About Persistent
We are an AI-led, platform-driven Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients anticipate what?s next. Our offerings and proven solutions create a unique competitive advantage for our clients by giving them the power to see beyond and rise above. We work with many industry-leading organizations across the world, including 20 Fortune 50 companies and 4 of the 5 top banks in both the US and India, and numerous innovators across the healthcare ecosystem.
Our disruptor?s mindset, commitment to client success, and agility to thrive in the dynamic environment have enabled us to sustain our growth momentum. Persistent has been recognized across top industry platforms for innovation, leadership, and inclusion. We reported $1,654.4M FY26 revenue with 17.4% Y-o-Y growth. We have delivered 24 sequential quarters of growth with $436.0M in Q4 FY26 revenue, up 3.2% Q-o-Q and 16.2% Y-o-Y growth. Our 27,500+ global team members, located in 18 countries, have been instrumental in helping the market leaders transform their industries. We have been recognized as the Fastest Growing IT Services Brand Globally in the 2026 Brand Finance IT Services 25 Report. We named a Leader in the Everest Group Private Equity (PE) Services PEAK Matrix? Assessment 2026 and Software Product Engineering PEAK Matrix? Assessment 2026.
About Position:
We are looking for a highly skilled and experienced Subject Matter Expert (SME) in Vulnerability Management, Application Security, and VAPT to join our Security Operations team in Pune. The ideal candidate will bring deep technical expertise, strong customer engagement capabilities, and the ability to mentor and train junior team members. This is a critical, customer-facing role that requires both hands-on technical skills and the ability to drive remediation compliance across client environments.
Role: Support Engineer
Location: Pune
Experience: Between 5 to 8 Years
Job Type: Full Time Employment
What You'll Do:
-
Vulnerability Management
-
Lead end-to-end vulnerability management lifecycle from scanning, prioritization, tracking, to closure using tools such as Rapid7 Insight
-
VM and Qualys VMDR.
-
Define and maintain vulnerability scanning policies, schedules, and asset groupings aligned to customer environments.
-
Analyze scan results, correlate with threat intelligence, and prioritize vulnerabilities based on risk, exploitability, and business impact (CVSS scoring, EPSS, etc.).
-
Generate executive-level and technical vulnerability reports for customer stakeholders on a periodic basis.
-
Drive and track SLA-based remediation progress and maintain compliance dashboards.
-
Application Security VAPTConduct and oversee Static Application Security Testing (SAST) using Checkmarx and Dynamic Application Security Testing (DAST) using Burp Suite and other tools.
-
Perform or coordinate Web Application Penetration Testing (WAPT), API Security Testing, Mobile Application Security Testing, and Network VAPT.
-
Identify OWASP Top 10, SANS Top 25, and other common application vulnerabilities and provide detailed, actionable findings in assessment reports.
-
Review and validate security architecture, code, and configurations from an App
-
Sec perspective.
-
Collaborate with development and Dev
-
Sec
-
Ops teams to integrate security into the SDLC pipeline.
-
Remediation Guidance Compliance
-
Act as a technical advisor to the Remediation Team providing clear, step-by-step guidance on patching, configuration fixes, code-level remediations, and compensating controls.
-
Drive remediation compliance metrics across customer environments and report progress to leadership and customers.
-
Conduct root cause analysis (RCA) for critical/high vulnerabilities and present findings with remediation roadmaps.
-
Ensure adherence to security baselines (CIS Benchmarks, Microsoft Security Baselines, NIST, etc.).
-
Customer Engagement
-
Serve as the primary technical point of contact for customer stakeholders for all VM, App
-
Sec, and VAPT-related discussions.
-
Lead customer calls, present findings, and explain technical risks in a clear, business-friendly manner.
-
Prepare and deliver periodic security posture reports, risk briefings, and remediation status updates to customer CISOs and senior leadership.
-
Manage customer expectations, address escalations, and maintain high levels of customer satisfaction.
