1254 Application Security Jobs - Page 44

Department: Information Technology Location: Ahmedabad Experience: 10+ Years Education: Bachelors/Master’s in Computer Science, Cybersecurity, or related field Certifications Preferred: CISSP, CISM, CEH, or equivalent Job Summary: We are looking for a seasoned professional to lead application security initiatives across the software development lifecycle. This role combines expertise in secure coding, threat modeling, incident response, and SOC collaboration to ensure the integrity, confidentiality, and availability of enterprise applications. The candidate will work closely with development, DevOps, and IT security teams to build and maintain a secure application environment. Key Responsibilities: Application Development & Security Lead secure design and review processes throughout the SDLC. Guide development teams on secure coding standards and best practices. Conduct threat modeling, vulnerability assessments, and penetration testing. Integrate security into CI/CD pipelines for secure deployment. Application Security Management Define and enforce security policies, standards, and procedures. Stay current on emerging threats, vulnerabilities, and compliance trends. Implement tools such as WAFs, SIEM, IDS/IPS within application ecosystems. Oversee application vulnerability management and incident response. SOC Operations & Incident Response Collaborate with SOC to improve threat detection and response for application-layer risks. Support SOC operations with security insights from the application stack. Analyze and report incidents, with plans to mitigate future risk. Collaboration & Stakeholder Management Work with cross-functional teams to solve security challenges while supporting business goals. Provide leadership on security strategy during digital transformation initiatives. Coordinate with external vendors for security reviews and audits. Training & Awareness Conduct training sessions for developers and IT staff on secure development practices. Champion a culture of security-first development across all technical teams. Required Skills: Deep understanding of SOC processes and incident response methodologies. Practical experience with SIEM, IDS/IPS, WAFs, and vulnerability management tools. Ability to translate technical risks into business risks and drive resolution. Preferred Skills: Familiarity with OWASP, NIST, ISO 27001, or related security frameworks. Understanding of cloud security for Azure, AWS, or GCP. Industry certifications such as CISSP, CISM, CEH, or equivalent.

Job Title: Application Security (AppSec) Experience: 10+ Years Location: Hyderabad Department: Information Security / DevSecOps Industry: Software / IT Services / Product Engineering Job Summary: We are seeking a seasoned Application Security Focal with 10+ years of experience to lead our application security initiatives across the SDLC. The AppSec Focal will act as the central point of contact between development, DevOps, and security teams to ensure secure design, development, and deployment of applications. This role demands deep technical expertise in secure coding practices, threat modelling, SAST/DAST tools, and secure CI/CD integration. Key Responsibilities: Security Leadership & Governance: Act as the single point of contact for all application security initiatives within the organization. Define, implement, and enforce secure coding standards and security architecture reviews. Establish and maintain secure SDLC practices in collaboration with engineering teams. Drive risk assessments and provide actionable security recommendations for applications. Collaborate with compliance teams to support audits (ISO 27001, SOC 2, HIPAA, etc.). Technical Responsibilities: Lead threat modelling, secure code reviews, and vulnerability assessments. Manage and optimize the use of AppSec tools: SAST (e.g., SonarQube, Checkmarx), DAST (e.g., OWASP ZAP, Burp Suite), SCA (e.g., Mend, Black Duck), and container scanning tools. Integrate security tools into CI/CD pipelines (e.g., Azure DevOps, GitLab CI/CD, Jenkins). Drive vulnerability triage and remediation with engineering teams. Analyze third-party components and APIs for security risks (open-source security management). Training & Awareness: Conduct secure coding workshops, OWASP Top 10 training, and awareness sessions. Build and maintain a knowledge base of secure development practices, checklists, and guidelines. Support incident response efforts in case of application-related security incidents. Required Skills & Experience: 10+ years of experience in application development and/or security engineering. Deep understanding of OWASP Top 10, CWE, CVE, and common attack vectors (XSS, SQLi, CSRF, etc.). Strong knowledge of application architectures (web, mobile, APIs, microservices). Hands-on experience with security tools (SAST, DAST, SCA, RASP, WAF, etc.). Proficiency in at least one programming language (Java, .NET, Python, Node.js, etc.). Familiarity with DevSecOps pipelines and security automation. Preferred Qualifications: Bachelor's/masters degree in computer science, Cybersecurity, or related field. Relevant certifications: CSSLP , OSWE , GWAPT , CISSP , or CEH Azure/AWS security certifications are a plus. Experience in Agile/DevOps environments and secure CI/CD implementation. Soft Skills: Excellent stakeholder communication, documentation, and leadership abilities. Ability to influence engineering teams and build a security-first mindset. Strong problem-solving and risk assessment skills. Reporting To: Head of Security / CISO / Enterprise Architect Work Mode: Hybrid / On-site / Remote

