IT Security Manager

Key Responsibilities

We are seeking an experienced IT Security Manager to join our team in Pune, Maharashtra. In this role, you will be instrumental in designing and implementing a robust Red Teaming framework, complete with Rules of Engagement (ROE), deconfliction protocols, and safety standards for adversarial simulations. You will execute advanced post-exploitation activities, including lateral movement, privilege escalation, and data exfiltration, to demonstrate real business impact.

A key part of your role will be to partner with Blue Teams to translate complex attack paths into actionable detection use cases and drive improvements in our security architecture. You will conduct in-depth research to identify zero-day vulnerabilities within our custom applications and internal platforms. Leading advanced manual penetration testing across various environments such as web applications, APIs, mobile platforms (iOS/Android), and thick clients will be a core function, extending beyond compliance-driven assessments.

Your responsibilities will also include developing custom exploit scripts using Python/C through manual code review, assembly analysis, and logic flaw identification to validate critical vulnerabilities. You will perform business logic testing via manual request manipulation and adversarial thinking to uncover high-impact flaws that automated tools might miss. Reverse engineering proprietary systems, protocols, and legacy applications to ensure comprehensive security coverage is also expected.

Furthermore, you will bypass defensive controls by simulating real-world adversary techniques, including evading EDR, WAF, and identity-based protections. This role emphasizes cutting-edge security practices, including driving AI/LLM Security Testing (prompt injection, data leakage, model abuse, secure agent validation) and enabling Autonomous Pentesting capabilities by leveraging AI-driven tooling and adversarial automation frameworks.

You will also perform DSAT (Data Security & Exposure Assessment Testing) to simulate sensitive data discovery, access misuse, and exfiltration scenarios. Supporting Application Security (AppSec) through collaboration with development teams on SAST/DAST improvements and secure design validation is crucial. Ensuring alignment with regulatory frameworks such as FedRAMP and StateRAMP, working closely with US stakeholders and external assessors, will be another important aspect of this position.

Our Interview Practices

To ensure a fair and authentic hiring process, we kindly request that all candidates participate in interviews without the assistance of AI tools or external prompts. Our interview process is designed to evaluate your individual skills, experiences, and communication style. We value authenticity and aim to get to know you, not a digital assistant. To maintain this integrity, please remove virtual backgrounds and be prepared for in-person interviews as part of our hiring process. Please be aware that the use of AI-generated responses or third-party support during interviews will be grounds for disqualification from the recruitment process.

Applicants may be required to appear onsite at a Wolters Kluwer office as part of the recruitment process.