116 Appscan Jobs - Page 2

Conduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabilities. Stay Updated: Keeping abreast of the latest security threats, vulnerabilities, and industry best practices. Test Various Application Types: Performing security assessments on web applications, mobile applications, APIs (REST, SOAP, XML, JSON), and potentially cloud-based services. Understand Security Standards and Frameworks: Familiarity with OWASP, NIST, ISO 27001, PCI DSS, and other relevant standards is crucial. Use Security Testing Tools: Proficiency in tools like Burp Suite, OWASP ZAP, Nmap, Nessus, AppScan, Acunetix, Veracode, CheckMarx, etc. Responsibilities: The responsibilities cover the full range of testing work, from websites, mobile apps, and infrastructure testing to social engineering. In this role, the candidate is expected to: test software and hosted platforms, to identify vulnerabilities Carry out penetration testing of web applications, mobile applications, and internal infrastructure analyze code to assess its level of security and to find specific vulnerabilities Manage the security testing process perform complex simulated attacks on networks or systems Stay updated with the latest threats/vulnerabilities produce written technical reports along with an executive summary to a professional standard Research potential vulnerabilities formally brief clients and colleagues Understanding the role of AIML in cybersecurity Qualification: Minimum 3 to 5 years hands-on experience in SAST, DAST, VAPT Certifications like CEH, CompTIA Security+, and OSCP will be considered and added advantages. Familiarity with SAST, DAST, and IAST tools Understanding of Red/Blue teaming and threat hunting

Information Protection Analyst - HIH - Evernorth Job Description Summary The Information Protection Analyst - Penetration Testing , is responsible for conducting vulnerability assessments, threat modeling, penetration tests of Cigna’s IT infrastructure and applications. This role will work closely with the Information Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cigna’s systems, using both manual and automated methods. About Cigna Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don’t just care about your well–being, we care about your career health too. That’s why, when you work with us, you can count on a different kind of career – you’ll make a difference, learn a ton, and share in changing the way people think about healthcare. Responsibilities Execute internal and external penetration tests against corporate web applications, APIs, networks, infrastructure and operating systems in order to discover vulnerabilities. Execute mobile application penetration tests for both Android and iOS based devices. Execute penetration tests in cloud-hosted environments. Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation, and communicate risk findings with development and infrastructure teams. Develop scripts, tools, or methodologies to enhance Cigna’s penetration testing processes. Work as part of a team to identify risks, communicate to key stakeholders, and provide value to the organization. Skills required Demonstrated ability to work as both an individual contributor and a team player in a fast paced environment. Coordinate with people and teams to forecast activity completion and the ability to work in a team environment, sharing workloads and responsibilities. Knowledge of Windows and *nix-based operating systems. Understanding of core Internet protocols (e.g. TCP, UDP, DNS, HTTP, TLS, IPsec) and the OSI model. Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.). Understanding of Cloud environments such as SaaS, PaaS and IaaS. Basic exploit development and validation skills. Proficiency in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.). Proficiency in network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.) Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET). Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments. Knowledge of networking fundamentals and common attacks. Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell.) Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C). Ability to analyze vulnerabilities and misconfigurations, appropriately characterize threats, and provide remediation recommendations. Qualifications High School diploma; Bachelor's degree preferred. 1-3 years of penetration testing experience. Passionate about security and finding new ways to break into systems, as well as defend them. Strong analytical and problem solving skills, with the ability to “think outside the box”. Ability to work in a flexible environment where requirements and procedures continuously evolve. Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences. About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Noida,Uttar Pradesh,India Job ID 763123 Join our Team Our Exciting Opportunity We are now looking for a Security Engineer professional. This job role is responsible for tracking, coordination, support, management, and execution of security related activities to ensure that services provided to customers are continuously available and performing to Service Level Agreement (SLA) performance levels. What you will do, Incident Management Respond after hours (on-call support) Coordinate and conduct event collection, log management, event management, and compliance automation Respond to day-to-day security change requests related to security operations Conduct security research and intelligence gathering on emerging threats and exploits Create new rules based on identified scenarios Perform postmortem analysis on logs, traffic flows, and other activities to identify malicious activity Security analysis (networking devices and operating systems, endpoint analysis, network attacks) Work with the various Technical Authority teams to respond to and resolve security incidents effectively and quickly Provide Root Cause Analysis for security incidents, and outages / impairments related to security tools Administer authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets Tools Integration Integration of nodes to security tools (SIEM, VA, IAM, etc.) Deploy content (policies, signatures, parsers or rules) for the security infrastructure Vendor Communications Work with SIEM, IPS/IDS, IAM vendors for application related issues Process Improvement Mentor level 1 analysts to improve detection capability within the SOC Prepare Use Cases & MOPs on identified scenarios Create, maintain and improve technical operational work instructions Drive continuous process improvements by providing inputs on the current processes and possible improvement opportunities Governance and Reporting Business intelligence reporting based on SOC and customer needs Identify and report risks related to security Perform periodic reporting and when applicable, present to management and/or the customer’s security team To be successful in this role, you must have: Strong knowledge of information security Working knowledge of SIEM tools (such as McAfee ESM, QRadar, ArcSight, Splunk, etc.), scanning tools (Nessus, Qualys, IBM AppScan, etc.) and PAM tools (BeyondTrust, CyberArk, etc.) Knowledge of both Linux-based and MS Windows-based system platforms with a strong technical understanding and aptitude for analytical problem-solving Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks, along with available security controls (technical & process controls) for respective layers Key Qualifications: Graduate in Computer Science or similar 5 to 11 years' experience with at least 2 years of experience in IT and 2 years in security ITIL certification, CCSP, OSCP, Security +, CCNA Security or similar will be an advantage

