Fonada

About the Role 

We are seeking an experienced Cyber Security Specialist who can operate across both offensive and defensive security disciplines. This dual-role professional will lead Vulnerability Assessment and Penetration Testing (VAPT) engagements, act as the in-house Red Team to simulate real-world adversaries, and own the implementation and continuous improvement of the Information Security Management System (ISMS) aligned with ISO/IEC 27001 and related standards. You will combine hands-on offensive security work with governance, audit readiness, and stakeholder engagement across engineering, IT, legal, and executive leadership. 

Key Responsibilities 

VAPT & Red Team Operations 

• Plan, scope, and execute end-to-end Vulnerability Assessment and Penetration Testing (VAPT) engagements across web applications, mobile apps, APIs, networks, cloud environments, wireless, and physical infrastructure. 
• Act as the organization's in-house Red Team, simulating advanced persistent threat (APT) actors through adversary emulation, social engineering, phishing campaigns, and physical intrusion testing where authorized. 
• Design and execute Red Team operations aligned with MITRE ATT&CK, TIBER-EU, and similar frameworks; develop custom Tactics, Techniques, and Procedures (TTPs). 
• Conduct manual and automated exploitation, post-exploitation, lateral movement, privilege escalation, and persistence testing in production-like environments. 
• Develop custom exploits, payloads, scripts, and tooling (Python, PowerShell, Bash, C/C++, Go) to bypass security controls during sanctioned engagements. 
• Perform source code reviews, threat modeling, and secure architecture reviews of new and existing systems. 
• Coordinate Purple Team exercises with the Blue Team / SOC to validate detection coverage and improve defensive playbooks. 
• Produce high-quality VAPT and Red Team reports with executive summaries, technical findings, proof-of-concept exploits, risk ratings (CVSS), and prioritized remediation guidance. 
• Re-test remediated findings and track closure with engineering and IT teams through to verification. 

ISO Compliance & Governance 

• Lead the implementation, maintenance, and continual improvement of the ISMS in line with ISO/IEC 27001:2022, including scope definition, Statement of Applicability (SoA), and risk treatment plans. 
• Own and maintain ISO policies, procedures, controls, and documentation across the organization, ensuring alignment with ISO 27001, ISO 27017, ISO 27018, and ISO 22301. 
• Plan and coordinate internal and external audits; serve as the primary liaison with certification bodies, auditors, and regulators. 
• Conduct risk assessments, business impact analyses (BIA), and threat modeling; maintain a central risk register and drive remediation. 
• Map VAPT and Red Team findings to ISO 27001 Annex A controls and feed results into the risk management lifecycle. 
• Support compliance with adjacent frameworks: SOC 2, NIST CSF, GDPR, HIPAA, PCI-DSS, and DPDP Act (India), as applicable. 
• Define and report security and compliance KPIs/KRIs to senior leadership; prepare materials for management reviews and board updates. 
• Develop and deliver security awareness training, phishing simulations, and role-based secure-coding training. 
• Drive third-party / vendor risk management, including security questionnaires, contractual clauses, and ongoing monitoring. 
• Partner with engineering and DevOps to embed security into the SDLC, CI/CD pipelines, and cloud architectures (DevSecOps). 

Incident Response & Continuous Improvement 

• Support incident response activities: detection, triage, containment, eradication, recovery, and post-incident reviews. 
• Maintain business continuity and disaster recovery plans; coordinate BCP/DR testing and tabletop exercises. 
• Stay current on emerging threats, CVEs, attacker techniques, regulatory changes, and ISO standard updates; recommend and drive improvements. 

