7+ Ethical Hacking Jobs in India

About the Role 

We are seeking an experienced Cyber Security Specialist who can operate across both offensive and defensive security disciplines. This dual-role professional will lead Vulnerability Assessment and Penetration Testing (VAPT) engagements, act as the in-house Red Team to simulate real-world adversaries, and own the implementation and continuous improvement of the Information Security Management System (ISMS) aligned with ISO/IEC 27001 and related standards. You will combine hands-on offensive security work with governance, audit readiness, and stakeholder engagement across engineering, IT, legal, and executive leadership. 

Key Responsibilities 

VAPT & Red Team Operations 

• Plan, scope, and execute end-to-end Vulnerability Assessment and Penetration Testing (VAPT) engagements across web applications, mobile apps, APIs, networks, cloud environments, wireless, and physical infrastructure. 
• Act as the organization's in-house Red Team, simulating advanced persistent threat (APT) actors through adversary emulation, social engineering, phishing campaigns, and physical intrusion testing where authorized. 
• Design and execute Red Team operations aligned with MITRE ATT&CK, TIBER-EU, and similar frameworks; develop custom Tactics, Techniques, and Procedures (TTPs). 
• Conduct manual and automated exploitation, post-exploitation, lateral movement, privilege escalation, and persistence testing in production-like environments. 
• Develop custom exploits, payloads, scripts, and tooling (Python, PowerShell, Bash, C/C++, Go) to bypass security controls during sanctioned engagements. 
• Perform source code reviews, threat modeling, and secure architecture reviews of new and existing systems. 
• Coordinate Purple Team exercises with the Blue Team / SOC to validate detection coverage and improve defensive playbooks. 
• Produce high-quality VAPT and Red Team reports with executive summaries, technical findings, proof-of-concept exploits, risk ratings (CVSS), and prioritized remediation guidance. 
• Re-test remediated findings and track closure with engineering and IT teams through to verification. 

ISO Compliance & Governance 

• Lead the implementation, maintenance, and continual improvement of the ISMS in line with ISO/IEC 27001:2022, including scope definition, Statement of Applicability (SoA), and risk treatment plans. 
• Own and maintain ISO policies, procedures, controls, and documentation across the organization, ensuring alignment with ISO 27001, ISO 27017, ISO 27018, and ISO 22301. 
• Plan and coordinate internal and external audits; serve as the primary liaison with certification bodies, auditors, and regulators. 
• Conduct risk assessments, business impact analyses (BIA), and threat modeling; maintain a central risk register and drive remediation. 
• Map VAPT and Red Team findings to ISO 27001 Annex A controls and feed results into the risk management lifecycle. 
• Support compliance with adjacent frameworks: SOC 2, NIST CSF, GDPR, HIPAA, PCI-DSS, and DPDP Act (India), as applicable. 
• Define and report security and compliance KPIs/KRIs to senior leadership; prepare materials for management reviews and board updates. 
• Develop and deliver security awareness training, phishing simulations, and role-based secure-coding training. 
• Drive third-party / vendor risk management, including security questionnaires, contractual clauses, and ongoing monitoring. 
• Partner with engineering and DevOps to embed security into the SDLC, CI/CD pipelines, and cloud architectures (DevSecOps). 

Incident Response & Continuous Improvement 

• Support incident response activities: detection, triage, containment, eradication, recovery, and post-incident reviews. 
• Maintain business continuity and disaster recovery plans; coordinate BCP/DR testing and tabletop exercises. 
• Stay current on emerging threats, CVEs, attacker techniques, regulatory changes, and ISO standard updates; recommend and drive improvements. 

Required Qualifications 

• 8+ years of progressive experience in cyber security, with at least 4 years in hands-on offensive security (VAPT, penetration testing, or Red Team) and 3+ years in ISO 27001 implementation and audits. 
• Proven track record of leading VAPT engagements across web, mobile, API, network, cloud (AWS / Azure / GCP), and wireless environments. 
• Hands-on experience executing Red Team operations and adversary emulation aligned with MITRE ATT&CK. 
• Deep proficiency with offensive security tooling: Burp Suite Pro, Metasploit, Cobalt Strike (or open-source equivalents like Sliver, Mythic, Havoc), Nmap, Nessus, Nuclei, BloodHound, Impacket, Responder, and OWASP ZAP. 
• Strong scripting and exploit development skills in Python, PowerShell, Bash, and at least one compiled language (C/C++, Go, or Rust). 
• Proven hands-on experience leading an organization through ISO 27001 certification and surveillance audits end-to-end. 
• Strong working knowledge of ISO/IEC 27001:2022 (including Annex A controls), ISO 27002, ISO 27017, ISO 27018, and ISO 22301. 
• Solid understanding of security domains: IAM, network security, endpoint security, cloud security, application security (OWASP Top 10, API Security Top 10), and Active Directory attack paths. 
• Experience with risk assessment methodologies (ISO 27005, NIST 800-30) and the ability to translate offensive findings into business risk. 
• Strong report-writing, policy-drafting, and executive communication skills. 
• Bachelor's degree in Computer Science, Information Security, Engineering, or a related field (or equivalent experience). 

