exploit development for binaries, scripts, and mobile apps.

· Utilize frameworks and tools such as Burp Suite Pro, ZAP, Caido, Metasploit, Havoc/Mythic/Sliver C2, BloodHound, Mimikatz, Impacket, and custom scripts/exploits.

· Draft and review detailed penetration testing reports, Statements of Work (SoW), Rules of Engagement (RoE), and executive presentations.

· Mentor and guide junior consultants, providing technical leadership, peer review, and training.

· Work closely with clients to communicate findings, risk implications, remediation strategies, and overall security posture improvements.

Requirements

· 8+ years of proven experience in vulnerability assessment, penetration testing, and red team operations.

· Strong expertise in Active Directory exploitation and defenses (on-prem, hybrid, Azure AD).

· Advanced skills in web application, API, and network penetration testing.

· Proficiency in cloud penetration testing (AWS, Azure, GCP) including IAM, storage, networking, and serverless security.

· Strong understanding of exploit development, reverse engineering, and evasion techniques.

· Proficiency with industry-standard tools and custom exploit/script development.

· Solid knowledge of enterprise security technologies (SIEM, SOAR, Firewalls, IDS/IPS, AV/EDR/XDR).

· Strong technical writing and client-facing communication skills, including report drafting and delivery.

· Experience in leading teams, reviewing deliverables, and mentoring junior consultants.

Preferred Qualifications

· Offensive security certifications such as OSCP, OSEP, OSED, OSWE, OSEE, CRTP, CRTE, CREST, GXPN, or equivalent .

· Experience in IoT, hardware, and automotive penetration testing .

· Prior experience in adversary emulation and purple team exercises .

· Familiarity with DevSecOps pipelines and Secure SDLC integration .

Location: Fully Remote

Appsecure is a leading offensive cybersecurity and red-team services company trusted by Fortune 500s, high-growth startups, and global enterprises. Our team consists of top bug bounty hunters, seasoned red teamers, and security researchers who deliver high-impact security testing across web, mobile, API, and cloud infrastructures.

We are CREST-accredited, CSA Singapore compliant, and we pride ourselves on providing “Apple-quality” offensive security services to our customers.

We are looking for a Senior Penetration Tester to join our global offensive security team. The ideal candidate is highly skilled in identifying and exploiting vulnerabilities across Web, API, Mobile, and Network infrastructures. You’ll work on challenging real-world engagements, simulate advanced attacker techniques, and deliver high-quality reports that drive real business impact.

• Conduct penetration testing across web, API, mobile, and network applications.
• Perform threat modeling, vulnerability assessments, and exploit research.
• Simulate advanced attack scenarios including business logic flaws, privilege escalation, and chained exploits.
• Contribute to red-team exercises and advanced adversary simulations.
• Work with clients to explain findings, remediation steps, and best practices in a clear and professional manner.
• Mentor junior testers and contribute to Appsecure’s research and methodologies.
• (Optional) Participate in bug bounty programs to strengthen hands-on offensive skills.

• 3+ years of hands-on penetration testing experience (consulting or in-house).
• Strong expertise in Web, API, Mobile (iOS/Android), and Network security testing.
• Familiarity with OWASP Top 10, API Top 10, and modern exploitation techniques.
• Solid understanding of cloud environments (AWS, GCP, Azure) is a plus.
• Industry certifications like OSCP, CREST, OSWE, OSCE, or equivalent are highly valued.
• Bug bounty experience on platforms like HackerOne, Bugcrowd, or Synack is a plus.
• Strong communication skills to engage with technical and non-technical stakeholders.
• Ability to work independently in a remote, global team environment.

• Competitive, performance-driven compensation package.
• Comprehensive health insurance and wellness benefits.
• Company-sponsored off-sites and team retreats.
• Exposure to cutting-edge offensive security projects across industries.
• Opportunity to work alongside some of the top researchers and bug bounty hunters.

