

Fonada
https://fonada.comJobs at Fonada
The recruiter has not been active on this job recently. You may apply but please expect a delayed response.
About the Role
We are seeking an experienced Cyber Security Specialist who can operate across both offensive and defensive security disciplines. This dual-role professional will lead Vulnerability Assessment and Penetration Testing (VAPT) engagements, act as the in-house Red Team to simulate real-world adversaries, and own the implementation and continuous improvement of the Information Security Management System (ISMS) aligned with ISO/IEC 27001 and related standards. You will combine hands-on offensive security work with governance, audit readiness, and stakeholder engagement across engineering, IT, legal, and executive leadership.
Key Responsibilities
VAPT & Red Team Operations
- Plan, scope, and execute end-to-end Vulnerability Assessment and Penetration Testing (VAPT) engagements across web applications, mobile apps, APIs, networks, cloud environments, wireless, and physical infrastructure.
- Act as the organization's in-house Red Team, simulating advanced persistent threat (APT) actors through adversary emulation, social engineering, phishing campaigns, and physical intrusion testing where authorized.
- Design and execute Red Team operations aligned with MITRE ATT&CK, TIBER-EU, and similar frameworks; develop custom Tactics, Techniques, and Procedures (TTPs).
- Conduct manual and automated exploitation, post-exploitation, lateral movement, privilege escalation, and persistence testing in production-like environments.
- Develop custom exploits, payloads, scripts, and tooling (Python, PowerShell, Bash, C/C++, Go) to bypass security controls during sanctioned engagements.
- Perform source code reviews, threat modeling, and secure architecture reviews of new and existing systems.
- Coordinate Purple Team exercises with the Blue Team / SOC to validate detection coverage and improve defensive playbooks.
- Produce high-quality VAPT and Red Team reports with executive summaries, technical findings, proof-of-concept exploits, risk ratings (CVSS), and prioritized remediation guidance.
- Re-test remediated findings and track closure with engineering and IT teams through to verification.
ISO Compliance & Governance
- Lead the implementation, maintenance, and continual improvement of the ISMS in line with ISO/IEC 27001:2022, including scope definition, Statement of Applicability (SoA), and risk treatment plans.
- Own and maintain ISO policies, procedures, controls, and documentation across the organization, ensuring alignment with ISO 27001, ISO 27017, ISO 27018, and ISO 22301.
- Plan and coordinate internal and external audits; serve as the primary liaison with certification bodies, auditors, and regulators.
- Conduct risk assessments, business impact analyses (BIA), and threat modeling; maintain a central risk register and drive remediation.
- Map VAPT and Red Team findings to ISO 27001 Annex A controls and feed results into the risk management lifecycle.
- Support compliance with adjacent frameworks: SOC 2, NIST CSF, GDPR, HIPAA, PCI-DSS, and DPDP Act (India), as applicable.
- Define and report security and compliance KPIs/KRIs to senior leadership; prepare materials for management reviews and board updates.
- Develop and deliver security awareness training, phishing simulations, and role-based secure-coding training.
- Drive third-party / vendor risk management, including security questionnaires, contractual clauses, and ongoing monitoring.
- Partner with engineering and DevOps to embed security into the SDLC, CI/CD pipelines, and cloud architectures (DevSecOps).
Incident Response & Continuous Improvement
- Support incident response activities: detection, triage, containment, eradication, recovery, and post-incident reviews.
- Maintain business continuity and disaster recovery plans; coordinate BCP/DR testing and tabletop exercises.
- Stay current on emerging threats, CVEs, attacker techniques, regulatory changes, and ISO standard updates; recommend and drive improvements.
Required Qualifications
- 8+ years of progressive experience in cyber security, with at least 4 years in hands-on offensive security (VAPT, penetration testing, or Red Team) and 3+ years in ISO 27001 implementation and audits.
- Proven track record of leading VAPT engagements across web, mobile, API, network, cloud (AWS / Azure / GCP), and wireless environments.
