1254 Application Security Jobs - Page 30

What youll achieve In this position, as a Principal Software Engineer - IT , youll be responsible for developing tools and automation used internally to maintain and enhance Dell's information security posture. You will work with global security and software development teams on projects to enhance Dells infrastructure and vulnerability remediation processes. Dell provides the technology that transforms the way we all work and live and always including Information Security as a very important aspect in everything we do. You will: Implement automated vulnerability remediation strategies using modern technologies like Python, Java and infrastructures tools like SCCM, Tenable, AWS, and so on Work with IT and Cybersecurity partners to establish communication plans and develop remediation solutions. Develop effective strategies to orchestrate vulnerability remediation. Provide critical input into the selection, configuration, and implementation of new and existing solutions. Take the first step towards your dream career Every Dell Technologies team member brings something unique to the table. Heres what we are looking for with this role: Essential Requirements 9-12 years of experience in software development with hands-on experience using Java, Angular, React.js, and Spring Boot frameworks. Strong foundation in secure development life cycle, scripting including expertise in Linux shell scripting, Python, and Windows PowerShell. Skilled in writing and optimizing SQL queries for data retrieval and manipulation. Experienced in implementing and maintaining CI/CD pipelines within DevOps environments. Experience developing Web UI (front end) applications Desirable Requirements Knowledge of Information security topics such as Cybersecurity, Pen testing and vulnerability scan, Application security, Web security, CVSS Scoring, CVE classification. 8+ years of validated experience. Bachelors degree in computing engineering or computer science

Welcome to Veradigm! Our Mission is to be the most trusted provider of innovative solutions that empower all stakeholders across the healthcare continuum to deliver world-class outcomes. Our Vision is a Connected Community of Health that spans continents and borders. With the largest community of clients in healthcare, Veradigm is able to deliver an integrated platform of clinical, financial, connectivity and information solutions to facilitate enhanced collaboration and exchange of critical patient information. Veradigm Veradigm is here to transform health, insightfully. Veradigm delivers a unique combination of point-of-care clinical and financial solutions, a commitment to open interoperability, a large and diverse healthcare provider footprint, along with industry proven expert insights. We are dedicated to simplifying the complicated healthcare system with next-generation technology and solutions, transforming healthcare from the point-of-patient care to everyday life. For more information, please explore What will your job look like: Job Summary: We are looking for a highly experienced Senior .NET Full Stack Developer with a strong background in Microsoft Azure infrastructure . The ideal candidate has 8+ years of hands-on development experience across the full stack using .NET technologies and is capable of designing, deploying, and managing cloud-native applications in Azure . This is a key role within a high-performing team focused on building scalable, secure, and modern enterprise applications. Key Responsibilities: Design, develop, and maintain enterprise-grade web applications using .NET Core, C#, ASP.NET MVC, and Web API . Build modern and responsive front-end components using Angular / React / Blazor . Develop and optimize backend services using Entity Framework / EF Core and SQL Server / Azure SQL . Architect and deploy applications using Azure infrastructure services : Azure App Services Azure Functions Azure Storage Azure SQL Key Vault API Management Implement CI/CD pipelines using Azure DevOps and manage infrastructure as code with ARM / Bicep / Terraform . Monitor, diagnose, and improve system performance using Azure Monitor , Application Insights , and Log Analytics . Ensure application security, scalability, and reliability in a cloud-native environment. Provide technical guidance, mentor junior developers, and participate in architectural decisions. An Ideal Candidate will have: 8+ years of experience in full stack development with .NET technologies (C#, ASP.NET Core, MVC, Web API). 3+ years of hands-on experience working with Azure infrastructure and services . Proficient in front-end development using JavaScript/TypeScript and frameworks such as Angular / React / Blazor . Strong knowledge of RESTful API design , SQL Server , and ORM tools like Entity Framework. Deep understanding of Azure DevOps , Git, and CI/CD pipelines. Experience with cloud security best practices , identity management (Azure AD), and role-based access control (RBAC). Familiarity with containerization (Docker) and microservices architecture is a plus. Strong problem-solving, communication, and collaboration skills. Benefits Veradigm believes in empowering our associates with the tools and flexibility to bring the best version of themselves to work. Through our generous benefits package with an emphasis on work/life balance, we give our employees the opportunity to allow their careers to flourish. Quarterly Company-Wide Recharge Days Flexible Work Environment (Remote/Hybrid Options) Peer-based incentive Cheer awards All in to Win bonus Program Tuition Reimbursement Program To know more about the benefits and culture at Veradigm, please visit the links mentioned below: - https: / / veradigm.com / about-veradigm / careers / benefits / https: / / veradigm.com / about-veradigm / careers / culture / #LI-SM1 #LI-REMOTE Veradigm is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse and inclusive workforce. Thank you for reviewing this opportunity! Does this look like a great match for your skill setIf so, please scroll down and tell us more about yourself!

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of Consultant Specialist. In this role, you will: Drive and lead the engineering function for the application of POL. Work with architecture team and application team and participate analysis of the POL project requirement. Support transforming the current POL applications and solution aligning with our elevated Architecture. Support the operation of the Payments solutions. Follow internal DevOps principals. Coordinating with stakeholders. Participating in wider architecture discussions. Provides analysis and solutions to technical and business issues. Understand and apply technology and Corporate vision setting direction on implementation. Maintain awareness of business and technology strategies and implements technical alternatives and strategies to gain competitive advantage. Manage vendor relationships, and maintains the complex technical infrastructure of assigned area to meet business requirements. Assist in the development of the strategic technical architecture. Provides technical solutions to business problems, technical leadership and direction to management. Remain current on technical and professional advances and business strategies regarding area of responsibility. Serve as expert in area of responsibility, identifies process improvements and problem prevention, and advises department and management of relevant information as appropriate. Resolve architectural or development blockers raised. Partner with DevOps team to enable automated infrastructure delivery, DevSecOps value streams are executed and CI /CD pipelines to deploy services. Lead one or more technical business application areas and projects of high complexity or criticality. Controls critical cross-functional projects, related project risk and resulting impact on business and strategic plans. Initiate analysis for complex problems and issues, determine technical alternatives, analyze vendor solutions and negotiate contracts, and develop appropriate standards for technology application. Provide technical leadership and consultation to project team members as directed by the project manager. Initiate and conduct feasibility studies of new and modified operational procedures. For large systems, prepare cost/benefit analyses, functional and detail specifications. Provide direct guidance in planning, designing, programming, documentation and implementation of the systems. Perform reviews of new and existing systems to ensure operational integrity and accomplishment of stated objectives. Design, code, test, debug and document programs as required. Collaborate with enterprise architecture and senior management to define cloud strategy and perform PoC on new technologies. Provide architecture guidance to developers based on best practices and in alignment with global standards. Ensuring compliance with all relevant controls and standards Keep up-to-date and have expertise on current tools, technologies and areas like cyber security and regulations pertaining to aspects like data privacy, consent, data residency etc. that are applicable. Ensure service resilience, service sustainability and recovery time objectives are met for all the software solutions delivered Requirements To be successful in this role, you should meet the following requirements: Minimum of 10 years applied experience as an API architect. Bachelor s Degree required in Computer Science or related majors. Strong experience in API designing and creating architectural artefacts such as gap analysis, low level designs, data models etc. More than 10 years of engineering background in back-end Java application development, application security and authentication development, springboot, cache and middleware. Solid knowledge on infrastructure like Linux OS, networking, storage, load-balancer, etc. Expertise in JVM tuning and diagnostic for application troubleshooting and performance-optimization. Expertise in distributed system design like microservices, Springboot. Expertise in docker, k8s, service mesh. Expertise in monitoring and observability technologies like Appdynamics, Splunk, Jaeger, Kiali, Open Telemetry. Expertise in cloud and DevOps, familiar to network (VPC) and firewall on cloud, iAM, cloud costing. Expert-level SQL coding abilities is preferred. Knowledge in payments business will be an added advantage. Ability to work independently and think out of the box. The passion and ability to lead/motivate and develop technologist, including mentoring and coaching. Superior listening skills, ability to learn quickly, and willing to accept accountability for company and individual success. Extensive critical thinking skills for problem identification and solution recommendation. Excellent written and verbal communication skills in English, ability to negotiate, resolve conflicts and influence technical choices relating to business, development and architectural requirements. Exceptional team player that can lead others in demonstrating initiative and sound business judgment and is interested in expanding skills and growing professionally. Highly flexible, set priorities and meet deadlines in a changing environment.