Responsibilities

• Client Engagement & Leadership
• Act as a trusted security advisor for multiple high-value clients.
• Manage end-to-end security assessment projects, including scoping, execution, reporting, and remediation guidance.
• Conduct technical and executive-level briefings to communicate findings, risks, and strategic recommendations clearly.
• Translate complex technical vulnerabilities into business risk insights to help clients prioritize actions.
• Collaborate closely with client stakeholders to ensure security recommendations are practical and actionable.
• Advanced Threat Modelling & Risk Assessment
• Design and maintain threat models tailored to client applications, networks, and cloud environments.
• Perform risk assessments focusing on business impact and likelihood of exploitation.
• Develop attack scenarios based on the latest threat intelligence and real-world attacker techniques.
• Guide clients in integrating security into their software development lifecycle (SDLC) and cloud infrastructure designs.
• Penetration Testing & Red Team Operations
• Lead advanced black-box, grey-box, and white-box penetration testing engagements for web applications, APIs, networks, and cloud environments.
• Conduct sophisticated Red Team exercises to simulate targeted attack campaigns.
• Design and develop custom exploits and testing tools to replicate specific attacker techniques.
• Perform social engineering tests (phishing campaigns, physical security assessments) in controlled and ethical scenarios.
• Provide detailed post-exercise analysis, including actionable remediation strategies and long term improvement plans.
• Comprehensive Reporting & Documentation
• Produce clear and technically thorough vulnerability assessment and penetration testing reports.
• Create executive-level summaries focused on business impact and compliance risks.
• Maintain structured and up-to-date testing methodologies and playbooks.
• Contribute to internal knowledge base, documenting research, custom tools, and successful testing strategies.
• Technical & Programming Expertise
• Expert in vulnerability assessment and exploitation techniques across a wide range of technologies.
• Proficient in security testing tools such as Burp Suite, Nessus, Metasploit, Nmap, OpenVAS, Cobalt Strike, Wireshark, and tcpdump.
• Strong scripting and automation skills (Python, Bash, PowerShell) to automate repetitive testing tasks and tool workflows.
• Capable of custom tool development and advanced exploit research to target unique client environments.
• Strong knowledge of application security vulnerabilities (OWASP Top 10, SANS Top 25) and attack surface analysis.
• In-depth understanding of cloud security risks, identity and access management, and container security (Docker, Kubernetes).
• Social Engineering & OSINT Expertise
• Design and execute social engineering and phishing simulations tailored to client environments.
• Perform physical security assessments through tactics like tailgating and badge cloning.
• Apply Open Source Intelligence (OSINT) techniques to gather reconnaissance data for assessments.
• Provide training and awareness recommendations based on assessment outcomes.
• Professional Attributes & Mindset
• Strong analytical, problem-solving, and creative thinking skills.
• Ethical hacker mindset with a continuous drive to research emerging threats, attack techniques, and defense bypass methods.
• Methodical and detail-oriented approach to testing with the ability to think like an attacker.
• Strong communication and presentation skills, able to engage both technical teams and business leadership.
• Proactively innovate by developing new tools, scripts, or methodologies to improve testing efficiency and depth.

Qualifications

• 7+ years of hands-on experience in Vulnerability Assessment, Penetration Testing, and security consulting.
• Strong technical expertise in application security, network security, cloud security (AWS, Azure, GCP), and infrastructure security testing.
• Proven experience using VAPT tools such as Burp Suite, Nessus, Qualys, Nmap, Metasploit, Nikto, OpenVAS, etc.
• Solid knowledge of exploitation techniques, post-exploitation frameworks, and manual testing methodologies.
• In-depth knowledge of web application vulnerabilities (OWASP Top 10) and network protocol analysis.
• Experience conducting cloud security assessments, including misconfigurations, IAM permissions analysis, and container security.
• Proficiency in scripting and automation (Python, Bash, PowerShell) to customize tests and tools.
• Familiarity with security frameworks and standards such as NIST, ISO 27001, MITRE ATT&CK.
• Strong reporting and documentation skills, able to translate technical findings into business friendly recommendations.
• Excellent communication and stakeholder management skills, able to lead client-facing engagements.
• Relevant certifications are a strong plus (e.G., OSCP, CREST, CISSP, CEH, GIAC GPEN).

Preferred Qualifications:

• Certifications such as OSCP, GPEN, CREST CRT, CRTO are highly desirable.
• Experience in DevSecOps, CI/CD pipeline security, or automated security testing frameworks.
• Familiarity with industry compliance frameworks like PCI-DSS, GDPR, HIPAA, SOC2, and ISO 27001.
• Prior consulting experience in a service delivery or customer-facing environment.
• Experience with threat intelligence platforms and indicators of compromise (IoCs).

Job Title: Senior Manager – VAPT (OSCP Certified)

Location: Any Metro City in India (Hybrid) – Mumbai / Bangalore / Delhi / Chennai / Hyderabad

Travel Requirement: Frequent travel to Japan (as per project requirement)

Experience: 7+ years

Certification: Mandatory – OSCP

About the Role:

We are seeking a highly skilled and experienced Senior Manager – Vulnerability Assessment and Penetration Testing (VAPT) professional to lead and deliver advanced security assessments for our clients. The ideal candidate will possess deep technical expertise in offensive security, team leadership experience, and a strong understanding of global cybersecurity frameworks. The role requires collaboration with international teams and client stakeholders, with periodic travel to Japan.