Engineering Technical Leader(SRE / DevOps Engineer - Strong Linux/Python Coding /Ansible Your Impact : Primarily responsible for Cisco Secure Workload product BU support . Collaborates closely with Technical support team , Customers, channel partners, and the Cisco field Team to resolve Customer issues. Automate several tasks and Increase Team and Operational efficiency. Improve the Product quality by holding post-incident reviews. You will contribute to Product bug fixes and Enhancements Site reliability engineers also play a role in Product feature testing thereby improve product quality. Responsible for Operational work. This includes several tasks, such as the following: Emergency incident response via alerts Change management for Production changes IT Cloud infrastructure management Minimum Qualification: BS/MS in Computer Science or related technical field or equivalent practical 10+ years of experience Strong experience with Linux ( RHEL,CentOS,Ubuntu ) Strong programming experience in python, shell scripting (bash) and using git. Proven ability in Python development projects. Have working experience with automation using Ansible Experience of working with Ansible/Terraform or any other configuration, infrastructure management tools 24x7 Production support in SaaS/Public cloud environment. Experience working with tools like iptables, tcpdump , Openssl (certificate management) Proficient in TCP/IP, DNS, DHCP, NTP, SMTP. Excellent troubleshooting skills at application, network and host operating system levels Good understanding of system/application security Experienced with package management tools (rpm, dpkg, apt-get) Experienced with troubleshooting web-based applications (nginx, haproxy, ruby) Preferred Qualification: Basic Hadoop knowledge preferred. Prior experience in supporting a SaaS platform hosted in a public cloud. Knowledge of Docker, Kubernetes. Knowledge of virtualization (KVM/VMware) and cloud environments like AWS/Oracle Cloud is a Plus. Willing to participate in an on-call pager rotation Interface and Collaborate with internal product/development teams

Job Description: About the Job : Job Title: Software Engineer Management Level: S4 Job Category: Specialist Job Location-Bangalore As a Software Engineer - India, your primary responsibility will be to develop, debug, troubleshoot software that solves problem statements as defined by your product/ business owner and tech lead. You will work closely with senior engineers, tech leads, tech managers, product owners and scrum masters, participate in Agile ceremonies and actively participate in code reviews, architecture/ UX design discussions etc. You will also work with the application security team and tech lead to make sure that the solutions you build are secure and scalable. The ideal candidate will: Work with product owners, tech leads and tech managers in scoping and implementing user stories and tasks Gain expertise in the FCB tech stack on the front-end and back-end applications and solve complex banking problems with elegant, secure and scalable software Actively participate in all Agile ceremonies and provide estimates to work effort Make sure your code is peer reviewed and follows all the standards for quality and security Write unit and automation tests for the code and follow the CI/ CD process to deploy code Have strong analytical and problem-solving skills, able to self-learn and research technical subjects and pay close attention to design details Have strong verbal & written communication skills and can directly work with stakeholders in India and the US Compliance to all FCB standards, policies, and procedures Technical Expertise - Hands on experience in either front-end or back-end technologies, thrives in a fast-paced Agile environment. Worked on one or more modern framework like ReactJS, AngularJS, NodeJS on the front-end and/ or Springboot, Kafka, Elastic Search on the back-end. Needs to have some database knowledge with working experience with Oracle or Postgres RDBMS and basic knowledge of no-SQL databases like MongoDB. Education Qualification and Experience: Minimum of a Bachelor s Degree in Computer Science, Software Engineering or related field. Work experience of 6 months or 1 year in a fast-faced Agile software development environment.

Convert business requirements into technical specificities Design, develop, and deploy BI solutions such as reporting tools Build analysis services reporting modelsThink analytically to convert data into actionable form and present the same to associated team members.Conduct unit testing and troubleshooting Maintain and support platforms for data analytics Enhance and optimize existing BI systems Establish row-level data security while comprehending Power BI s application security layer models. Integrate and alter the data while connecting and updating it from different sources. Develop dynamic and attracting dashboards and reports using Power BI Create charts and data documentation comprising a description of parameters, techniques, relationships, and models Spot key performance indicators with apt objectives Design multi-dimensional data models Run DAX queries and functions in Power BI Qualifications Required Specifications and Skills: Bachelor s degree Hands-on experience in report and dashboard development in Power BI along with VBAFamiliarity with SQL for data manipulation and extraction Knowle

Innovate to solve the worlds most important challenges Honeywell is a Fortune 100 company with global sales surpassing $40B and has been one of Fortune s Most Admired Companies for over a decade. Through innovation the company brings together the physical and digital world to tackle some of the toughest societal and business problems - making the world a more productive, safe and sustainable place. Honeywell is organized into five primary groups: Aerospace Technologies; Building Automation; Industrial Automation; Energy and Sustainability Solutions; and the Connected Enterprise. Honeywell Connected Enterprise (HCE) pioneered Honeywell Forge - an integrated, cross-industry IOT platform to digitalize business outcomes for people, process & assets and is developing the next generation of connected offerings. The Senior Security Architect reports to the HCE Product Security Leader and will be responsible to drive Secure SDLC practices, Cloud Security Architecture, Design & Configuration and Process Improvements within our products. Are you a cyber professional who desires to make a difference in the everyday security of people? Are you tired of being a consultant to engineering teams that ignore your inputs? Are you someone who wants to drive real improvements into real products in an environment which has a strong organizational support for product security? The Senior Security Architect will provide product expertise in security to development teams throughout all phases of the SDLC: Support secure lifecycle process activities for cloud offerings, including security requirements, threat modeling, risk assessment, analysis of findings from penetration tests, and tools Partner with Product Security Leader/Architect to drive cloud application security principles based on Zero Trust Cloud Security Strategy Proactive collaboration with broader security teams to establish and mature security by design / default best practices, including process improvement, as well as expanding and updating security architecture and standardized requirements Provide product security related mentoring and security expertise to all teams in HCE Be a technical & hands-on leader to be a coach to Security Advocates, DevOps Architects and Software Architects to grow their cloud security skills WE VALUE Product architecture and development background Software engineering or development experience Secure software development lifecycle experience Familiarity of security regulations and standards Understanding of secure by design principles, architecture level security concepts and zero trust principles Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities Certifications in security such as Azure/AWS Certified Security Architect Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts 10+ years in software development or product security experience with 5+ years in developing or securing cloud products