Senior Security Consultant (Secure Code Review + Web Application Penetration Testing) NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS) Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before, NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team Learn more about our award-winning workplace culture and get to know our A-Team at?netspi,/careers, NetSPI is seeking a Senior Security Consultant who will serve as a resource for delivery of secure code review and web application penetration assessment This position requires an understanding of various web technologies, enterprise secure development and risk management In addition, it requires experience with application security assessments/testing, as well as demonstrated competencies in problem solving, client service, written/verbal communication, and project execution, Responsibilities Conduct in-depth penetration testing and secure code review assessments on web applications Dynamically exploit vulnerabilities found in codebase and correlate insecure coding practices into dynamic application vulnerabilities Deliver secure code review assessment on programming languages such as Java, C#, Python, C/C++, Perl, PHP Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques Train and assist developers in writing secure software and remediating existing vulnerabilities Provide oversight to peers on service lines through QA process Mentor and assist team members in effectively delivering assessments and enhancing skillsets Present detailed penetration test findings to clients and assist in remediation planning Engage in research to develop new penetration testing methods, tools, and innovative exploit techniques Contribute to the cybersecurity community through tools, presentations, white papers, and blogging Maintain consistency with other internal requirements related to day-to-day administration tasks (time keeping, status updates to clients, etc ) Minimum Qualifications Minimum of 3-5 years of experience in application security including both secure code review and web application penetration testing Exceptional familiarity in all Burp Suite functions Published Burp extensions and ability to create new Burp Suite extensions preferred Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code Ability to explain risk and business impact of security vulnerabilities to variety of audience Bachelors degree or higher, preferably in Computer Science, Engineering, Mathematics, IT, or a related field; equivalent experience will also be considered, Preferred Qualifications Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities using SAST and/or manual secure code review in at least two of the following languages: Java, C#, PHP, Python, C/C++ Experience in software development in at least one server-side programming language We are an equal employment opportunity employer All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law,

About LeadSquared One of the fastest-growing SaaS companies in the CRM space, LeadSquared empowers organizations with the power of automation More than 1700 customers with 2 lakhs+ users across the globe utilize the LeadSquared platform to automate their sales and marketing processes and run high-velocity sales at scale, We are backed by prominent investors such as Stakeboat Capital, Jyoti Bansal, and Gaja Capital to name a few We raised $153mn in our latest Series C funding round from WestBridge Capital, and we're now India's 103rd Unicorn! We are expanding rapidly and our 1100+ strong and still growing workforce is spread across India, the U S, the Middle East, ASEAN, ANZ, and South Africa, Among the Top 50 fastest-growing tech companies in India as per Deloitte Fast 50 programs Frost and Sullivan's 2019 Marketing Automation Company of the Year award Among Top 100 fastest growing companies in FT 1000: High-Growth Companies AsiaPacific Listed as Top Rates Product on G2Crowd, GetApp, and TrustRadius Location : Cessna Business Park (Bangalore)-WFO Requirements 23 years of experience in product or application security; at least 1 year of hands-on software development experience is highly desirable, Proficiency in application security testing using tools such as Burp Suite, SonarQube, SQLMap, and others (SAST, DAST, SCA), Experience with secure coding practices, and strong scripting skills in Python or JavaScript, Solid understanding of industry standards and frameworks such as OWASP Top 10, SANS CWE, etc Knowledge of security fundamentals like cryptography, authentication, risk assessment, and threat modeling, Exposure to cloud platforms (e-g , AWS, Azure) and their associated security best practices, Familiar with CI/CD pipelines and DevSecOps practices for integrating security into development workflows, Understanding of compliance standards such as ISO 27001 and HIPAA, Ability to automate security testing to increase assessment coverage and efficiency, Strong communication skills to effectively convey technical findings to both technical and non-technical stakeholders, Key Responsibilities Conduct application security assessments on web,API and mobile platforms, Perform secure code reviews on apps Carry out cloud security assessments for SaaS infrastructure and services, Manage the vulnerability lifecycle from discovery to resolution, Deliver security training and awareness sessions to internal teams, Develop tools and frameworks to support security automation and engineering initiatives,

Basic/ Essential Qualifications Strong knowledge of CVEs, CWEs and their effect on the application, In depth knowledge of various AppSec technologies such as SAST, DAST, SCA, IAST RASP etc Some development skills and hands on experience of one or more programming languages and framework, Experience with writing scripts in scripting language like python, javascript, etc Desirable Skillsets/ Good To Have Ability to demonstrate knowledge and enthusiasm for low-level technical topics including native development (any platform) Experience of languages inherent to modern, mobile development: Java+JNI, Objective C, Swift etc Familiarity with process of reverse engineering and associated low-level technologies such as assembly and tools Familiarity with concept of mobile code hardening i-e controls and techniques for the goals of anti-tempering, obfuscation and environment monitoring Ability to reproduce vulnerabilities in lab environment, Purpose of the role To support business areas with day-to-day processing, reviewing, reporting, trading and issue resolution, Accountabilities Support various business areas with day-to-day initiatives including processing, reviewing, reporting, trading, and issue resolution, Collaboration with teams across the bank to align and integrate operational processes, Identification of areas for improvement and providing recommendations in operational processes, Development and implementation of operational procedures and controls to mitigate risks and maintain operational efficiency, Development of reports and presentations on operational performance and communicate findings to internal senior stakeholders, Identification of industry trends and developments to implement best practice in banking operations, Participation in projects and initiatives to improve operational efficiency and effectiveness, Assistant Vice President Expectations Consult on complex issues; providing advice to People Leaders to support the resolution of escalated issues, Identify ways to mitigate risk and developing new policies/procedures in support of the control and governance agenda, Take ownership for managing risk and strengthening controls in relation to the work done, Perform work that is closely related to that of other areas, which requires understanding of how areas coordinate and contribute to the achievement of the objectives of the organisation sub-function, Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategy, Engage in complex analysis of data from multiple sources of information, internal and external sources such as procedures and practises (in other areas, teams, companies, etc) to solve problems creatively and effectively, Communicate complex information 'Complex' information could include sensitive information or information that is difficult to communicate because of its content or its audience, Influence or convince stakeholders to achieve outcomes, All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship our moral compass, helping us do what we believe is right They will also be expected to demonstrate the Barclays Mindset to Empower, Challenge and Drive the operating manual for how we behave,