-
Training Mentoring
-
Design and deliver training sessions and workshops for fresher/junior analysts on vulnerability management concepts, tools, and processes.
-
Create knowledge base articles, SOPs, runbooks, and training materials for the team.
-
Conduct regular knowledge-sharing sessions and tabletop exercises to upskill the team.
-
Act as a go-to technical mentor for L1/L2 analysts within the security operations team. Technical Skills Tools
-
Vulnerability Management
-
Rapid7 Insight
-
VM / Nexpose Scan configuration, asset management, reporting, remediation projects
-
Qualys VMDR / WAS Policy compliance, cloud agent deployment, dashboards
-
Familiarity with Tenable Nessus is a plus
-
Application Security VAPTBurp Suite Pro Web application testing, active/passive scanning, manual exploitation
-
Checkmarx (SAST/SCA) Code scanning, triage, CI/CD integration
-
OWASP ZAP, Nikto, SQLMap, Metasploit Supporting VAPT tools
-
Knowledge of API security testing (Postman, REST API attacks)
-
Familiarity with DAST/IAST tools and Dev
-
Sec
-
Ops pipeline integration (Jenkins, GitHub Actions)
-
Reporting Compliance
-
Strong experience in vulnerability report writing executive summaries and technical findings
-
Knowledge of compliance frameworks: PCI-DSS, ISO 27001, NIST CSF, CIS Benchmarks, OWASP
Expertise You'll Bring:
-
Certifications
-
Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field
-
Certifications (Mandatory / Preferred)
-
Certification
-
Type
-
CEH (Certified Ethical Hacker)
-
Mandatory
-
OSCP (Offensive Security Certified Professional)
-
Highly Preferrede
-
WPT / e
-
WPTXv2 (e
-
Learn
-
Security Web Penetration Tester)
-
Preferred
-
Comp
-
TIA Pen
-
Test+Preferred
-
Qualys VMDR Certification
-
Preferred
-
Rapid7 Certified
-
Preferred
-
GPEN / GWAPT (GIAC)
-
Added Advantage
-
ISO 27001 LA/LIAdded Advantage Skills Competencies 89 years of hands-on experience in Vulnerability Management, App
-
Sec, and VAPT Strong understanding of CVE, CVSS, CWE, NVD, and exploit frameworks Deep knowledge of network protocols, OS hardening (Windows/Linux), and cloud security fundamentals (AWS/Azure) Excellent written and verbal communication in English capable of producing professional reports and presenting to C-level stakeholders Strong analytical and problem-solving skills with attention to detail Ability to train, mentor, and coach junior team members effectively Self-motivated, organized, and capable of managing multiple customer engagements simultaneously Experience working in managed security services (MSSP) environments is preferred Work Schedule
-
Shift: EST Hours aligned to US Eastern Standard Time (approximately 6:30 PM 3:30 AM IST)
-
Location: Pune, India Work from Office
Education: Bachelor?s or Master?s degree in Computer Science, Engineering, or a related field.
Benefits:
-
Competitive salary and benefits package
-
Culture focused on talent development with quarterly growth opportunities and company-sponsored higher education and certifications
-
Opportunity to work with cutting-edge technologies
-
Employee engagement initiatives such as project parties, flexible work hours, and Long Service awards
-
Annual health check-ups
-
Insurance coverage: group term life, personal accident, and Mediclaim hospitalization for self, spouse, two children, and parents
Values-Driven, People-Centric & Inclusive Work Environment:
? Persistent is dedicated to fostering diversity and inclusion in the workplace. We invite applications from all qualified individuals, including those with disabilities, and regardless of gender or gender preference. We welcome diverse candidates from all backgrounds.
-
We support hybrid work and flexible hours to fit diverse lifestyles.
-
Our office is accessibility-friendly, with ergonomic setups and assistive technologies to support employees with physical disabilities.
-
If you are a person with disabilities and have specific requirements, please inform us during the application process or at any time during your employment
Let?s unleash your full potential at Persistent - persistent.com/careers
?Persistent is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind.?