The Advanced Cybersecurity Architect is responsible for providing application and system level security expertise and mentoring to Aerospace products. As an integral member of our global product security community, support product security activities aligned to the Secure Development Lifecycle process across Aero products. Key Responsibilities: Good understanding of Design Objectives DO-178B/C, DO-326A, DO-355, and DO-356A to support continuous Airworthiness of an aircraft from safety and security aspects. Experience in Certifying and meeting the compliance for the Embedded products that run in an Aircraft cockpit with Certifying Authorities like FAA, and EASA. Lead efforts with the development teams to manage product risk and apply the appropriate security controls. Experience in driving secure architecture by design, security risk assessment, defense-in-depth approach, multilayer security controls, identifying the gaps, and defining the remediation approach by using the security controls during the risk assessment. Expert in threat modeling of both Embedded products as well as web applications and effectively communicating the security risks to the program teams in advance. Experience in providing security architecture guidance and support to a large development organization to support security by design principles. Good understanding of Cryptographic principles, Hashing, Certificate Management, Symmetric, and Asymmetric algorithms. Drive best in class security requirements into product and service offerings. Provide architecture and best practices guidance in building secure Honeywell products. Support product security process activities including threat modeling, security requirements, security reviews, threat vulnerability assessments and risk management for Aerospace applications. Must have product architecture and development background with Secure software development lifecycle experience. Understanding of security by design principles and architecture level security concepts up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities Have experience in developing, securing, and driving security requirements recommendations for, Embedded & IIOT based Avionics Products, on RTOS platforms such as VxWorks, Deos., Experience with securing Commercial Cloud, Hybrid and private cloud deployed applications, Containers, and VMs, through secure configurations and performing periodic security reviews. Lead efforts in mentoring and training the engineering development community and facilitate adoption of shift-security-to-left practice Lead new initiatives that add value to SDL processes and procedures YOU MUST HAVE: Bachelor s degree or equivalent work experience in Cyber Security or Information Technology Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among stakeholders 6+ years Cyber Security or Information Technology experience WE VALUE: Understanding of Agile software development practices. Understanding DevsecOps and have a good working understanding of tooling specific to CI/CD pipelines and security tooling. Information Security accreditation (CISSP/CSSLP or other security related certifications) Developing secure systems, web application penetration testing or application security consultant Azure, AWS or GCP Security or Solutions Architecture certifications Experience with widely used security tools like SD Elements, BlackDuck Hub, Microsoft Threat modeling tool, SAST (Coverity, SonarQube), DAST (Burp, ZAP, AppSpider), Fuzzing, Vulnerability management and continuous monitoring tools Sound understanding of Cryptography, encryption algorithms, Public Key Infrastructure (PKI), Secure boot and Open-source risk management. An effective communicator with excellent relationship management skills and strong analytical, leadership, decision-making, and problem-solving skills. Ability to lead, motivate and direct a workgroup. Strong leadership and team-building skills. Manage stakeholders across business verticals & regions. Must be a Firm believer in continuous learning, upskilling the team competency on new-age skills and developing the capabilities of new technologies.

Transport is at the core of modern society. Imagine using your expertise to shape sustainable transport and infrastructure solutions for the future? If you seek to make a difference on a global scale, working with next-gen technologies and the sharpest collaborative teams, then we could be a perfect match. Job Description We, at Enterprise IT Security, are on a mission to secure the IT journey for the Volvo Group. We work closely together with stakeholders across several Business Areas (BAs), Truck Divisions (TDs), and Group Functions (GFs). While the BAs are responsible for driving the business, the TDs provide research, development, manufacturing and assembly. Within Volvo Group, the GFs own the Group agenda, provide strategic direction and have global responsibility. With Enterprise IT Security you will be part of Group Digital & IT (Group Function). A global and diverse team of highly skilled professionals who work with passion, trust each other and embrace change to stay ahead. About the role: As a Senior IT Security Officer, you will act as a senior subject matter expert (SME) supporting our global cybersecurity initiatives across Digital Product Security and Cloud Security domains. You will provide architectural guidance, perform design reviews, advise on secure development practices, and drive the implementation of robust, scalable, and compliant security controls. Key Responsibilities: Digital Product Security: Act as SME for Digital Product Security topics (ASPM, Governance, Strategy, etc.) Support threat modeling, secure design, and security architecture reviews Contribute to Application Security Governance, verification, and operational security controls Partner with product owners, developers, and architects to embed security early Communication: Clearly articulate the goals, and progress of security advisory initiatives to stakeholders at all levels. Develop and deliver presentations, reports, and updates to communicate security strategies and outcomes effectively. Foster an open communication environment that encourages feedback and collaboration among team members and stakeholders. Capability Building: Lead efforts to enhance the capabilities of the Digital Product Security, ensuring they are equipped with the necessary tools and knowledge. Collaboration and Integration: Work closely with the Heads of Advisory, Security Architecture and Governance function. Skills and knowledge: Strong understanding of cybersecurity principles, frameworks, and best practices Knowledge of digital product development processes and/or Application Security Deep understanding of security technologies and tools (e.g., firewalls, intrusion detection systems, encryption technologies). Risk Management: Skills in identifying, assessing, and mitigating security risks associated with digital products and services. Experience in conducting risk assessments and developing risk management plans. Stakeholder Engagement: Skills in negotiation and conflict resolution to address stakeholder concerns and align interests. Education and Experience: Bachelor s or master s degree in cyber security, information technology, Information Systems, Engineering, a related field or equivalent work experience. 10+ years experience in IT Operations, Security & Development or Architecture. Hiring manager - Daniel Moreland, Head of IT Security Advisory and Services Who we are and what we believe in We are committed to shaping the future landscape of efficient, safe, and sustainable transport solutions. Fulfilling our mission creates countless career opportunities for talents across the group s leading brands and entities. Applying to this job offers you the opportunity to join Volvo Group . Every day, you will be working with some of the sharpest and most creative brains in our field to be able to leave our society in better shape for the next generation. We are passionate about what we do, and we thrive on teamwork. We are almost 100,000 people united around the world by a culture of care, inclusiveness, and empowerment. Group Digital & IT is the hub for digital development within Volvo Group. Imagine yourself working with cutting-edge technologies in a global team, represented in more than 30 countries. We are dedicated to leading the way of tomorrow s transport solutions, guided by a strong customer mindset and high level of curiosity, both as individuals and as a team. Here, you will thrive in your career in an environment where your voice is heard and your ideas matter.