The Application Security Analyst reports directly to the team lead of Vulnerability Management and Applications Security. The role is responsible for identifying vulnerabilities and weaknesses in applications before they go live to reduce company's attack surface and supports the operational teams in the understanding of vulnerabilities. This position is responsible of the proper maintenance, configuration and governance of the solution used for scanning the target applications. This role requires constant communication with the operational teams and other stakeholders, supervision of the processes and making sure that the service quality is delivered with the highest standards. Basic Qualification: Education: Bachelors in information technology, Computer Science or similar Field. Experience: Minimum 3 years of experience in Applications Security scans, Vulnerability Management or related cyber security experience. Excellent verbal and written communication skills Excellent team player that demonstrates proactiveness Strong analytical and interpersonal communication skills, including the ability to communicate effectively Mandate Skills: Service-related expert knowledge Experienced in designing and implementing secure tests Secure configuration management techniques Knowledge of software quality assurance process Knowledge of secure software deployment methodologies and tools Ability to document technical concise and understandably Experience in the use of Application Security Testing tools Understanding of the attack surface and company security posture Knowledge in log analysis and troubleshooting of issues Advanced knowledge of application related vulnerabilities Cyber security and technical knowledge Experienced in discerning the protection needs (i.e., security controls) of information systems and networks Experienced in estimating specific operational impacts of cybersecurity incidents caused in applications Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, etc.) Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) Knowledge of cybersecurity principles and methods that apply to software development Consideration of laws, regulations, policies, and ethics (GDPR, etc.)

In this role, you will be triaging, analysing, and remediating security incidents. You will be writing and delivering detailed investigation and analysis reports while maintaining technical documentation. You will work as part of follow-the-sun 24/7 SOC. Monitor security events and alerts from various sources. Execute predefined incident response playbooks related to identified security incidents. Collect, correlate, and analyze additional data to perform incident analysis and response. Support incident reporting to internal and external stakeholders. Collaborate with senior analysts to improve security processes. Who you are: Basic Qualification: Education: Bachelors in information technology, Computer Science or similar Field. Experience: Minimum 1 year of experience in a Cyber Security Operations Center (SOC) or related cyber security experience. Strong analytical and interpersonal communication skills, including the ability to communicate effectively Excellent verbal and written communication skills Technical documentation and writing Excellent team player that demonstrates proactiveness Mandate Skills: Experience with SOAR, SIEM, and EDR solutions. knowledge of Windows and Linux operating systems Strong analytical skills in threat, vulnerability, and intrusion detection analysis. Have a understanding of threat vectors as well as attacker techniques and tactics. Being a highly motivated individual with the ability to self-start, prioritize, and multi-task. The candidate should be able to react quickly, decisively, and deliberately in high stress situations. Strong verbal/written communication and interpersonal skills. Preferred Skills One or more widely recognized security certifications from renowned institutions such as GIAC/SANS, EC-Council, etc. Service-related expert knowledge: Knowledge of incident handling, protection of systems, networks, applications and data Confident handling of artifacts, IoCs and threat intelligence Case management experience and tools Experience with EDR and SIEM tools Alert triage and investigation, applying knowledge of the environment, understanding of the attack chain, and initial impressions of alerts to prioritize, validate, and investigate alerts. Case management classification and initial validation, documenting relevant details and observables Cyber security and technical knowledge: Experience with operating system security (Linux and Windows), anti-virus technologies and network security. Working knowledge of common TCP/IP based services and protocols such as DNS, DHCP, HTTP, FTP, SSH, SMTP, etc. Knowledge about firewalls, proxies/reverse proxies, IDS/IPS Knowledge of operating systems Ability to read and understand network and endpoint logs Basic Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, etc.) Consideration of laws, regulations, policies, and ethics (GDPR, etc.) Skills in writing queries for security and investigative tools Skills in applying incident handling best practices

Location Pune (Maharashtra), India Designation / Position Associate Technology Manager Type of Position Full time Work Experience Required 7-10 Years Corporate Office : 466, Southern Blvd, 2nd Floor, Chatham, New Jersey 07928, USA Innovation Centre : A-202, Teerth Technospace, Survey no.113, Mumbai Bangalore Highway Baner : 411045 Key Responsibilities: Extensive experience in Linux (RHEL, Ubuntu, etc) environments. Strong understanding of Data Center, OS, and Storage concepts. Ensure system uptime of 99.9%. Understand high availability concepts, including clustering, load balancing, uptime/downtime, failover (active-passive/active-active) and disaster recovery planning Strong understanding of database concepts like Clustering, Replication, and NoSQL concepts. Ability to use database tools (e.g. MongoDB). Internet Technologies: Good knowledge in DNS, Web and Application Servers (e.g., Tomcat, WebLogic), Virtualization, Cloud Computing, VPC, VNet and basic web technologies (HTML, JavaScript). Basic understanding of the mobile technologies and concepts like PlayStore/AppStore, GCM/FCM, APNs, etc. Strong knowledge of IT security and software, Antivirus, Firewall, Networking, and Server support. Proficiency in MS-Office, Project Management software (JIRA, Confluence, etc.) and Support software (Zendesk, Zohodesk, etc). Install, configure, and integrate Product on customers servers. Follow and execute instructions from user guides or emails to operate, monitor, and resolve system issues. Lead the product integration (Mobile SDKs, Backend APIs, etc) effort by understanding the customers product and participating in design/integration discussions. Take calls, sessions and remotes of customer issues and provide prompt and accurate resolution/feedback to customers. Ensure proper recording and closure of all issues. Must be able to document activities, procedures, reports etc. Should be ready to work for extended shifts and travelling to client sites, if needed. Lead and mentor a team of technology professionals, providing guidance, training and support. Possess an analytical mindset, capable of working under pressure and resolving complex technical issues. Excellent customer management and communication skills. Understand business scenarios and recommend changes to products to fulfill customer needs. Implement and manage SRE practices including defining SLAs, SLIs, and SLOs. Ensure robust observability across application and infrastructure layers. Gain hands-on experience in maintaining high availability and performance. Adopt Chaos Engineering to proactively identify and address potential problems in production systems, ensuring resilience and reliability. Qualification BE/B.tech (CS,IT), ME/M.tech (CS,IT), BSC-IT, BCA, MCA

Dear Candidate, We are hiring a Cybersecurity Consultant to provide expert advice on securing systems, applications, and infrastructure. Best for professionals who stay ahead of emerging threats and compliance trends. Key Responsibilities: Perform security assessments, audits, and risk analysis Advise clients on cybersecurity frameworks (NIST, ISO 27001, CIS Controls) Develop and implement incident response and data protection strategies Provide guidance on secure architecture and cloud security Required Skills & Qualifications: Knowledge of threat modeling, secure coding, and network security Experience with security tools (SIEM, DLP, IAM, vulnerability scanners) Strong communication and documentation skills Bonus: Certifications such as CISM, CISSP, or OSCP Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

