2+ ISO/IEC 27001:2005 Jobs in Chennai | ISO/IEC 27001:2005 Job openings in Chennai

Job Description:

We are looking for a skilled Ethical Hacker (Penetration Tester) who will be responsible for identifying vulnerabilities in systems, networks, and applications before malicious hackers can exploit them. The role involves conducting security assessments, penetration testing, and recommending security improvements to strengthen the organization’s cybersecurity posture.

Key Responsibilities

·      Conduct penetration testing on web applications, mobile applications, APIs, and networks.

·      Identify security vulnerabilities and weaknesses in systems and infrastructure.

·      Perform vulnerability assessments using automated tools and manual techniques.

·      Simulate cyberattacks to evaluate the effectiveness of existing security measures.

·      Prepare detailed security reports highlighting risks, vulnerabilities, and remediation strategies.

·      Collaborate with development, DevOps, and IT teams to fix security gaps.

·      Ensure compliance with security standards and frameworks such as OWASP, ISO 27001, and NIST.

·      Conduct security audits and risk assessments across digital platforms.

·      Stay updated on the latest hacking techniques, security vulnerabilities, and cyber threats.

Required Skills & Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field.
• 4+ years of experience in ethical hacking, penetration testing, or cybersecurity.
• Strong knowledge of network security, system security, and application security.
• Experience with security tools such as:
• Burp Suite
• Metasploit
• Nmap
• Wireshark
• Kali Linux
• Knowledge of OWASP Top 10 vulnerabilities.
• Understanding of Linux, Windows, and cloud security environments.
• Strong analytical and problem-solving skills.

Preferred Certifications

• CEH (Certified Ethical Hacker)
• OSCP (Offensive Security Certified Professional)
• CompTIA Security+
• CISSP (optional but valuable)

Key Competencies

• Cybersecurity risk assessment
• Vulnerability management
• Penetration testing methodologies
• Incident response awareness
• Strong documentation and reporting skills

Nice to Have

• Experience in cloud security (AWS, Azure, GCP)

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).