Required Qualifications 

• 8+ years of progressive experience in cyber security, with at least 4 years in hands-on offensive security (VAPT, penetration testing, or Red Team) and 3+ years in ISO 27001 implementation and audits. 
• Proven track record of leading VAPT engagements across web, mobile, API, network, cloud (AWS / Azure / GCP), and wireless environments. 
• Hands-on experience executing Red Team operations and adversary emulation aligned with MITRE ATT&CK. 
• Deep proficiency with offensive security tooling: Burp Suite Pro, Metasploit, Cobalt Strike (or open-source equivalents like Sliver, Mythic, Havoc), Nmap, Nessus, Nuclei, BloodHound, Impacket, Responder, and OWASP ZAP. 
• Strong scripting and exploit development skills in Python, PowerShell, Bash, and at least one compiled language (C/C++, Go, or Rust). 
• Proven hands-on experience leading an organization through ISO 27001 certification and surveillance audits end-to-end. 
• Strong working knowledge of ISO/IEC 27001:2022 (including Annex A controls), ISO 27002, ISO 27017, ISO 27018, and ISO 22301. 
• Solid understanding of security domains: IAM, network security, endpoint security, cloud security, application security (OWASP Top 10, API Security Top 10), and Active Directory attack paths. 
• Experience with risk assessment methodologies (ISO 27005, NIST 800-30) and the ability to translate offensive findings into business risk. 
• Strong report-writing, policy-drafting, and executive communication skills. 
• Bachelor's degree in Computer Science, Information Security, Engineering, or a related field (or equivalent experience). 

Preferred Qualifications 

• Offensive security certifications: OSCP, OSEP, OSWE, OSED, CRTO, CRTP, CRTE, CRTL, GPEN, GXPN, GWAPT, or CEH Practical. 
• Governance certifications: ISO 27001 Lead Implementer and/or Lead Auditor, CISSP, CISM, CISA, or CRISC. 
• Cloud security certifications (CCSP, AWS Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer). 
• Published CVEs, security research, bug bounty achievements, or contributions to open-source security tools. 
• Experience with Active Directory / Entra ID red teaming, Kerberos attacks, and modern EDR/XDR evasion techniques. 
• Experience with container, Kubernetes, and serverless security testing. 
• Experience implementing or auditing additional frameworks: SOC 2 Type II, NIST CSF, NIST 800-53, HITRUST, or PCI-DSS. 
• Experience with GRC platforms (Vanta, Drata, Sprinto, ServiceNow GRC, Archer, OneTrust). 
• Experience in regulated industries: financial services, healthcare, SaaS, or critical infrastructure. 
• Experience briefing executive leadership, customers, and external auditors on offensive findings and remediation strategy. 

About the Role 

We are looking for a Senior DevOps Engineer to lead the design, automation, and scaling of our hybrid cloud infrastructure spanning public cloud and private/on-premises environments. You will partner closely with software engineering, security, and product teams to build reliable, secure, and high-performance systems that support rapid product delivery. This is a hands-on role with significant influence over our infrastructure strategy, deployment workflows, and engineering culture. 

Key Responsibilities 

• Architect, deploy, and maintain scalable, highly available infrastructure across both public cloud (AWS, Azure, GCP) and private cloud platforms (OpenStack, VMware vSphere/Tanzu, Nutanix, or similar). 
• Operate and maintain on-premises infrastructure: hypervisors, compute, storage (Ceph, NetApp, SAN/NAS), networking (SDN, VLANs, BGP, MPLS), and hardware capacity planning, alongside their public cloud equivalents. 
• Design and own CI/CD pipelines that deploy seamlessly across public and private environments. 
• Implement and manage Infrastructure as Code (Terraform, Ansible, Pulumi) with strong version control and review practices, using providers for both public and private cloud platforms. 
• Manage container orchestration (Kubernetes, ECS, OpenShift, Rancher) across managed cloud services and self-managed/bare-metal clusters, including upgrades, autoscaling, and workload reliability. 
• Build observability into all systems through logging, metrics, tracing, and alerting (Prometheus, Grafana, Datadog, ELK, or similar) with unified visibility across hybrid environments. 
• Champion security best practices: secrets management, IAM hardening, network segmentation, vulnerability scanning, and compliance (SOC 2, ISO 27001, HIPAA, or data-sovereignty requirements). 
• Lead incident response, root-cause analysis, and post-mortems; drive long-term reliability improvements and SLO/SLA adherence. 
• Optimize cost, capacity, and resource utilization across public cloud spend and on-premises hardware without compromising performance or availability. 
• Partner with data center operations and network providers on hardware provisioning, firmware management, MPLS circuit management, and lifecycle planning. 
• Mentor junior DevOps and software engineers; promote DevOps culture, automation-first thinking, and shared ownership of production. 
• Evaluate and introduce new tools, platforms, and processes that improve developer productivity and system reliability. 