Key Responsibilities:

• Lead and execute comprehensive Vulnerability Assessment and Penetration Testing (VAPT) engagements across web, mobile, network, cloud, and infrastructure environments.
• Manage and mentor a team of security consultants to ensure high-quality project delivery.
• Develop customized testing methodologies aligned with client environments and industry standards (OWASP, PTES, NIST, ISO 27001).
• Prepare and present detailed technical reports, risk assessments, and remediation strategies to both technical and business audiences.
• Coordinate with Japanese and Indian client stakeholders, ensuring smooth communication, delivery, and compliance with project timelines.
• Stay updated with emerging threat vectors, exploits, and mitigation techniques.
• Drive automation and process improvements in security testing and reporting.

Required Skills and Qualifications:

• Minimum 7 years of hands-on experience in VAPT, Red Teaming, and Offensive Security.
• Mandatory certification: OSCP (Offensive Security Certified Professional) .
• Strong knowledge of exploit development, threat modeling, and post-exploitation techniques.
• Proficiency in tools such as Burp Suite, Metasploit, Nmap, Nessus, Qualys, Wireshark, and other manual testing tools.
• Solid understanding of secure coding practices and common vulnerabilities (OWASP Top 10, SANS 25).
• Experience working with cloud platforms (AWS, Azure, GCP) and modern DevSecOps environments.
• Excellent communication and presentation skills for client interactions and reporting.
• Ability to work independently in hybrid and multicultural environments.
• Prior experience engaging with Japanese clients or willingness to travel and adapt to cross-cultural settings.

Preferred Qualifications:

• Additional certifications such as OSCE, CRTP, CEH (Practical), CREST, GPEN, or GWAPT .
• Exposure to IoT/OT security, API testing , or threat hunting .
• Experience in managing offshore and onsite delivery teams.

Operational Technology (OT) Cybersecurity Consultant
Location: India (REMOTE)
20 days travel paid by the company - Kuwait, Bahrain, Oman
Contract: 12-month initial contract

An excellent opportunity has arisen for an experienced OT Cybersecurity Consultant to join a leading cybersecurity solutions provider renowned for delivering tailored, vendor-neutral security and risk management services. The company helps organizations strengthen their digital defenses and ensure compliance with global cybersecurity standards.

In this role, you will play a key part in supporting cyber assurance across railway and critical infrastructure projects, ensuring that operational technology systems meet the highest cybersecurity standards.

Key Responsibilities:

• Conduct cybersecurity assessments and gap analyses for railway OT systems.
• Support compliance initiatives aligned with IEC 62443 and TS 50701 standards.
• Provide technical input to assurance reviews, risk assessments, and security cases.
• Prepare and deliver clear, concise technical documentation and reports.

Requirements:

• 3-5 years' experience in OT cybersecurity, preferably within the railway or wider transportation sector.
• Proven knowledge of IEC 62443 evaluation and compliance.
• Understanding of TS 50701 cybersecurity standards for rail applications.
• Flexibility and willingness to travel across project sites in Kuwait, Bahrain, and Oman .

If you're a proactive cybersecurity professional with hands-on experience in OT environments and a passion for protecting critical infrastructure, we'd love to hear from you.

Apply now by submitting your CV to be considered for this exciting opportunity!

Greetings from TCS!

We are currently planning to do a Walk-In Interview on 11-Oct-2025 (Saturday) at Chennai/Bangalore/Hyderabad.

Role **: VAPT Senior Analyst

Desired Skill Set :VAPT (Tenable, Defender, Sentinel One), Service Now VR, Bug Crowd

Experience Range : 4+ years

Joining Location : PAN India

Date - 11-Oct-2025 (Saturday)

In-Person Drive Location details.

1. Hyderabad KP Venue - TCS Synergy Park, Premises No 2-56/1/36, Gachibowli, Opposite IIIT Hyderabad Campus, Seri Lingampally, RR District, Hyderabad, Telangana
2. Chennai SNR Venue - Tata Consultancy Services Ltd, Sholinganallur Office Kumaran Nagar, 415/21-24, TNHB Main Rd, Chennai – .
3. Bangalore PSN Venue : No:1, Crescent 3 Prestige Shantiniketan, Sadaramanagala South Taluk, Bengaluru, 3,, Thigalarapalya,, 3, ITPL Main Road, Maruthi Nagar, Krishnarajapuram, Bengaluru, Karnataka

Must-Have: VAPT (Nessus, Tenable, Defender, Sentinel One), Service Now VR, Bug Crowd

Good-to-Have: Burp Suite, Service Now VR, Vulnerability Management other vendor tools

Responsibility of / Expectations from the Role :