- Hands-on experience executing Red Team operations and adversary emulation aligned with MITRE ATT&CK.
- Deep proficiency with offensive security tooling: Burp Suite Pro, Metasploit, Cobalt Strike (or open-source equivalents like Sliver, Mythic, Havoc), Nmap, Nessus, Nuclei, BloodHound, Impacket, Responder, and OWASP ZAP.
- Strong scripting and exploit development skills in Python, PowerShell, Bash, and at least one compiled language (C/C++, Go, or Rust).
- Proven hands-on experience leading an organization through ISO 27001 certification and surveillance audits end-to-end.
- Strong working knowledge of ISO/IEC 27001:2022 (including Annex A controls), ISO 27002, ISO 27017, ISO 27018, and ISO 22301.
- Solid understanding of security domains: IAM, network security, endpoint security, cloud security, application security (OWASP Top 10, API Security Top 10), and Active Directory attack paths.
- Experience with risk assessment methodologies (ISO 27005, NIST 800-30) and the ability to translate offensive findings into business risk.
- Strong report-writing, policy-drafting, and executive communication skills.
- Bachelor's degree in Computer Science, Information Security, Engineering, or a related field (or equivalent experience).
Preferred Qualifications
- Offensive security certifications: OSCP, OSEP, OSWE, OSED, CRTO, CRTP, CRTE, CRTL, GPEN, GXPN, GWAPT, or CEH Practical.
- Governance certifications: ISO 27001 Lead Implementer and/or Lead Auditor, CISSP, CISM, CISA, or CRISC.
- Cloud security certifications (CCSP, AWS Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer).
- Published CVEs, security research, bug bounty achievements, or contributions to open-source security tools.
- Experience with Active Directory / Entra ID red teaming, Kerberos attacks, and modern EDR/XDR evasion techniques.
- Experience with container, Kubernetes, and serverless security testing.
- Experience implementing or auditing additional frameworks: SOC 2 Type II, NIST CSF, NIST 800-53, HITRUST, or PCI-DSS.
- Experience with GRC platforms (Vanta, Drata, Sprinto, ServiceNow GRC, Archer, OneTrust).
- Experience in regulated industries: financial services, healthcare, SaaS, or critical infrastructure.
- Experience briefing executive leadership, customers, and external auditors on offensive findings and remediation strategy.
About the Role
We are looking for a Senior DevOps Engineer to lead the design, automation, and scaling of our hybrid cloud infrastructure spanning public cloud and private/on-premises environments. You will partner closely with software engineering, security, and product teams to build reliable, secure, and high-performance systems that support rapid product delivery. This is a hands-on role with significant influence over our infrastructure strategy, deployment workflows, and engineering culture.
Key Responsibilities
- Architect, deploy, and maintain scalable, highly available infrastructure across both public cloud (AWS, Azure, GCP) and private cloud platforms (OpenStack, VMware vSphere/Tanzu, Nutanix, or similar).
- Operate and maintain on-premises infrastructure: hypervisors, compute, storage (Ceph, NetApp, SAN/NAS), networking (SDN, VLANs, BGP, MPLS), and hardware capacity planning, alongside their public cloud equivalents.
- Design and own CI/CD pipelines that deploy seamlessly across public and private environments.
- Implement and manage Infrastructure as Code (Terraform, Ansible, Pulumi) with strong version control and review practices, using providers for both public and private cloud platforms.
- Manage container orchestration (Kubernetes, ECS, OpenShift, Rancher) across managed cloud services and self-managed/bare-metal clusters, including upgrades, autoscaling, and workload reliability.
- Build observability into all systems through logging, metrics, tracing, and alerting (Prometheus, Grafana, Datadog, ELK, or similar) with unified visibility across hybrid environments.
- Champion security best practices: secrets management, IAM hardening, network segmentation, vulnerability scanning, and compliance (SOC 2, ISO 27001, HIPAA, or data-sovereignty requirements).