Required Qualifications 

• 5+ years of experience in DevOps, SRE, or Platform Engineering roles, with at least 2 years at a senior level. 
• Deep expertise with at least one major public cloud provider (AWS, Azure, or GCP) in production. 
• Hands-on experience operating private cloud or virtualization platforms (OpenStack, VMware, Nutanix, or equivalent) in production. 
• Strong experience with virtualization, storage systems, and enterprise networking in on-premises environments. 
• Strong hands-on experience with Kubernetes in production, including both managed cloud and self-managed/bare-metal clusters. 
• Proficiency in Infrastructure as Code (Terraform and Ansible strongly preferred). 
• Solid scripting and programming skills in Python, Go, Bash, or similar. 
• Experience designing and operating CI/CD pipelines using tools such as GitHub Actions, GitLab CI, Jenkins, CircleCI, or ArgoCD. 
• Strong Linux systems administration and networking fundamentals (TCP/IP, DNS, load balancing, VPNs, firewalls, routing, MPLS). 
• Experience with monitoring and observability stacks (Prometheus, Grafana, Datadog, New Relic, ELK, or OpenTelemetry). 
• Proven track record of leading incident response and improving system reliability. 
• Excellent communication skills and the ability to collaborate across engineering, security, infrastructure, and product teams. 

Preferred Qualifications 

• Experience designing hybrid and multi-cloud architectures, including secure connectivity (Direct Connect, ExpressRoute, MPLS, VPN, SD-WAN) between public and private environments. 
• Familiarity with service meshes (Istio, Linkerd), API gateways, and GitOps workflows (ArgoCD, Flux). 
• Background in security-focused or regulated environments and exposure to compliance frameworks. 
• Experience with database administration (PostgreSQL, MySQL, Redis, MongoDB) in cloud-managed and self-hosted setups. 
• Contributions to open-source DevOps or cloud infrastructure tooling. 
• Relevant certifications (AWS Solutions Architect / DevOps Engineer, Azure Administrator, CKA, CKAD, RHCE, VMware VCP, OpenStack Certified Administrator, HashiCorp Terraform Associate). 

Role Overview

We are looking for a hands-on Senior Telephony Engineer who actively writes production-grade code and has deep experience with Asterisk-based systems, Java backend development, and high-scale dialler platforms.

Key Responsibilities

This is NOT an architecture-only role we need someone who can:

• Write code
• Debug real-time call issues
• Build and optimize telephony flows end-to-end
• Key Responsibilities (Hands-on Coding Focus)
• Develop and maintain Asterisk dialplans, AGI scripts, and call flows
• Build Java-based backend services for telephony control and orchestration
• Implement and optimize predictive / preview / progressive diallers
• Integrate telephony stack with:

Kafka

RabbitMQ

• Write scalable code for call routing, retry logic, and queue handling
• Work directly on SIP signalling, RTP flows, and debugging call issues
• Handle real-time call events, CDR processing, and logging pipelines
• Optimize systems for high concurrency (thousands of parallel calls)
• Debug production issues like:

Call drops

Latency

One-way audio

SIP failures

Qualifications & Skills

• Bachelors degree in Computer Engineering; Masters is a plus.
• Telephony (Core Requirement)
• Strong hands-on experience with Asterisk
• Deep knowledge of:

SIP / RTP / VoIP

Dialplans

AGI / AMI

• Experience building or maintaining dialers (very important)
• Backend Development
• Strong coding skills in Java (Spring Boot preferred)
• Experience building microservices / APIs
• Comfortable writing high-performance, low-latency code
• Messaging & Event Systems
• Hands-on experience with:

Apache Kafka

RabbitMQ

• Ability to implement event-driven systems
• Scaling & Performance
• Experience handling high call volumes (1000+ concurrent calls)

Understanding of:

• Multi-threading
• Queue management
• Load handling
• Good to Have
• Experience with predictive dialers
• Exposure to WebRTC / real-time communication
• Experience with Docker / Kubernetes
• Understanding of TRAI / Indian telecom ecosystem
• Experience with FreeSWITCH (bonus)

What We Are NOT Looking For

• Pure solution architects who dont code
• People with only theoretical telecom knowledge
• Candidates without real dialer / Asterisk production experience

What We Are Looking For

Someone who has:

• Written real dialplans and backend code
• Debugged live call issues
• Worked on production telephony systems
• A problem solver who can go deep into logs, packets, and code

Impact of the Role

You will directly contribute to building a high-scale telephony + AI voice platform, working on real-time systems that handle thousands of concurrent calls.