• Expertise and experience of conducting VAPT (Vulnerability Assessment and Penetration Testing) as per standards such as OWASP Top 10, SANS Top 25 and WASC, NIST, CISA
• Experience in Web Application Security Testing, Network security testing, Source code Review and Vulnerability Assessment and Penetration testing (SAST and DAST)
• Strong Experience of using open- source tools and commercials tools such as but not limited to Burp Suite, Metasploit, Nessus, Acunetix and open source with operating systems Windows and Linux.
• Perform research on new vulnerabilities, attack vectors, exploits, tools and industry trends for the above- mentioned services.
• CEH Certification Mandatory.
• Candidates with CISM, OSCP are preferred.
• Strong presentation and analytic skills, critical thinking and problem-solving skills are mandatory

Company Description-

Armoly Inc., through its initiative Bugstrace , is on a mission to build a strong community of Security Consultation Partners and Ethical Hackers . Our core service aids subscription-based clients in identifying and fixing security risks through trusted hacker partnerships. In addition, we offer expert-led cybersecurity consulting and provide industry-recognized edtech courses with certifications. As a credible source in the cybersecurity space, Armoly keeps you informed with the latest bug reports, threat intelligence, and global security news. Join us in building a safer digital future by connecting ethical hackers, securing businesses, and educating the next generation.

Role Description-

This is a remote, contract role for a Vulnerability Tester under the Partnership program. The Vulnerability Tester will conduct comprehensive security assessments to identify potential vulnerabilities, collaborate with ethical hackers to simulate cyber-attacks, and analyze systems for security weaknesses. Additionally, the tester will prepare detailed reports on findings, provide recommendations to mitigate risks, and stay updated with the latest security trends and vulnerabilities.

Qualifications-

• Experience in conducting security assessments and identifying vulnerabilities
• Knowledge of penetration testing methodologies and tools
• Proficiency in analyzing systems for security weaknesses
• Ability to prepare detailed reports and provide recommendations for risk mitigation
• Strong understanding of cybersecurity trends and vulnerabilities
• Excellent problem-solving and analytical skills
• Ability to work independently and remotely

Requirements-

-Proven experience in ethical hacking, bug bounty, or offensive security (e.G., HackerOne, Bugcrowd, OSCP, CEH).

-Strong understanding of OWASP Top 10, CVEs, and modern attack vectors.

-Familiarity with tools like Burp Suite, Nmap, Metasploit, Wireshark, etc.

-Ability to write clear and concise technical documentation.

-Commitment to ethical practices and NDA compliance.

Compensation-

• Commission-Based: You’ll be paid per validated vulnerability reported, based on severity, impact, and quality of work on your decided percentage.
• Transparent reward structure with bonus incentives for high-severity or novel findings.

Ready to hunt bugs and make systems safer?

Apply now with your resume, portfolio (if any), and past testing experience or bug bounty reports.

Submit to: LinkedIn Inbox.

Company Name - Anand Rathi Global Intermediaries Limited (Stock Broker)

Company Overview

We are a SEBI-registered Trading Member and Self-Clearing Member with a focus on institutional broking, proprietary trading, and promoter group trading activities.

Role Overview

The Risk Manager leads the development, implementation, and oversight of risk management policies and daily surveillance in a prop and institutional desk environment. This individual will be responsible for real-time risk controls, regulatory margin management, exposure monitoring, and limit enforcement across all firm and group trading activities.

Key Responsibilities

• Develop and implement comprehensive risk management frameworks and processes for prop, institutional, and promoter trades
• Monitor exposures, P&L, and real-time risk across trading desks; implement controls to ensure compliance with SEBI, Exchange, and internal policies
• Oversee margin management, position limits, scrip profiling, and fund allocation in alignment with regulatory and internal risk norms
• Perform stress testing, scenario analysis, and risk analytics for large and complex positions/trades
• Supervise surveillance of all client and group trades to detect anomalies, trigger alerts, and enforce action as per policy
• Collaborate with front office, compliance, and technology teams to ensure system readiness for risk capture and reporting
• Conduct regular reviews of risk management systems, participate in audits, and enhance processes in line with best practices
• Ensure timely regulatory and internal risk reporting; present key risk exposures and action plans to management
• Train desk and ops teams in risk awareness, policy updates, and compliance practices

Candidate Requirements

• Graduate/Postgraduate with 5–10 years’ experience in risk management for institutional/prop broking.
• Advanced understanding of capital market risk controls, margin management, position/limit monitoring, and risk reporting
• Familiar with exchange systems (e.g., NMASS, OFS Portals), scrip/client profiling, and risk system tools
• Analytical with hands-on skills in scenario analysis, stress testing, and exposure surveillance
• Strong regulatory knowledge: SEBI, NSE/BSE, clearing and settlement framework, internal controls
• Excellent communication, technology acumen, and cross-team coordination
• FRM/CFA/NISM series or equivalent risk certifications