1. Experience in the following process areas: Secure SDLC Methodologies for Waterfall/ Agile software development (Mandatory) Should be well-versed with Security best practices like OWASP and NIST guidelines (Mandatory) Ability to perform security review of microservices architecture, API Security (Mandatory) Hands on experience on Source Code reviews - SAST solution (Mandatory) Hands on experience on Dynamic Application Security Testing - DAST (Mandatory) Hands on experience in Software Composition Analysis - SCA (Mandatory) Hands on experience in performing Tech Stack Review -(Mandatory) Comfortable working in an environment that practices Agile development, engaging Product Owner and other stakeholders Good knowledge of Cloud platform/VMware Ability to identify vulnerabilities & threat actors in the application cycle and communicate effectively to the stake holders. Threat Modelling PASTA ,STRIDE etc (Good to Have) 2. Possesses ability to quickly understand the technical and functional aspects of the project to be able to communicate effectively with different stakeholders. 3. Excellent written and verbal communication skills in English, high integrity, strong work ethic and ability to empathize with the customer. 4. Ability to work effectively in a fast-paced, project-oriented environment 5. Ability to prioritize and execute tasks 6. Ability to handle sensitive and confidential information Strong analytical and problem-solving skills

Cyber Risk and Assurance Manager Back to job search results Tesco India Bengaluru, Karnataka, India Hybrid Full-Time Permanent Apply by 31-Dec-2025 About the role Following our Business Code of Conduct and always acting with integrity and due diligence and have these specific risk responsibilities: - Perform control testing in line with regulatory standards, recognised security frameworks and/or organisational policies to determine effectiveness of the control and provide recommendations. - Review adequacy of evidence provided by Technology teams as part of control assurance activities. - Identify mechanisms to monitor ongoing control effectiveness across various cyber domains including access control, network security, application security and software security. - Define and implement processes to engage and collaborate with technology and security teams to obtain relevant data/information required to monitor the effectiveness of these controls. - Identify and implement process improvements across various initiatives within the Cyber Risk and Assurance team. - Build strong relationships with stakeholders and lead meetings with Technology and Business teams. - Skilled in analysing large datasets to assess and monitor the effectiveness of control measures. What is in it for you At Tesco, we are committed to providing the best for you. As a result, our colleagues enjoy a unique, differentiated, market- competitive reward package, based on the current industry practices, for all the work they put into serving our customers, communities and planet a little better every day. Our Tesco Rewards framework consists of pillars - Fixed Pay, Incentives, and Benefits. Total Rewards offered at Tesco is determined by four principles -simple, fair, competitive, and sustainable. Salary - Your fixed pay is the guaranteed pay as per your contract of employment. Leave & Time-off - Colleagues are entitled to 30 days of leave (18 days of Earned Leave, 12 days of Casual/Sick Leave) and 10 national and festival holidays, as per the company s policy. Making Retirement Tension-FreeSalary - In addition to Statutory retirement beneets, Tesco enables colleagues to participate in voluntary programmes like NPS and VPF. Health is Wealth - Tesco promotes programmes that support a culture of health and wellness including insurance for colleagues and their family. Our medical insurance provides coverage for dependents including parents or in-laws. Mental Wellbeing - We offer mental health support through self-help tools, community groups, ally networks, face-to-face counselling, and more for both colleagues and dependents. Financial Wellbeing - Through our financial literacy partner, we offer one-to-one financial coaching at discounted rates, as well as salary advances on earned wages upon request. Save As You Earn (SAYE) - Our SAYE programme allows colleagues to transition from being employees to Tesco shareholders through a structured 3-year savings plan. Our green campus promotes physical wellbeing with facilities that include a cricket pitch, football field, badminton and volleyball courts, along with indoor games, encouraging a healthier lifestyle. You will be responsible for - Critical thinking with strong attention to detail and good organisational skills - 7 to 10 years cyber security experience - Strong written, verbal communication and presentation skills, working with all - IT control testing and IT risk management levels of seniority and disciplines within the organisation - Experience of assessing security controls across a variety of technologies and - Able to build solid working relationships with internal and external stakeholders products, recommending improvements where necessary - At least one professional qualification such as CompTIA Security+, CISSP or equivalent You will need Key people and teams I work with in and outside of Tesco: People, budgets and other resources I am accountable for in my job: Cyber Risk No line management or budget management responsibilties Security & Capability Technology Leadership Control owners & operators Automation Team Cyber Data Platform About us Tesco in Bengaluru is a multi-disciplinary team serving our customers, communities, and planet a little better every day across markets. Our goal is to create a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility through technological solutions, and empowering our colleagues to do even more for our customers. With cross-functional expertise, a wide network of teams, and strong governance, we reduce complexity, thereby offering high-quality services for our customers. Tesco in Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 3,30,000 colleagues Tesco Technology Today, our Technology team consists of over 5,000 experts spread across the UK, Poland, Hungary, the Czech Republic, and India. In India, our Technology division includes teams dedicated to Engineering, Product, Programme, Service Desk and Operations, Systems Engineering, Security & Capability, Data Science, and other roles. At Tesco, our retail platform comprises a wide array of capabilities, value propositions, and products, essential for crafting exceptional retail experiences for our customers and colleagues across all channels and markets. This platform encompasses all aspects of our operations - from identifying and authenticating customers, managing products, pricing, promoting, enabling customers to discover products, facilitating payment, and ensuring delivery. By developing a comprehensive Retail Platform, we ensure that as customer touchpoints and devices evolve, we can consistently deliver seamless experiences. This adaptability allows us to respond flexibly without the need to overhaul our technology, thanks to the creation of capabilities we have built. At Tesco, inclusion is at the heart of everything we do. We believe in treating everyone fairly and with respect, valuing individuality to create a true sense of belonging. It s deeply embedded in our values we treat people how they want to be treated. Our goal is to ensure all colleagues feel they can be themselves at work and are supported to thrive. Across the Tesco group, we are building an inclusive workplace that celebrates the diverse cultures, personalities, and preferences of our colleagues who, in turn, reflect the communities we serve and drive our success. At Tesco India, we are proud to be a Disability Confident Committed Employer, reflecting our dedication to creating a supportive and inclusive environment for individuals with disabilities. We offer equal opportunities to all candidates and encourage applicants with disabilities to apply. Our fully accessible recruitment process includes reasonable adjustments during interviews - just let us know what you need. We are here to ensure everyone has the chance to succeed. We believe in creating a work environment where you can thrive both professionally and personally. Our hybrid model offers flexibility - spend 60% of your week collaborating in person at our offices or local sites, and the rest working remotely. We understand that everyone s journey is different, whether you are starting your career, exploring passions, or navigating life changes. Flexibility is core to our culture, and we re here to support you. Feel free to talk to us during your application process about any support or adjustments you may need. Apply