FS XSector Specialism Risk Management Level Senior Associate & Summary We are seeking a highly skilled Sailpoint Developer .If candidate has experience of 23 years, he/she must be Sailpoint Certified, above 3 years experience sailpoint certification is not mandatory but good to have. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purposeled and valuesdriven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . & Summary We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As an L3 Analyst/SOC Manager, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure . Guide L1 and L2 analysts in analyzing events and response activities. Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments. Ensure compliance with SLAs and contractual requirements , maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures. Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall , web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases. Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC. Mandatory skill sets Bachelor s degree ( minimum requirement). 2 8 years of experience in SOC operations. Experience analyzing malicious traffic and building detections. Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite , Mimikatz , Cobalt Strike, PowerSploit , Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NYDFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases. Preferred skill sets Strong communication skills, both written and oral. Experience with SMB and large enterprise clients. Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). Strong expertise in multiple SIEM tools and other SOC environment devices. Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Understanding of raw log formats of various security devices. Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Relevant certifications (CEH, CISA, CISM, etc.) . Strong work ethic and time management skills. Coachability and dedication to consistent improvement. Ability to mentor and encourage junior teammates. Knowledge of regex and parser creation. Ability to deploy SIEM solutions in customer environments. Years of experience required 2 12 + years Education qualification B.Tech Education Degrees/Field of Study required Bachelor of Engineering Degrees/Field of Study preferred Required Skills SoCs Optional Skills Accepting Feedback, Accepting Feedback, Access Control Models, Access Control System, Access Management, Active Listening, Analytical Thinking, Authorization Compliance, Authorization Management Systems, Azure Active Directory, Cloud Identity and Access Management (IAM), Communication, Creativity, CyberArk Management, Cybersecurity, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Federated Identity Management, ForgeRock Identity Platform, Identity and Access Management (IAM), IdentityBased Encryption, Identity Federation, Identity Governance Framework (IGF) {+ 22 more} No

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive. What Youll Do This position is with BCG information security team and as a security engineer you will be responsible for performing DAST and penetration testing across different products and systems. The role will require working closely with product development teams to ensure applications are built to BCG security standards and have robust and secure design and development. Working knowledge of SAST is good to have. Following are key responsibilities for this role: Perform security tests on web-based applications, Mobile applications, API s, Thick client-based applications, SAAS systems and networks. Keep up with the latest methods for ethical hacking and testing and are always evaluating new penetration testing tools. Regular follow up s on identified security issues with Development and infrastructure teams to ensure compliance with vulnerability management policy. Assist development teams in understanding security issues, relevant risk levels and its likelihood. Help them gain a long-term understanding of security and its usefulness while writing code. Enable development teams to build security throughout SDLC stages such as planning, designing, development, and testing as well as proactively work with development teams on security best practices. Liaise with application developers, security champions, architects, and project managers for improving application security posture and bring application security standard conformance across the enterprise. Maintain penetration testing scheduling calendar. Ensure 100% compliance with annual penetration testing criteria and policy. Keep a close eye on the web inventory and maintain records. Ability to perform network level penetration tests and SAST reviews is plus. Must be willing to collaborate with other team members such as security code review specialists, security architects to build a database of security learnings. Write technical penetration testing reports documenting security issues identified, their risk ratings along with countermeasures. What Youll Bring The desired candidate will have application security background with sound penetration testing tools and methodologies knowledge. Following are key skills for this role: Proficient in OWASP TOP 10 and SANS TOP 25 vulnerabilities. Strong technical knowledge of commercial and open-source Dynamic Application Security Testing tools and platform. Must know advantages, challenges, and limitation of using such tools. Must have knowledge of security in CI/CD, the security of CI/CD, and security outside of CI/CD concepts. Well aware of AWS Cloud Platform, Azure, GCP, Docker, Kubernetes, and bringing security tooling to DevOps. Should have knowledge of languages/Frameworks (JavaScript, Java, .NET, Nodejs, Angular, Technologies supporting SPA) and advice teams on secure coding guidelines. CEH and OSCP certification is a huge plus. Who Youll Work With You will work in a fast-paced, intellectually intense, service-oriented environment to protect our applications and information systems. You will be a part of a team of security architects, and security professionals working in support of consultants delivering business and management strategy to our clients through these applications and systems. You will work with application developers, data analysts, and system owners providing information security for applications and systems. Additional info YOU RE GOOD AT This role will work with various teams and functions and have teams which are responsible for developing application and products along with Information Security Risk Management (ISRM) as major stakeholders. This role will be change and communication intensive, requiring short and long term engagement with business and technology owners across BCG. The following key attributes will help you be successful at the job: Be a strong believer of application security at speed to unblock product s speed to market requirements. Ability to explain complex security topics in business and plain language. Demonstrate identified security issues to various stakeholders Ability to persuade and negotiate risks as per organisation risk appetite Good reasoning and analytical approach, ability to create mental visuals, and comfortable in dealing with ambiguity Attitude to remove roadblocks and enable teams to meet their objectives Understanding of GDPR privacy by design. ",