Preferred Qualifications 

• Offensive security certifications: OSCP, OSEP, OSWE, OSED, CRTO, CRTP, CRTE, CRTL, GPEN, GXPN, GWAPT, or CEH Practical. 
• Governance certifications: ISO 27001 Lead Implementer and/or Lead Auditor, CISSP, CISM, CISA, or CRISC. 
• Cloud security certifications (CCSP, AWS Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer). 
• Published CVEs, security research, bug bounty achievements, or contributions to open-source security tools. 
• Experience with Active Directory / Entra ID red teaming, Kerberos attacks, and modern EDR/XDR evasion techniques. 
• Experience with container, Kubernetes, and serverless security testing. 
• Experience implementing or auditing additional frameworks: SOC 2 Type II, NIST CSF, NIST 800-53, HITRUST, or PCI-DSS. 
• Experience with GRC platforms (Vanta, Drata, Sprinto, ServiceNow GRC, Archer, OneTrust). 
• Experience in regulated industries: financial services, healthcare, SaaS, or critical infrastructure. 
• Experience briefing executive leadership, customers, and external auditors on offensive findings and remediation strategy. 

Job Description:

We are looking for a skilled Ethical Hacker (Penetration Tester) who will be responsible for identifying vulnerabilities in systems, networks, and applications before malicious hackers can exploit them. The role involves conducting security assessments, penetration testing, and recommending security improvements to strengthen the organization’s cybersecurity posture.

Key Responsibilities

·      Conduct penetration testing on web applications, mobile applications, APIs, and networks.

·      Identify security vulnerabilities and weaknesses in systems and infrastructure.

·      Perform vulnerability assessments using automated tools and manual techniques.

·      Simulate cyberattacks to evaluate the effectiveness of existing security measures.

·      Prepare detailed security reports highlighting risks, vulnerabilities, and remediation strategies.

·      Collaborate with development, DevOps, and IT teams to fix security gaps.

·      Ensure compliance with security standards and frameworks such as OWASP, ISO 27001, and NIST.

·      Conduct security audits and risk assessments across digital platforms.

·      Stay updated on the latest hacking techniques, security vulnerabilities, and cyber threats.

Required Skills & Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field.
• 4+ years of experience in ethical hacking, penetration testing, or cybersecurity.
• Strong knowledge of network security, system security, and application security.
• Experience with security tools such as:
• Burp Suite
• Metasploit
• Nmap
• Wireshark
• Kali Linux
• Knowledge of OWASP Top 10 vulnerabilities.
• Understanding of Linux, Windows, and cloud security environments.
• Strong analytical and problem-solving skills.

Preferred Certifications

• CEH (Certified Ethical Hacker)
• OSCP (Offensive Security Certified Professional)
• CompTIA Security+
• CISSP (optional but valuable)

Key Competencies

• Cybersecurity risk assessment
• Vulnerability management
• Penetration testing methodologies
• Incident response awareness
• Strong documentation and reporting skills

Nice to Have

• Experience in cloud security (AWS, Azure, GCP)

Position: IT Auditor

Experience: 4-12 Years

Location: Pune

Key Skills Required:

CISA, CISSP, CISM, IT Audit, Technology Audit, IT Infrastructure Audit, Application Security Audit, Information Security Audit, Cyber Security Audit, Cloud Security, Ethical Hacker

Additional key words: Vulnerability assessment, Penetration Testing, ITGC testing, Cloud Computing,

IT AUDITOR is responsible to plan and perform the audit assignment starting from audit announcement, audit planning, field work, audit quality reviews, pre-closing / closing meetings with the respective Directors / Head of the Departments including writing of the audit report and its finalization as well as follow up of the audit actions. Additionally IT AUDITOR will also be responsible to:
•    Evaluate IT systems, processes and projects in place;
•    Determine risks to the Group’s information assets, and help identify methods to minimize those risks;
•    Ensure information management processes are in compliance with IT-specific laws, policies and standards;
•    Determine inefficiencies in IT systems, IT projects and associated management processes and
•    Consult in IT projects, new initiatives and organizational frameworks.