RDQ226R536 About the Team The Product Security Team at Databricks is responsible for embedding security throughout the Software Development Lifecycle (SDLC). Our mission is to left-shift security ensuring that all code, whether powering customer-facing features or supporting internal infrastructure, is developed with security in mind from the start. By reducing the likelihood of introducing vulnerabilities and minimizing the impact of externally reported issues, we safeguard Databricks products and services at scale. Role Overview As a Product Security Engineer , you will play a key role in securing the features and infrastructure that power Databricks. You will partner closely with engineering teams across the organization to design secure systems, conduct security reviews, and enable scalable, repeatable secure development practices through automation, paved pathways, and guardrails. You ll support the full spectrum of security within the SDLC from architecture and threat modeling through secure coding, pentesting, and deployment. In addition, you will contribute to incident and vulnerability response efforts and help scale our security influence through tools, frameworks, and processes that support both engineers and compliance needs. Responsibilities Partner with product and engineering teams to design secure systems , identify risks early, and guide the development of robust solutions Conduct comprehensive security reviews including threat modeling, design analysis, manual code reviews, and exploit development to validate potential weaknesses Design and build guardrails that prevent common security mistakes and ensure consistent, enforceable policies across services Develop and maintain paved pathways secure-by-default development patterns, frameworks, and tools that enable engineering teams to build securely without friction Triage and analyze findings from Static Application Security Testing (SAST) tools, distinguishing false positives from genuine issues and performing variant analysis to identify similar vulnerabilities across the codebase. Operate and evolve Dynamic Application Security Testing (DAST) tooling and automation to support vulnerability detection and defect tracking Support incident response (IR) and vulnerability response (VRP) workflows as needed, partnering with internal teams to investigate and remediate security events Enhance internal security automation frameworks and integrations to meet evolving compliance and regulatory requirements (e.g., FedRAMP, PCI, HIPAA) Contribute to the continuous improvement of SDLC-integrated security processes, with a focus on risk-based prioritization, real-world impact, and the implementation of AI-assisted tooling to enhance efficiency, accuracy, and scalability. What we look for 10+ years of experience in product or application security, with deep expertise in securing large-scale, distributed systems Extensive experience influencing architectural decisions, embedding security-by-design principles, and aligning security goals with business objectives Proven leadership in cross-functional initiatives, including incident response, security reviews, and risk management at scale Recognized mentor and technical leader, enabling the growth of security-minded culture through coaching, training, and collaboration Thought leader in emerging security technologies and practices, including the integration of AI/ML to scale security operations and tooling Expertise in at least two of the following domains: Ability to read code and identify security defects in two or more programming languages (e.g., Python, Java, Scala, JavaScript ) Hands-on experience with exploit development , proof-of-concept creation, or exploit chaining Strong automation skills for building security tools and processes using AI-agents (think Cursor, Goose, VSCode, etc) Familiarity with fuzzing techniques is a plus Pragmatic approach to security prioritizing risk management over theoretical severity Other good to have credentials About Databricks Databricks is the data and AI company. More than 10,000 organizations worldwide including Comcast, Cond Nast, Grammarly, and over 50% of the Fortune 500 rely on the Databricks Data Intelligence Platform to unify and democratize data, analytics and AI. Databricks is headquartered in San Francisco, with offices around the globe and was founded by the original creators of Lakehouse, Apache Spark , Delta Lake and MLflow. To learn more, follow Databricks on Twitter , LinkedIn and Facebook . Benefits At Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region, please visit https: / / www.mybenefitsnow.com / databricks . Our Commitment to Diversity and Inclusion . Compliance If access to export-controlled technology or source code is required for performance of job duties, it is within Employers discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.

RDQ326R107 About the Team The Product Security Team at Databricks is responsible for embedding security throughout the Software Development Lifecycle (SDLC). Our mission is to left-shift security ensuring that all code, whether powering customer-facing features or supporting internal infrastructure, is developed with security in mind from the start. By reducing the likelihood of introducing vulnerabilities and minimizing the impact of externally reported issues, we safeguard Databricks products and services at scale. Role Overview As a Product Security Engineer , you will play a key role in securing the features and infrastructure that power Databricks. You will partner closely with engineering teams across the organization to design secure systems, conduct security reviews, and enable scalable, repeatable secure development practices through automation, paved pathways, and guardrails. You ll support the full spectrum of security within the SDLC from architecture and threat modeling through secure coding, pentesting, and deployment. In addition, you will contribute to incident and vulnerability response efforts and help scale our security influence through tools, frameworks, and processes that support both engineers and compliance needs. Responsibilities Partner with product and engineering teams to design secure systems , identify risks early, and guide the development of robust solutions Conduct comprehensive security reviews including threat modeling, design analysis, manual code reviews, and exploit development to validate potential weaknesses Design and build guardrails that prevent common security mistakes and ensure consistent, enforceable policies across services Develop and maintain paved pathways secure-by-default development patterns, frameworks, and tools that enable engineering teams to build securely without friction Triage and analyze findings from Static Application Security Testing (SAST) tools, distinguishing false positives from genuine issues and performing variant analysis to identify similar vulnerabilities across the codebase. Operate and evolve Dynamic Application Security Testing (DAST) tooling and automation to support vulnerability detection and defect tracking Support incident response (IR) and vulnerability response (VRP) workflows as needed, partnering with internal teams to investigate and remediate security events Enhance internal security automation frameworks and integrations to meet evolving compliance and regulatory requirements (e.g., FedRAMP, PCI, HIPAA) Contribute to the continuous improvement of SDLC-integrated security processes, with a focus on risk-based prioritization, real-world impact, and the implementation of AI-assisted tooling to enhance efficiency, accuracy, and scalability. What we look for: 3-5 years of experience in product or application security Proficiency in threat modeling and identifying design flaws using architecture diagrams and data flow models Experience conducting security assessments, code reviews, and partnering with engineering teams to remediate vulnerabilities Ability to independently lead security reviews for medium- to large-scale features or systems Collaborates effectively with cross-functional teams to integrate security practices into the SDLC and improve developer security awareness Expertise in at least two of the following domains: Ability to read code and identify security defects in two or more programming languages (e.g., Python, Java, Scala, JavaScript ) Hands-on experience with exploit development , proof-of-concept creation, or exploit chaining Strong automation skills for building security tools and processes using AI-agents (think Cursor, Goose, VSCode, etc) Familiarity with fuzzing techniques is a plus Pragmatic approach to security prioritizing risk management over theoretical severity Other good to have credentials About Databricks Databricks is the data and AI company. More than 10,000 organizations worldwide including Comcast, Cond Nast, Grammarly, and over 50% of the Fortune 500 rely on the Databricks Data Intelligence Platform to unify and democratize data, analytics and AI. Databricks is headquartered in San Francisco, with offices around the globe and was founded by the original creators of Lakehouse, Apache Spark , Delta Lake and MLflow. To learn more, follow Databricks on Twitter , LinkedIn and Facebook . Benefits At Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region, please visit https: / / www.mybenefitsnow.com / databricks . Our Commitment to Diversity and Inclusion . Compliance If access to export-controlled technology or source code is required for performance of job duties, it is within Employers discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.