Dev Support Engineer We are looking for a skilled Workday Dev BAU Support Engineer to join our DAMO team. This role involves troubleshooting and maintaining backend applications, managing cloud resources, ensuring security compliance, and supporting automation pipelines. The ideal candidate should have experience with Node.js, Google Cloud Platform (GCP), and security tools, along with a strong problem-solving mindset. Responsibilities Debug and troubleshoot Node.js backend applications using console logs and monitoring tools. Manage and establish secure connections between Node.js applications and GCP using service accounts, SSH, and shell scripting. Work with various GCP resources, including App Engine, Datastore, Cloud Scheduler, BigQuery, and Secret Manager. Monitor and analyze GCP notifications for hosted applications, identifying and resolving issues proactively. Investigate InfoSec vulnerability alerts and leverage GCP Security Command Center for security analysis. Ensure application security by working with tools such as Wiz and Snyk to detect and remediate vulnerabilities. Understand and support CircleCI pipelines for continuous integration and deployment. Work with the NEO platform, including token generation, subscription management, and replaying events. Qualifications Experience: 4+ years of experience in Level 2 or Level 3 technical support, with a strong focus on Workday. Experience in Node.js application development and debugging. Hands-on experience with GCP services, including authentication and resource management. Strong knowledge of CI/CD pipelines, especially CircleCI. Familiarity with security tools such as Wiz, Snyk, and GCP Security Command Center. Ability to analyze and respond to cloud security alerts and notifications. Soft Skills: Excellent problem-solving skills with the ability to analyze and resolve complex issues. Strong communication skills to interact effectively with technical teams and business users. Ability to work independently and as part of a team in a fast-paced environment. Strong documentation skills to ensure knowledge sharing and process standardization.

Design and implement security controls for products throughout the SDLC. Perform threat modeling, security reviews, and vulnerability assessments. Collaborate with development teams to integrate security best practices. Respond to, investigate, and remediate security incidents related to products. Develop and maintain security automation tools and scripts. Conduct secure code reviews and penetration testing. Research and evaluate emerging security technologies and threats. Create and deliver developer training on secure coding practices. Document security guidelines, standards, and compliance requirements. Communicate risks and mitigation strategies to technical and non-technical stakeholders. Requirements Bachelors degree in Computer Science, Information Security, or a related field. Strong experience in application security, threat modeling, and vulnerability assessment. Proficiency in secure coding practices and common security tools (e.g., SAST, DAST). Familiarity with SDLC, DevSecOps, and cloud security principles. Excellent communication skills and ability to collaborate across teams.

Responsibilities : Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web, Android, iOS, and API endpoints Perform Threat Modelling & anticipate potential attack vectors and improve security architecture on complex or cross-functional components Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities Conduct secure code reviews and red team assessments Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines Automate security checks using tools like SonarQube, Snyk, Trivy, etc. Maintain and manage vulnerability scanning infrastructure Perform security assessments of AWS, Azure, and GCP environments, with an emphasis on container security, particularly for Docker and Kubernetes. Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines Triage bug bounty reports and coordinate remediation with engineering teams Act as the primary responder for external security disclosures Maintain documentation and metrics related to bug bounty and penetration testing activities Collaborate with developers and architects to ensure secure design decisions Lead security design reviews for new features and products Provide actionable risk assessments and mitigation plans to stakeholders Required Skills & Experience: 5 - 8 years of solid hands-on experience in the VAPT domain Solid understanding of Web, Android, and iOS application security Experience with DevSecOps tools and integrating security into CI/CD Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models Familiarity with bug bounty programs and responsible disclosure practices Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov..etc Good knowledge of API security Scripting experience (Python, Bash, or similar) for automation tasks Preferred Qualifications: OSCP, CEH, AWS Security Specialty, or similar certifications Experience working in a regulated environment (e.g., FinTech, InsurTech)