- Lead incident response, root-cause analysis, and post-mortems; drive long-term reliability improvements and SLO/SLA adherence.
- Optimize cost, capacity, and resource utilization across public cloud spend and on-premises hardware without compromising performance or availability.
- Partner with data center operations and network providers on hardware provisioning, firmware management, MPLS circuit management, and lifecycle planning.
- Mentor junior DevOps and software engineers; promote DevOps culture, automation-first thinking, and shared ownership of production.
- Evaluate and introduce new tools, platforms, and processes that improve developer productivity and system reliability.
Required Qualifications
- 5+ years of experience in DevOps, SRE, or Platform Engineering roles, with at least 2 years at a senior level.
- Deep expertise with at least one major public cloud provider (AWS, Azure, or GCP) in production.
- Hands-on experience operating private cloud or virtualization platforms (OpenStack, VMware, Nutanix, or equivalent) in production.
- Strong experience with virtualization, storage systems, and enterprise networking in on-premises environments.
- Strong hands-on experience with Kubernetes in production, including both managed cloud and self-managed/bare-metal clusters.
- Proficiency in Infrastructure as Code (Terraform and Ansible strongly preferred).
- Solid scripting and programming skills in Python, Go, Bash, or similar.
- Experience designing and operating CI/CD pipelines using tools such as GitHub Actions, GitLab CI, Jenkins, CircleCI, or ArgoCD.
- Strong Linux systems administration and networking fundamentals (TCP/IP, DNS, load balancing, VPNs, firewalls, routing, MPLS).
- Experience with monitoring and observability stacks (Prometheus, Grafana, Datadog, New Relic, ELK, or OpenTelemetry).
- Proven track record of leading incident response and improving system reliability.
- Excellent communication skills and the ability to collaborate across engineering, security, infrastructure, and product teams.
Preferred Qualifications
- Experience designing hybrid and multi-cloud architectures, including secure connectivity (Direct Connect, ExpressRoute, MPLS, VPN, SD-WAN) between public and private environments.
- Familiarity with service meshes (Istio, Linkerd), API gateways, and GitOps workflows (ArgoCD, Flux).
- Background in security-focused or regulated environments and exposure to compliance frameworks.
- Experience with database administration (PostgreSQL, MySQL, Redis, MongoDB) in cloud-managed and self-hosted setups.
- Contributions to open-source DevOps or cloud infrastructure tooling.
- Relevant certifications (AWS Solutions Architect / DevOps Engineer, Azure Administrator, CKA, CKAD, RHCE, VMware VCP, OpenStack Certified Administrator, HashiCorp Terraform Associate).
The recruiter has not been active on this job recently. You may apply but please expect a delayed response.
Role Overview
We are looking for a hands-on Senior Telephony Engineer who actively writes production-grade code and has deep experience with Asterisk-based systems, Java backend development, and high-scale dialler platforms.
Key Responsibilities
This is NOT an architecture-only role we need someone who can:
- Write code
- Debug real-time call issues
- Build and optimize telephony flows end-to-end
- Key Responsibilities (Hands-on Coding Focus)
- Develop and maintain Asterisk dialplans, AGI scripts, and call flows
- Build Java-based backend services for telephony control and orchestration
- Implement and optimize predictive / preview / progressive diallers
- Integrate telephony stack with:
Kafka
RabbitMQ
- Write scalable code for call routing, retry logic, and queue handling
- Work directly on SIP signalling, RTP flows, and debugging call issues
- Handle real-time call events, CDR processing, and logging pipelines
- Optimize systems for high concurrency (thousands of parallel calls)
- Debug production issues like:
Call drops
Latency
One-way audio
SIP failures
Qualifications & Skills
- Bachelors degree in Computer Engineering; Masters is a plus.