Job Description Job Purpose An ICE IS Application Security Analyst is part of a team responsible for ensuring that ICE produces and maintains secure applications. The team member influences secure design, performs code analysis, identifies vulnerabilities through hands-on penetration testing, assists developers in remediation efforts, and communicates findings to developers, QA teams and management. Core Duties IS AppSec (Application Security) Application Identification and Review - Operates the Application Development Security Lifecycle from design review through automated and hands-on testing. Standards and Policies - Maintains and contributes to Application Development Security Policies and standards by keeping up with industry trends and publications from organizations such as NIST, OWASP, and SANS. Secure Design Works with development teams to establish security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases. Tool Management Focuses on automation while implementing, maintaining and integrating cutting-edge technologies to assess an application s security with static code analyzers (SAST), dynamic testing (DAST) tools, software composition scanners, Web Application Firewall (WAF) and bug bounty programs. Developer Education Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community via training sessions, one-on-one education, Intranet blogs and other opportunities. Desirable Knowledge and Experience Software engineering experience in Java, C++, . NET and/or related languages Expert at deploying, configuring, and using SAST, DAST, and Software Composition in large environments Experience designing solutions to integrate transparently with the CI/CD pipeline Familiar with application development in large cloud environments University degree in Computer Science, Engineering, MIS, CIS, or related discipline Analyst, Engineer, and Sr. Engineer Distinction Seniority is determined by experience and demonstration of exceptional competencies including: Documenting and effectively publishing technology guidance and repeatable processes Mentoring peers in groups and individually Improving processes and introducing superior technology Taking initiative to learn business goals, liaise with other departments, and identify ways to increase productivity in other ICE groups and offices

The Opportunity We are looking for a hands-on technical Engineering manager to take responsibility for the Application Security team in AppSec org of the Harness product portfolio. This position has strong growth potential limited only by the candidates ability. Harness SaaS service consists of several microservices deploying multiple releases a week. The successful candidate will lead and manage a talented team of backend engineers in a fast-paced environment, and we are looking for candidates with strong people management skills with a passion for technology who can be seen as a role model to the team. Key Responsibilities Engineering Leadership Cross-Functional Collaboration: Work closely with product management, UX/design, and go-to-market teams to define requirements and prioritize features. Translate business needs into technical solutions and ensure alignment across departments. Excellent analytical and problem-solving abilities, especially in complex technical environments. Capable of making informed, high-impact decisions about architecture and design, and adept at prioritizing tasks for maximum business impact. Drive definition, development, and deployment of comprehensive automated testing strategies including functional, system, performance, stress, security, load, reliability, and longevity tests Be data-driven: identify, generate, and provide quality metrics to substantiate quality improvements Technical Excellence Strong Software Engineering Background: 8+ years of software development experience with a proven track record. Hands-on proficiency in Java is a must. Expertise in Python is a big plus. Distributed Systems & Cloud Expertise: Deep understanding of distributed systems and cloud-native architectures. Experience building and operating scalable microservices in production (preferably on AWS and/or Azure). Familiarity with observability platforms and practices (logging, monitoring, tracing) is essential. Implement state-of-the-art quality engineering methodologies to uncover potential bottlenecks in performance, defects, risks, and user experience Work with stakeholders to diagnose, debug, and perform root cause analysis for issues in production and test environments Establish and maintain processes to meet standards compliance such as SOC2/FedRamp Team Leadership Proven ability to lead and grow an engineering team. Experience hiring engineers, mentoring developers, and fostering a collaborative, high-performance team culture. Strong leadership and communication skills to coordinate across departments. Recruit, challenge, and reward high-performance individuals to build a high-performing organization Coach and mentor team members, fostering a positive culture that embraces change and drives simple solutions to complex problems Be a trusted partner for senior management, helping drive alignment and implementing decisions throughout your team Cross-Functional Collaboration Build relationships with Product Management, DevOps, SRE, Service, and Customer success teams Collaborate with customers and Customer Success teams to identify and resolve product issues, close testing gaps, and enhance usability Ensure alignment across functions and effective communication of relevant information Foster a culture of positive collaboration, safety to learn from failure, and continuous improvement Proactively provide solutions rather than just identifying problems Qualifications Required Experience Minimum 8+ years of experience in Software development. Minimum 3+ years as an engineering manager in a fast-paced environment. BS degree in Electrical Engineering/Computer Science or related field or equivalent Experience with automation framework design, continuous integration, and continuous deployment best practices Experience with REST/gRPC/gQL API-based products and services . Knowledge of Atlassian tools, Git, Harness, or similar tools Experience with Kafka, Kubernetes, Helm, Docker. Thorough understanding of different testing types at scale in distributed microservice architectures Soft Skills Outstanding interpersonal and communication skills Self-starter with exceptional attention to detail Customer focus, sense of urgency, and accountability Ability to manage diverse teams and collaborate with geographically distributed teams Keen business acumen, ability to influence without authority Willingness to ask questions and challenge the status quo Nice to Have Spearheaded the adoption of shift-left test practices Cloud IaaS knowledge, especially in AWS/GCP Experience managing quality for enterprise customers Familiarity with KubeMonkey and other Chaos testing tools Exposure to code coverage, DAST/SAST tools. Work Location Bangalore. The successful candidate will be expected to be in the Bangalore office 3x/ week. What You Will Have at Harness Experience building a transformative product End-to-end ownership of your projects Competitive salary Comprehensive healthcare benefit Flexible work schedule Quarterly Harness TGIF-Off / 4 days Paid Time Off and Parental Leave Monthly, quarterly, and annual social and team building events Monthly internet reimbursement

Strong knowledge of cybersecurity frameworks (NIST, CIS, MITRE ATT&CK, OWASP MASVS/ASVS). • Hands-on experience with OAuth 2.0, OpenID Connect, SAML, FIDO2, and zero-trust security models.

Role & responsibilities This position is responsible for supervising all aspects of IT security, which includes: * Designing and developing security measures * Implementing security protocols * Managing incident response * Overseeing product selection * Ensuring adherence to relevant regulations This role is a mandatory work-from-office position based in our Gurgaon location, and the person in this role must be willing to work in 24/7 rotational shifts. Key responsibilities include: 1. Cybersecurity defense for endpoints and servers. 2. Investigation of alerts through SIEM, EPP, and XDR. 3. Vulnerability assessment and patch management. 4. Authorization of third-party software. 5. Collaboration with various departments to reduce risk. 6. Awareness of potential harm from new threats to network infrastructure and existing security procedures. 7. Providing security training to employees. 8. Facilitation of system and software configuration through Endpoint Management. 9. Willingness to work in a 24/7 SOC environment. Preferred candidate profile

Role & responsibilities Experience in understanding and reviewing solution architecture, identify the security loopholes, recommend the best solution specific to environment and technologies in use. Understanding of data criticality, classify them and suggest controls accordingly. Understanding of Containers and Kubernetes and security best practices. Expert level security knowledge in technical IT domains such as operating systems, networks, databases, cloud or solution development etc. Experience in practical security vulnerability identification and remediation. Management of multiple stakeholders including business, IT and management. Information Security domains - two or more of the following: Risk Assessment, Vulnerability Management, Incident Management, Security Architecture, Application/Network Security. This experience should include both advisory and implementation experience. Excellent work experience on micro service architecture, micro segmentation, zero trust architecture etc. Industry related certification preferred (e.g. CISSP, CISA, CISM, CISSP-ISSAP, GSEC / GCIH / GCIA: GIAC Security Certifications, ISO 27001:2013, PCIDSS 3.0, OSCP/OSCE). Solution Level & Technical Certifications will be advantageous. Preferred candidate profile