Description

Audit Planning

1)    Perform audits at Volkswagen Group entities. and other concerned Volkswagen Group Companies with focus on IT processes keeping the associated business risks in mind.
2)    Participate in the preparation of audit objective & scope document along with audit schedule based on the audit objective and timeline specified by Head of IT Audit India Hub.
3)    Participate in the preparation of work program

Audit Process

1)     Prepare and conduct preparatory interviews with the Directors and Heads of the audited departments to identify the processes to be assessed during the audit.
2)     Request and collect relevant audit data for analysis from respective business areas.
3)     Prepare audit matrix on periodic basis to record the audit field work and update the progress of the audit to IT Audit Manager and the Head of IT Audit Hub India.
4)    Define actions including relevant controls to mitigate the business risks identified based on the evidences provided during the audit.
5)    Organize and conduct pre-closing meetings with business areas to agree upon audit observations and relevant actions.
6)    Prepare and conduct closing meetings with the Directors / Heads of the Department for audited division to agree upon the audit observations, risks and proposed actions.
7)    Prepare the draft audit report and submit the same to the  IT Audit Manager and the Head of IT Audit India Hub for review.
8)    Ensure that adequate documentation is prepared for the audit assignment. Peer review changes are done before release of the final audit report to the business area.
9)    Contact business area to review the progress of the implementation of audit actions defined in the final audit report. Based on the review, write the status of the follow up and submit the same for upload in RIAS.
10)    Obtain necessary certifications / qualifications to support the job requirements by attending relevant trainings
11)    Support the conduction of unscheduled audits/special investigations and audits from the anti-corruption system.
12)    Relevant knowledge is shared among the team members.
13)    Consult in IT projects, new initiatives and organizational frameworks.
14)    Ensure information management processes are in compliance with IT-specific laws, policies and standards.
15)    Determine risks to the Group’s information assets, and help identify methods to minimize those risks.
16)    Evaluate IT systems, processes and projects in place.
17)    Determine inefficiencies in IT systems, IT projects and associated management processes.

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

Certified Ethical Hacker Requirements:

• Bachelor’s degree in Information Technology or Computer Science.
• CEH Certification.
• Proven work experience of at least 2-5 years as a Certified Ethical Hacker.
• Effective Programming Skills required but not limited to HTML, JavaScript, Python, PHP, SQL etc.
• Advanced knowledge of networking systems and security software.
• In-depth knowledge of parameter manipulation, session hijacking, and cross-site scripting.
• Technical knowledge of routers, firewalls, and server systems.
• Good written and verbal communication skills.
• Good troubleshooting skills.
• Ability to see big-picture system flaws.

• B.Tech/B.E.(IT/Computers), B.Sc( Computers), MSc (IT), BCA (Computer) or any equivalent graduation or post-graduation

As a Senior Tech Lead:

You will be part of a thought leadership team that will design and develop the leading cyber security solution that protects digital assets of corporations such as Apple & the US Federal Govt.  This solution used by global Fortune 100 corporations will be massively scalable to secure their Global networks

You will bring to the table:

Domain: Networking and Network Security

Primary Skills: Java, Spring & Hibernate

Secondary Skills: Any one of Python / Java Script / Angular JS / Shell / ANTLR / Groovy

Expertise        

-           Excellent skills & experience in Java, Spring & Hibernate

-           Minimum 2 years of Experience in Networking and Network Security domain

-           Any Scripting language - Python / Java Script / Angular JS / Shell / ANTLR / Groovy

-           Strong object-oriented design skills, data structures, algorithms, and design patterns.

-           Tools Pivotal / GitHub / Jenkins 

-           Good to have Database design and management experience.

What you will do…

-           You will be hands on, writing high quality code and ensuring on-time delivery.

-           Provide guidance on software design, architecture, and interface choices.

-           Design highly scalable, reliable, secure and fault tolerant systems with minimal guidance.

-           Mentor engineers on design, coding, and troubleshooting.

-           Analyse requirements, problems and solve them with the best solution.

-           Create platforms, reusable libraries, and utilities wherever applicable.

-           Work in cross-functional team, collaborating with peers during entire SDLC.

-           Work as part of a team to solve complex technical problems.

-           Support customer queries, escalations, to keep high customer satisfaction.

About Benison

Benison Tech is a niche technology company that has been appointed by Intel, Broadcom, CISCO, Checkpoint, and Marvell to collaboratively spearhead the next generation Network Security, 5G and Wireless technologies. We help our mutual customers get to market faster by applying our core technical brilliance in solving complex engineering problems.

We work with the world leading technology companies in the latest bleeding edge technologies from 5G enablement to real-time ML based network security systems.

Our interview process isn’t easy, but necessary to ensure that we are a fit for each other. You will be working in a dynamic fast paced environment on cutting edge technologies, so roll up your sleeves and get ready for the challenge. We need people who are drawn to technology challenges rather than work in a plush corporate role.

You are a fit for Benison if

1. You want to work in the technologies of the future… Network Security, Cloud technologies, 5G and WiFi6.
2. You have a deep-rooted desire to learn new technologies.
3. You are driven by the passion of solving complex problems.
4. You want to work with some of the best minds in the industry