- Telephony (Core Requirement)
- Strong hands-on experience with Asterisk
- Deep knowledge of:
SIP / RTP / VoIP
Dialplans
AGI / AMI
- Experience building or maintaining dialers (very important)
- Backend Development
- Strong coding skills in Java (Spring Boot preferred)
- Experience building microservices / APIs
- Comfortable writing high-performance, low-latency code
- Messaging & Event Systems
- Hands-on experience with:
Apache Kafka
RabbitMQ
- Ability to implement event-driven systems
- Scaling & Performance
- Experience handling high call volumes (1000+ concurrent calls)
Understanding of:
- Multi-threading
- Queue management
- Load handling
- Good to Have
- Experience with predictive dialers
- Exposure to WebRTC / real-time communication
- Experience with Docker / Kubernetes
- Understanding of TRAI / Indian telecom ecosystem
- Experience with FreeSWITCH (bonus)
What We Are NOT Looking For
- Pure solution architects who dont code
- People with only theoretical telecom knowledge
- Candidates without real dialer / Asterisk production experience
What We Are Looking For
Someone who has:
- Written real dialplans and backend code
- Debugged live call issues
- Worked on production telephony systems
- A problem solver who can go deep into logs, packets, and code
Impact of the Role
You will directly contribute to building a high-scale telephony + AI voice platform, working on real-time systems that handle thousands of concurrent calls.
Similar companies
About the company
Founded a decade ago, a group of seasoned professionals came together to ask ‘How might we use technology to bring the world closer to social justice?’ A small team was put together to create incredible solutions for organisations working towards delivering large scale impact. Today, we’re a global organisation providing disruptive software solutions to our customers who are solving important problems in their industry and also the world we live in. At TechnoIdentity, we challenge our team of passionate technologists to create forward-looking solutions for our customers that improve operational efficiency and bolster their bottom line. We empower them with the tools, methodologies and decision-making to make real impact, fast. We invite creative minds and businesses to TechnoIdentity, let’s collaborate to transform lives through technology.
Life at TechnoIdentity is shaped by the belief that everyone deserves to bring their authentic self to work and as responsible adults, you will choose to spend your time wisely on things matters the most to you.
Jobs
8
About the company
Deep Tech Startup Focusing on Autonomy and Intelligence for Unmanned Systems. Guidance and Navigation, AI-ML, Computer Vision, Information Fusion, LLMs, Generative AI, Remote Sensing
Jobs
4
About the company
Oracle Cloud is a cloud computing service offered by Oracle Corporation providing servers, storage, network, applications and services through a global network of Oracle Corporation managed data centers. The company allows these services to be provisioned on demand over the Internet.
Jobs
6
About the company
Jobs
22
About the company
Quantiphi is an award-winning AI-first digital engineering company driven by the desire to reimagine and realize transformational opportunities at the heart of the business. Since its inception in 2013, Quantiphi has solved the toughest and most complex business problems by combining deep industry experience, disciplined cloud, and data-engineering practices, and cutting-edge artificial intelligence research to achieve accelerated and quantifiable business results.
Jobs
6
About the company
Jobs
108
About the company
RockED is the premier people development platform for the automotive industry, supporting the entire employee lifecycle from pre-hire and onboarding to upskilling and career transitions. With microlearning content, gamified delivery, and real-time feedback, RockED is educating the automotive
workforce and solving the industry's greatest business challenges.
The RockED Company Inc. is headquartered in Florida. Backed by top industry experts and investors,
we’re a well-funded startup on an exciting growth journey. Our R&D team (Indian entity) is at the core
of all product and technology innovation
Our India R&D team, which is in Bangalore (Office in Church Street), leads all product and technology innovation, and we’re now expanding this team.
AI will play a key role in improving intelligence, personalization, and overall user experience across the platform.
Jobs
4
About the company
Jobs
1
About the company
At Ampera Technologies, we empower businesses with cutting-edge data analytics, quality assurance, and data engineering solutions
Jobs
21
About the company
Jobs
1