Job Title: Information Security Officer (ISO) Corporate Title: AS Role Description The role of an Information Security Officer (ISO) is of a role holder aligned to a portfolio of applications (Application ISO). The ISO has the responsibility for the operational aspects of ensuring compliance with the Information Security Principles. The ISO is the primary contact for information security relevant matters within their area of responsibility. The ISO has a disciplinary reporting line into their Line Manager and a functional reporting line into the Divisional CISO. Your key responsibilities To assume the ownership and responsibility for the assigned IT assets, in line with the DB Group Information Security management processes and the Divisional ISMS. To support the development and maintenance of Information Security policies and procedures pertaining to the Unit in accordance with the Information Security policies and procedures of DB Group. To support the management of IS Risks within the Risk Appetite defined by the ISR. To execute the IS Risk assessments and compliance evaluations for assigned IT assets To ensure the execution of information security risk management requirements in their area of responsibility as additionally defined by the Divisional ISO (e.g., conducting risk assessments on an organizational basis, preparing and implementing management action plans to mitigate identified risks) To ensure the implementation of Identity and Access Management Processes and the execution of a periodic recertification of User Access Rights in their area of responsibility To provide timely updates to the Divisional ISO regarding the aforementioned information security management tasks To ensure that application entries regarding information security (e.g., Data Protection and Data Privacy fields) in the Groups inventory of applications are accurate and up to date To implement Segregation of Duty (SoD) rules for the assigned IT assets To contribute to the Information Security incident management process in the case of a security breach Keep oneself informed of the Information Security Principles and its subordinate documents and liaise with any other necessary parties to accomplish their tasks. These resources may be e.g., the TISO, ITAO or any other subject matter experts To ensure appropriate documentation of information security risk management in area of responsibility. This includes major decisions including identified and assessed risks as well as risk mitigation measures To deliver all items requested during regulatory and internal Information Security related audits Your skills and experience Essential Candidate should have a minimum of 8 years of business experience in an operation management / risk management capacity, working knowledge in various banking products with strong communications skills Knowledge on Information Security Controls, Data Protection Policy, Information classification principles and segregation of duties requirements within Banking Operations Good understanding of Regulatory, Compliance, Risk & Control Knowledge Have sound knowledge of Identity and Access Management Process Ability to multitask and manage multiple deliverables / projects that are highly visible and of strategic importance to our clients Ability to effectively communicate with clients internally and externally Must be a team player and facilitator Desirable Solid technical understanding of the business (CB Operations) including strong knowledge of application security related processes. Knowledge of electronic banking products and flow of instructions Computer proficiency in MS Office and ability to utilize IT initiatives to achieve a high degree of operational efficiency, optimize costs and add value to the service provided Innovative approach to work and continuously identify and implement process improvements Seek opportunities to improve service processes, minimize operational risk and reduce costs Strong analytical skills, detail orientation, service commitment and solid people management skills Strong awareness of risk control Education / Certification Graduation degree CRISC Desired: CISA/CISM/CISSP

Develop and maintain C# WinForms desktop applications for seller account management. Integrate Amazon and other eCommerce platform APIs to automate seller operations. Work with SQL Server to handle large-scale data transactions efficiently. Implement inventory, order, and account management features. Optimize database queries and application performance. Troubleshoot and resolve bugs to ensure smooth application functionality. Collaborate with the team to enhance features and ensure application security. Required Skills: Proficiency in C# .NET Framework (WinForms/WPF) Strong SQL Server skills (efficient queries, stored procedures) API integration experience (Amazon Seller API, eCommerce platforms, third-party APIs) Multi-threading & performance optimization in C# Experience with Windows Services & background jobs Understanding of UI/UX best practices for desktop applications Preferred Skills (Nice to Have): Experience with Azure cloud storage Familiarity with Entity Framework & LINQ Experience using logging frameworks (Serilog, NLog, etc)

This individual will be part of the Cloud Security Consulting team and become the center of excellence for specific cloud security technology areas and associated Fortinet products/solutions. They will need to be comfortable in front of customers of all levels and be able to deliver paid consulting services and proof of concepts. Ideal candidates will have excellent knowledge of public and/or private cloud technologies, software development experience, network/application security expertise, and support four main areas of responsibility: 1) Cloud Security Solution Expert Assist customers with creating multi-cloud and hybrid cloud security blueprints with a focus on vendor-neutral and cloud-agnostic design and implementation best practices Become an expert in Fortinet products within cloud solutions Maintain knowledge of competitive products and services Respond to industry analyst inquiries and conduct demos 2) Trusted Advisor Attend customer meetings and provide expert opinion on cloud security design/architecture Provide custom architecture and automation code, as per the requirements set by a given customer for their cloud deployments Publish reference architectures for specific use cases 3) Continuous Learner Dedicate a percentage of their time to ongoing training/education for new technologies Help drive technical webinars and hands-on demo s Help the NSE institute with advanced course materials Help training teams at SE Training events 4) Evangelist Publish public information, such as whitepapers and blogs, around salient technology topics Draft architecture papers for in-depth analysis and reasoning for technology adoption Continuous active networking within the industry to build relationships and awareness Required Skills: The ideal candidate will have 10+ years in roles such as SE, Consulting SE, or Solution Architect in the Cloud, Networking, Infrastructure, and/or Cybersecurity industries In-depth knowledge and hands-on experience with one or more of the following public/private cloud platforms: AWS, Azure, GCP, NSX

7+ years of full-stack development experience with proficiency in .NET technologies (C#, ASP.NET Core, Entity Framework). Strong grasp of Agile methodologies, DevOps principles, application security and version control systems (eg, Azure DevOps). Proficiency in modern front-end frameworks (eg, Angular, React, Blazor). Familiarity with Microsoft Azure, with experience in leveraging key services (eg, App Services, Azure Functions, SQL) would be considered an asset

As a Senior Specialist IT, you will manage the deployment, configuration, and maintenance of AppSecOps applications across the organization serving a larger developer userbase and ensure that security tools and processes are scalable and meet the needs of the entire organization. Job Description In your new role you will: Manage the deployment, configuration, and maintenance of AppSecOps applications across the organization serving a larger developer userbase. Ensure that security tools and processes are scalable and meet the needs of the entire organization. Design, develop, and implement security measures to protect applications and infrastructure. Integrate security practices into the software development lifecycle, ensuring security is considered at every stage following a Platform Engineering approach Your Profile You are best equipped for this task if you have: Bachelors or Masters degree in Computer Science, Cybersecurity, or related field. 3+ years of experience in application security, DevSecOps, or related roles, with substantial experience in managing AppSecOps applications across a large enterprise environment. Proficiency in programming and scripting languages such as Python, Java, or similar. Strong understanding of application security principles, threat modeling, and risk management. Experience with advanced security tools and technologies (eg, SAST,DAST, RASP, SIEM). Knowledge of containerization technologies (Docker, Kubernetes) and cloud platforms (AWS, Azure, GCP). Excellent communication and interpersonal skills Ability to work effectively in a team-oriented environment. Strong problem-solving skills and an analytical mindset.