Apply now Apply now Apply Now Start applying with LinkedIn Start Please wait... Technical Lead GRC & Authorizations Date: May 27, 2025 Location: Bangalore, IN Company: Bekaert NV Be part of something bigger! As the world and the way people live is changing, we at Bekaert believe it s our responsibility to contribute to finding new solutions for the future. With a 140+ year old heritage of excellence, innovation, and a future-focused mindset, we strive to create value for our customers and society. We aim to do this through innovative solutions and sustainable practices. We are committed to pushing the boundaries of steel wire transformation and coatings whilst also leveraging our expertise to develop innovative solutions with new materials and services in a safe, smart, and sustainable way. Our focus extends to markets such as new mobility, low-carbon construction, and green energy. As a dynamic and growing company with over 24 000 employees worldwide, 75 nationalities, a retention rate above 90% and almost 5.3 billion in combined revenue in 2023, we are looking for someone like you to join our team as we continue to shape a safer, more efficient, and connected world! Purpose of the Role Bekaert organization is continuously considering application security as a priority. You will join us as Technical Lead GRC & Authorizations to provide technical expertise in design and practices related to the SAP GRC & Authorizations within the enterprise. As Technical Lead GRC & Authorizations you will work along with GRC Architect to define the architecture guidelines, standards and solutions that support the business strategy, business outcomes and needs. And to ensure SAP systems are secured with appropriate user level authorizations. Roles and Responsibilities You will work closely with Solution Architects in designing, implementing and sustaining SAP security solutions, including how to handle security risks in new technology, e.g. S/4 HANA, SAAS, SAC, SuccessFactors etc. You would be required to provide technical expertise in different area ranging from audits, advisory work, roll-out of SAP authorisations. You will work closely with Development and Functional team to review the custom code from security perspective. You will troubleshoot, provide your expertise, and participate in the daily operational activities of the GRC & authorizations team. You will coordinate and work together with partner resources to deliver the security elements of enhancements and upgrades with accountability for clearing roadblocks and ensuring timely and quality delivery of security requirements. You will resolve customer complaints/technical issues in collaboration with support team. You will assist in management of technical changes through the landscape, responsibility for quality and assurance that control points are satisfied. You will work closely with Internal Controls team in ensuring adherence of compliance protocols for all kind of SAP Security and GRC related tasks. And will assist them during audits, UAR and other routine Internal Controls tasks. Essential skills & competencies Bachelors degree in computer science, information-technology, system analysis or a related study, or equivalent experience 8-10 years of overall experience in SAP Security & GRC, minimum 3+ years of experience in security design. Expertise in security configuration, processes, and standard methodologies in ERP systems. SAP ECC, SAP S/4 Hana, Fiori, GRC AC 12.0 are strongly preferred. Experience in GRC 12.0 Access request management, Access risk review, Emergency access management, Business role management and User access review are preferred. Good understanding of SOD, mitigation, and remediation concept. Analyse, understand, and improve tools and processes to enhance the effectiveness and efficiency of implementing GRC & Authorizations. Familiar with different compliance requirements such as SoX, GDPR and ITGC. SAP S/4 Hana certification in security and knowledge of BTP, IAS , IPS and IAG, setup will be considered a plus. Experienced in leading a team and coordinating with multiple stakeholders for smooth operations and enhancements . Be bold and take the leap! Our Digital Advanced Solutions (ADS) team is a dynamic group of technologists from around the globe who consistently push boundaries in digital innovation, cyber resilience, data science, intelligent automation, cloud solutions, and new agile methodologies. It is also good to know tht at Bekaert, we celebrate diversity and are committed to creating an inclusive work environment. We do not discriminate based on race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. Want to learn more about our digital opportunities? Visit Bekaert Careers Job Segment: Sustainability, Environmental Engineering, Computer Science, Developer, Energy, Customer Service, Engineering, Technology Apply now

7+ years hands on development and implementation experience of complex Java(Frontend & Backend) technologies. Hands on experience in React Good understanding of DevSecOps and engineering practices like TDD, automation testing etc. Experience with core Java, J2EE,Spring,microservices, Frameworks, core design patterns & J2EE design patterns and object oriented design concepts. Hands on experience in Application testing, integrations and CICD activities by following best practices. Application security concepts, integrations and their error handling. Knowledge of cloud based solutions, especially AWS. Provide analytical and technical support to development team. Research new technologies and features to effectively deliver system solutions to ensure a stable system for our customers and dealers Collaborate with the team and help develop new team members Analyze business requirements and ensure that the overall solutions can meet the needs Communicate and provide regular status updates. Experience documenting technical specifications Good communication skills.

Position Summary We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies, ? Key Roles & Responsibilities Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises, Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews, Perform manual security assessments for web applications, APIs, and client-server applications, Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration, Develop and execute custom attack payloads using tools and scripts, Assess physical security controls and implement social engineering assessments when required, Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell, Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit, Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements, Preferred Qualification Preferred Certifications (Not Mandatory): OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO, Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API), 2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains, Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM, Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc Basic ability to write automation scripts (Bash or Python), Understanding of threat modeling and secure coding practices, Strong understanding of TTPs, threat modeling, and secure coding practices, Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques, Basic Qualifications Education: BE/MCA or University degree/Equivalent Experience: Required: 2 5 years, Excellent communication and collaboration skills,

The role supports full end to end software development cycle, from initial client engagement, through assessments and road-mapping, to longer term engagement in an advisory capacity. As an Application Security Consultants, the person should leverage the technical expertise of the security competencies, varied product and delivery capabilities Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Manage SaaS application configuration settings, integrations Build compliance requirements and SaaS Application security baselines. Perform continuous monitoring of applications identifying security vulnerabilities and address through remediation efforts Preferred technical and professional experience Validate and maintain incident response plans and processes to address potential threats Determine risks and remediation options with implemented SaaS applications Evaluate new applications to ensure implementation can meet security baselines

We're Looking For: We are seeking an Associate Application Security Engineer with experience in application security and threat mitigation. You will be part of the Cyber Security Team responsible for enhancing Amitis information security program. You will be involved in establishing threat plans, recommending security tools, and collaborating with cross-functional teams to implement security solutions. In this role, you will have the opportunity to use your experience in secure coding practices and vulnerability management. The ideal candidate will have 4 to 5 years of IT, Security experience or a Bachelors Degree in Computer Science or related field. You Are: Detail-oriented. You will evaluate and mitigate security threats to safeguard applications and data effectively. Adaptable . You will navigate technical complexities to provide tier-I support for production systems. Analytical . You will continually seek improvements in our security stack and implement streamlined security integration efforts. Collaborative. You will actively engage with diverse teams to promote a culture of security awareness and best practices. A Problem Solver. You will assess complex security challenges, identify root causes, and proper effective solutions. You Will: Establish threat plans and recommend security tools. Collaborate with cross-functional teams to implement security solutions. Review and consult on secure coding flaws. Conduct regular security assessments and audits to ensure compliance with industry standards and regulations. Develop and deliver comprehensive security training programs for employees to enhance their understanding of potential threats and preventive measures. Who You Will Work With: Reporting to the Office of the CISO, this role will collaborate with development teams, management, and other cybersecurity professionals on a regular basis. Other key interactions/exposure: Regulatory bodies, internal standards committees. Must Haves: Bachelor’s Degree in Computer Science/ related field or 4 to 5 years of IT/ Security experience Experience in application security, vulnerability management, and secure coding practices. Nice to Have’s: Security certifications (CISSP, OSCP, etc.) Volunteer work in the open source/OWASP and/or local IT/InfoSec community.