Whats exciting waiting for you This is an amazing opportunity for you to join a fantastic crew before the rocket ship launch. It will be a story you will carry with you through your life and have the unique experience of building something ground up and have the satisfaction of seeing your product being used and paid for by thousands of customers. You will be a part of a growth story in securing critical financial applications that handle cross-border payments. We believe in a culture of openness, innovation & great memories together. About the Application Security Engineer Role As an Application Security Engineer, you will be responsible for ensuring the security of our payment applications throughout their entire development lifecycle. You will work closely with development teams to identify, assess, and remediate security vulnerabilities in web applications, mobile apps, and APIs that process sensitive financial data across 70+ markets. Key Responsibilities Application Security Assessment & Testing Conduct comprehensive security assessments of microservices-based applications built with GoLang, Java, or Scala Perform security reviews of Vue.js and ReactJS frontend applications and their interaction with backend services Execute manual and automated web application penetration testing using industry-standard methodologies (OWASP Testing Guide, PTES) Conduct vulnerability scoring and risk assessment using CVSS framework and custom business impact metrics Utilize govulncheck for Go-specific vulnerability detection and dependency analysis in GoLang microservices Deploy Semgrep/OpenGrep for static code analysis across multiple programming languages and frameworks Integrate Gitleaks for automated secret detection and credential scanning in source code repositories Execute static application security testing (SAST) and dynamic application security testing (DAST) across the entire stack Conduct penetration testing and vulnerability assessments on payment processing applications and microservices Perform web application penetration testing including authentication bypass, authorization flaws, injection attacks, and business logic vulnerabilities Review and analyze code for security vulnerabilities with focus on microservices communication patterns and frontend security Assess API gateways, service meshes, and inter-service authentication mechanisms Implement and maintain automated security testing tools in CI/CD pipelines for both frontend and backend components Secure Development Lifecycle (SDLC) Integrate security practices into the software development lifecycle Collaborate with development teams to implement secure coding practices Conduct security architecture reviews and threat modeling sessions Provide security requirements and guidelines for new application features Establish and maintain application security standards and best practices Vulnerability Management Identify, prioritize, and track application security vulnerabilities across multiple technologies Implement comprehensive vulnerability scoring using CVSS v3.1, OWASP Risk Rating, and custom business impact assessments Develop risk scoring matrices that incorporate technical severity, business impact, and exploitability factors Utilize govulncheck for proactive Go vulnerability management and dependency tracking Deploy Gitleaks for continuous secret detection and credential exposure prevention Implement Semgrep/OpenGrep for custom vulnerability pattern detection and policy violations Create detailed penetration testing reports with executive summaries, technical findings, and remediation roadmaps Establish vulnerability SLA metrics and track remediation timelines based on risk scores Work with development teams to remediate identified security issues Maintain vulnerability management processes and ensure timely resolution Perform risk assessments and provide recommendations for vulnerability mitigation Monitor and respond to emerging application security threats Create and maintain security metrics and KPIs for vulnerability remediation Security Tools & Automation Implement and manage application security scanning tools (SAST, DAST, IAST) Deploy govulncheck for continuous Go vulnerability monitoring in GoLang microservices Integrate Gitleaks for automated secret scanning across development workflows and CI/CD pipelines Configure Semgrep/OpenGrep rules for custom security pattern detection and policy enforcement Develop and maintain security automation scripts and tools Integrate security tools into development workflows and CI/CD pipelines Evaluate and recommend new application security technologies and solutions Create custom security rules and policies for language-specific vulnerabilities Automate security testing for containerized applications and microservices Compliance & Documentation Ensure applications comply with financial industry regulations (PCI DSS, PSD2, etc.) Maintain security documentation, procedures, and incident response plans Support compliance audits and security assessments Create and deliver application security training for development teams Required Qualifications Experience 4+ years of experience in application security, with focus on web and mobile applications Strong experience securing microservices architectures, particularly those built with GoLang, Java, or Scala Hands-on experience with frontend security for modern JavaScript frameworks (Vue.js, ReactJS) Extensive experience in web application penetration testing including OWASP Top 10, business logic flaws, and authentication/authorization bypasses Proven expertise in vulnerability scoring and risk assessment using CVSS, OWASP Risk Rating, and custom scoring methodologies Proven experience with security automation tools: govulncheck (Go vulnerability scanning), Gitleaks (secret detection), Semgrep/OpenGrep (static analysis) Experience with application security testing tools (Burp Suite, OWASP ZAP, Veracode, Checkmarx, etc.) Hands-on experience with penetration testing and vulnerability assessment Experience with secure code review and static/dynamic analysis tools Knowledge of common web application vulnerabilities (OWASP Top 10) and microservices-specific security challenges Technical Skills Proficiency in backend programming languages with strong focus on GoLang, Java, or Scala for microservices architecture Experience with frontend frameworks, particularly Vue.js and ReactJS for modern web applications Advanced proficiency with security tools: govulncheck (Go-specific vulnerability detection), Gitleaks (credential scanning), Semgrep/OpenGrep (multi-language static analysis) Expert-level web application penetration testing skills using tools like Burp Suite Professional, OWASP ZAP, Nuclei, and custom exploitation frameworks Comprehensive knowledge of vulnerability scoring frameworks including CVSS v3.1, OWASP Risk Rating Methodology, and FAIR (Factor Analysis of Information Risk) Experience with automated penetration testing tools and frameworks for continuous security validation Strong understanding of microservices security patterns and inter-service communication Experience with API security testing and assessment (REST, GraphQL, gRPC) Knowledge of mobile application security (iOS/Android) Familiarity with cloud security (AWS, Azure, GCP) Understanding of database security and secure data handling Experience with containerized applications and orchestration platforms Security Knowledge Deep understanding of application security principles and best practices Expert knowledge of web application penetration testing methodologies (OWASP Testing Guide, PTES, NIST SP 800-115) Advanced understanding of vulnerability scoring and risk quantification using industry-standard frameworks Knowledge of security frameworks and standards (OWASP, NIST, ISO 27001) Experience with threat modeling and risk assessment methodologies Understanding of cryptography and secure communication protocols Knowledge of authentication and authorization mechanisms Expertise in manual testing techniques for complex business logic vulnerabilities Experience with penetration testing reporting and executive communication of security risks Nice to Have Certifications Relevant security certifications (CISSP, CEH, CSSLP, GWEB, OSCP) Cloud security certifications (AWS Security, Azure Security) Additional Skills Experience with DevSecOps practices and tools Advanced proficiency in securing distributed microservices ecosystems Experience with modern frontend build tools and security (Webpack, Vite, npm/yarn security) Expertise in Go ecosystem security including govulncheck integration and dependency management Advanced configuration and customization of Semgrep/OpenGrep rules for organization-specific security policies Experience with Gitleaks integration across multiple Git workflows and CI/CD platforms Advanced web application penetration testing including thick client applications and complex multi-tier architectures Experience with custom exploit development and proof-of-concept creation for business logic vulnerabilities Expertise in creating comprehensive risk scoring models that align technical findings with business impact Knowledge of container security (Docker, Kubernetes) Experience with financial services and payment processing security Familiarity with regulatory compliance (PCI DSS, GDPR, PSD2) Experience with bug bounty programs and responsible disclosure Knowledge of machine learning/AI security Experience with service mesh security (Istio, Linkerd) and API gateway security Key Abilities and Traits Technical Excellence: Demonstrated ability to identify and remediate complex application security vulnerabilities across diverse technology stacks. Collaboration: Strong ability to work effectively with development teams, translating security requirements into actionable development practices. Communication: Excellent verbal and written communication skills, capable of explaining security concepts to both technical and business stakeholders. Problem-Solving: Strong analytical and problem-solving skills with the ability to think like both a defender and an attacker. Continuous Learning: Commitment to staying current with emerging application security threats, tools, and best practices. Detail-Oriented: Meticulous attention to detail when reviewing code and assessing application security. Project Management: Ability to manage multiple security assessments and projects simultaneously while meeting deadlines.