Project Role : Application Lead Project Role Description : Lead the effort to design, build and configure applications, acting as the primary point of contact. Must have skills : Solution Architecture Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Application Lead, you will lead the effort to design, build, and configure applications, acting as the primary point of contact. You will be responsible for overseeing the entire application development process and ensuring its successful implementation. This role requires strong leadership skills and the ability to collaborate with cross-functional teams to deliver high-quality solutions. Roles & Responsibilities:- Expected to be an SME, collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Lead the effort to design, build, and configure applications.- Act as the primary point of contact for application-related matters.- Oversee the entire application development process.- Ensure successful implementation of applications. Professional & Technical Skills: - Must To Have Skills: Proficiency in Solution Architecture.- Strong understanding of software development principles and practices.- Experience in designing and implementing scalable and reliable applications.- Knowledge of various programming languages and frameworks.- Familiarity with cloud technologies and services.- Good To Have Skills: Experience with application security.- Recommendation:Familiarity with agile methodologies. Additional Information:- The candidate should have a minimum of 7.5 years of experience in Solution Architecture.- This position is based at our Bengaluru office.- A 15 years full-time education is required. Qualification 15 years full time education

Requirement of Web Application Security, Mobile Application Security and Api Having deep Knowledge Application Security

Job Requirements Should have at least 5 years of professional experience in application security or a related field. Proven expertise in web and mobile security architecture, frameworks, and testing methodologies (e.g., OWASP Top 10). Extensive hands-on experience with implementing and scaling DevSecOps practices across CI/CD pipelines. Proficient in at least one programming and one scripting language, with the ability to review and guide secure coding practices. Experience working with bug bounty programs or vulnerability disclosure platforms is a strong plus. Ability to lead security reviews, influence engineering teams, and mentor junior security professionals is highly valued.

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love, Product Security at Toast isn't just about running tools and reporting vulnerabilities we're the vigilant chefs ensuring the Toast never gets burned We bake security into every layer of our products, from the first sprinkle of an idea to the final serving of a fully-baked solution Our team is the secret ingredient that makes Toast's digital recipe both delicious and secure We collaborate closely with R&D, seasoning the development process with robust security measures that protect the services and applications our customers rely on to run their businesses, Like master chefs, we blend cutting-edge technology with strategic thinking, kneading security into the dough of every product we create By joining our Product Security team, you'll be part of the kitchen crew that keeps our customers' trust from going stale You'll tackle complex challenges that have real-world impact, helping to serve up a safer, more secure digital experience for businesses that count on Toast every day It's not just about finding vulnerabilities it's about crafting a recipe for digital trust that keeps our customers coming back for more, About this roll(Responsibilities) Identify, triage, and provide remediation guidance for application vulnerabilities, Select, implement, design, or build tools to thwart attacks of all shapes and sizes, Improve developer tooling and adoption to build a more robust SSDLC, Practice a #OneTeam attitude to help other Toast teams make informed, security-conscious decisions when building new software, Support and expand the Security Champions program, providing edge security guidance and training, Assist incident response teams with application security expertise and tools, Think like an attacker to identify weaknesses in application architecture, In addition: Support Cloud and Network Infrastructure Engineering's implementation of edge security solutions, Influence the implementation and rule maintenance of our WAF strategy and other edge security solutions, Advise on WAF rules and policies to protect against common and emerging threats, Conduct regular assessments of our edge security posture and recommend improvements, Provide expertise on Content Delivery Networks (CDNs) and their security features, Do you have the right ingredients*(Requirements) 5+ years of experience in application security Strong knowledge of common web application vulnerabilities and edge-based attack vectors, Proficiency in analyzing web traffic patterns and identifying anomalies, Knowledge of compliance standards relevant to the financial industry (e-g, PCI DSS, SOC 2), Excellent problem-solving skills and ability to think creatively about edge security challenges, Strong communication skills, with the ability to explain complex edge security concepts to both technical and non-technical audiences, Strong understanding of cloud application architecture and common weaknesses, Special Sauce(Nonessential Skills/Nice to Haves) Experience with: Understanding of WAF configuration, tuning, and optimization, Popular WAF solutions (e-g, AWS WAF, Cloudflare, Akamai, ModSecurity), Familiarity with CDN technologies and their security features, Cloud and container security technologies and SSDLC tooling (e-g SAST/DAST/SCA) Infrastructure-as-code (IaC) technologies like Terraform to manage cloud security services Securing financial technologies Relevant security certifications (e-g, CCSP, CISSP, CSSLP) are a plus Diversity, Equity, and Inclusion is Baked into our Recipe for Success At Toast, our employees are our secret ingredientwhen they thrive, we thrive The restaurant industry is one of the most diverse, and we embrace that diversity with authenticity, inclusivity, respect, and humility By embedding these principles into our culture and design, we create equitable opportunities for all and raise the bar in delivering exceptional experiences, We Thrive Together We embrace a hybrid work model that fosters in-person collaboration while valuing individual needs Our goal is to build a strong culture of connection as we work together to empower the restaurant community

Position Overview: This role is focused on hands-on implementation of security solutions within AWS environments. It is ideal for individuals with strong practical experience in cloud security, networking, and application security. Core Responsibilities: AWS Security Services Implementation: Deploy and manage core AWS security services like IAM, KMS, CloudHSM, AWS Organizations, Web Application Firewall (WAF), AWS Network Firewall, and Gateway Load Balancer (GWLB) based Security Appliances. Configure and optimize security features to meet organizational security requirements. Network Security: Design and implement secure VPC architectures, including subnets, routing, and firewall configurations. Hands-on experience with firewalls, network segmentation, and security group management in AWS. Identity & Access Management (IAM): Strong expertise in IAM roles, policies, and AWS Service Control Policies (SCPs). Implement security best practices for role-based access control (RBAC) and least privilege principles. Application Security: Integrate with identity providers such as Active Directory and Okta. Secure application architectures, focusing on authentication, authorization, and data protection. Security Monitoring & Incident Response: Utilize AWS GuardDuty, CloudTrail, and other monitoring tools for threat detection and incident response. Implement security logging and audit trails to maintain compliance with internal policies. Key Requirements: Hands-on AWS Security Expertise: Proven experience in implementing and managing AWS security services. Network Security Knowledge: Strong understanding of subnetting, routing, firewalls, and secure network design in the cloud. Active Directory Experience: Essential for integrating with enterprise identity systems. IAM & SCP Expertise: Deep knowledge of AWS IAM, Service Control Policies, and security governance. Not an InfoSec or Audit Role: This is a technical, hands-on position focusing on practical security implementation, not compliance audits or theoretical security reviews. Preferred Skills: Cloud Security Certifications: AWS Certified Security Specialty, AWS Certified Solutions Architect, or similar. Application Security Knowledge: Experience with secure application frameworks and identity federation. Automation & Scripting: Familiarity with infrastructure as code (IaC) tools like Terraform or CloudFormation. Keywords IAM,KMS,Cloud HSM,Application Security,IaC,CloudFormation,AWS*

To provide business application implementation, on- going support and continuous improvement on all project construction areas using Oracle application and technology platform as a functional expertise to ensure the business operation runs smoothly, efficiently and effective by taking the advantages of innovative technology solutions and best practices. Required Skills And Experience 5+ years in Projects Functional role, Experience minimum 1 end to end implementation life cycle for Oracle HCM Project and expertise in Security Roles & Permissions Very good on communication, influence skills, business result oriented and managing customer/ user expectation. Good Understanding HCM modules (Absence, Compensation, Core HR, Recruiting, Talent Management, Learning, and Time & Labour), close cooperation with the clients business teams Demonstrate an understanding of business processes designs, cloud security risk, Oracle application security and risk management cloud Independently gather and analyze security requirements to tailor solutions that meet client needs Experience in implementing role-based access controls (RBAC), Oracle Cloud Quarterly patch analysis and regression testing, supporting Software Development Life Cycle (SDLC) including configuration in lower environments, migration, and QA, reviewing, audit end user accounts,permissions, and access rights, performing segregation of duties (SOD) and mitigating risks. Manage user provisioning, de-provisioning, and transitions to ensure seamless access control. Experience in monitoring and troubleshooting incidents, performing license analysis, regression testing for patch releases, and supporting audit requirements. Experience in coordinating with development teams, functional teams, business leads, information security & risk management teams. Conduct security audits and compliance checks to identify and mitigate potential vulnerabilities. Provide training and support to users on new security policies and procedures. Stay updated with the latest security trends, tools, and technologies in Oracle Cloud environments. Configures the system, tests the solution with users Provides user training Supports cutover and stabilizes the solution, provides post go-live support Preferred Qualifications Bachelos;s degree in a relevant technology field

Role - Network Penetration Testing Location : Bangalore (JP Nagar), Navi Mumbai (Mahape) Experience: 3+ years Highest Qualification: Any Full Time Graduate Job Responsibilities: The candidate is expected to execute manage multiple complex and enterprise application security testing projects The candidate is expected to complete projects on time, coordinate with client stakeholders for issues and challenges, track delays, etc. The candidate is expected to gain in-depth knowledge and understanding of enterprise web applications and web services developed in various languages (i.e. Java, ASP.NET, ReactJS, etc.) The candidate will be involved in application architecture understanding, threat identification, vulnerability identification and control analysis The candidate is expected to identify and infer the business risk posed by vulnerabilities identified and showcase prioritization of risks including solution recommendations The candidate is expected to engage with both business and technical teams within and outside the organization from a project scope definition, project execution, project closure and post project support perspectives The candidate is expected to mentor and train junior resources with focus on enhancing their skill sets The candidate is expected to monitor their team members adherence to established security testing processes and organizations policies and procedures The candidate is expected to conduct project reviews to ensure a thorough testing is conducted by the team The candidate is expected to perform technical reviews to identify errors and suggest changes to ensure highest quality of the deliverables The candidate is expected to identify new test cases and develop techniques to test and showcase proof of concept The candidate is expected to track errors made by the engineers and develop an improvement plan for them The candidate should be open for onsite deployments anywhere across the world as business demands Required skill set: 4+ years of Application Security Testing Experience Expertise in web application security testing Expertise in web services security testing Experience in application architecture review Experience in network infrastructure security testing Ability to handle difficult situations and to provide alternative solutions or workarounds Experience in training and mentoring other team members Good verbal and written communication skills with the ability to talk to both business teams and technical teams .