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : DevSecOps Good to have skills : NA Minimum 7.5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: To play a key role in enabling successful project delivery across multiple projects. This role expects you to specialize in a range of security domains, including penetration testing, dynamic and static application security testing, software composition analysis, security architecture review and container security. Additionally, you provide comprehensive support in vulnerability management, service monitoring, and DevSecOps practices. Roles & Responsibilities: -Should have hands-on experience and knowledge of manual and automated penetration testing on the web, mobile and cloud-based applications. -Should have hands-on experience and knowledge of DAST (Dynamic Application Security Testing) to identify runtime vulnerabilities in staging and production environments. -Should have hands-on experience and knowledge of SAST (Static Application Security Testing) for early-stage source code and binary analysis. -Should have hands-on experience and knowledge of SCA (Software Composition Analysis) to detect open-source risks and license compliance issues. -Should have hands-on experience and knowledge of executing SAR (Security Architecture Review) of complex and cloud-based application and should be able to strategize risk remediation with the stakeholders or Security Architect. -Should have hands-on experience and knowledge of integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI). -Should have hands-on experience and knowledge of enforcing policy-as-code, shift-left security testing, and secure code delivery practices and automate security checks for container images and Kubernetes workloads. -Should be able to scan and harden docker containers using industry-standard tools. -Should be able to monitor vulnerabilities in container registries and orchestrators (e.g., Kubernetes, ECS). -Skilled in communicating security findings to technical and non-technical stakeholders. -Contribute to secure architecture reviews, risk assessments, and compliance initiatives. -Should be able to manage clients and various stakeholders. Should be a good people manager and should have experience of people and project management. Professional & Technical Skills: Tools & Technologies:Pentest Tools: Burp Suite Pro, OWASP ZAP, Nmap, Postman, Kali Linux,DAST/SAST/SCA: Fortify, Checkmarx, Veracode, Coverity, AppScan, Black Duck, Snyk,DevSecOps: GitHub Actions, Jenkins, GitLab, Docker, Kubernetes,VM Tools: Qualys, Tenable, ThreadFix,Monitoring: ServiceNow, Jira, Confluence -Should be able to collaborate with infrastructure and DevOps teams to secure cloud-native deployments. -Should be able to identify, triage, and manage vulnerabilities using centralized platforms (e.g., ThreadFix). -Should track vulnerability lifecycle from detection through remediation and reporting. -Should support real-time service monitoring to maintain system integrity and threat detection coverage. Additional Information: - The candidate should have minimum 7.5 years of experience in DevSecOps. - This position is based at our Gurugram office. - A 15 years full time education is required.

Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design. Key responsibilities Plan the penetration test Select, design and create appropriate tools for testing Perform the penetration test on computer systems, networks, web-based and mobile applications Document your methodologies, findings Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs. Review your findings and feedback to development teams Analyse the outcomes and make recommendations for security improvements Carry out application, network, systems and infrastructure penetration tests Review physical security and perform social engineering tests where appropriate Evaluate and select from a range of penetration testing tools Keep up to date with latest testing and ethical hacking methods Deploy the testing methodology and collect data Report on findings to a range of stakeholders Make suggestions for security improvements Enhance existing methodology material Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Experience – More than 5years in Cybersecurity Web Application Testing Basic understanding of HTTP Protocol HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc. Basic understanding of HTML/JavaScript Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities Automated Testing Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.) Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan. Assessment of scanner results and intelligently identifying false positives from the scan results. Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender. Manual Testing. Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing. Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities. Preferred Professional and Technical Expertise : Webservice Testing SOAP/REST APIs testing. Configuring cURL commands and POSTMAN tool to capture the request in automated scanner. Network Testing Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc. Basic understanding of network devices like router, switches, firewall/IDS/IPS etc.. Network scanning tools such as Nessus, Nmap, Metasploit etc. Exploitation and Post Exploitation of network vulnerabilities. Threat Model and Source code security scanning Perform/Participate in threat model creation/design or review Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools. Preferred technical and professional experience Security Certifications Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc

Your Role and Responsibilities ConductVulnerability Assessment & Penetration Testing (VAPT) for web applications, APIs, and networks. Analyze and identify security vulnerabilities, ensuring alignment withOWASP Top 10 andsecure coding best practices. Provide security requirement analysis for applications. Offerrisk mitigation planning, vulnerability remediation recommendations, compliance guidance, and metrics reporting. Plan and coordinateNetwork & Application Security testing. Utilize security testing tools such asBurp Suite, Kali-Linux, AppScan, Nessus. Generate and share reports with customers usingMS Office tools. Collaborate with teams to enhance security implementations and provide best practice recommendations. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3-4 years of demonstrating experience in planning and executing VA & penetration tests exercises against web applications, APIs, Network. Minimum 3+ years of experience in Network and Application Security Proficient in Secure coding best practices and OWASP TOP 10 vulnerabilities Experience in security requirements analysis for application Experience in security requirement implementation recommendations & guidance Prior experience in Network & Application Security Test planning & coordination Experience in Application risk mitigation planning, Vulnerabilities remediation recommendation & guidance, Compliance & Metrics reporting Preferred technical and professional experience Industry certifications such asCEH/OSCP or equivalent preferred. Familiarity withsecurity standards (OWASP, SANS, ISO).

KPMG entities in India are professional services firm(s) affiliated with KPMG International Limited, established in August 1993. Our professionals leverage the global network of firms, understanding local laws, regulations, markets, and competition. With offices across India, in cities like Ahmedabad, Bengaluru, Mumbai, and more, we offer services to national and international clients across various sectors. Our focus is on delivering rapid, performance-based, industry-focused, and technology-enabled services, showcasing our understanding of global and local industries and the Indian business environment. As a Security Code Reviewer at KPMG in India, your primary responsibilities will include performing manual security code reviews for common programming languages such as Java and .NET. You will also be tasked with conducting automated testing of running applications and static code using tools like SAST and DAST. Additionally, you will be required to perform manual application penetration tests on various platforms like web applications, internal applications, APIs, and networks to identify and exploit vulnerabilities. The ideal candidate should have at least 6 months of formal programming experience in Java or C#, and possess 4 to 8 years of overall experience in the field. It would be advantageous to have one or more major ethical hacking certifications such as GWAPT, CREST, OSCP, OSWE, or OSWA. Providing technical leadership and guidance to team members, communicating effectively with both technical and non-technical audiences, and collaborating with Cyber teams to develop new testing techniques are also key aspects of this role. Moreover, having a minimum of three years of recent experience working with security testing tools like AppScan, NetsSparker, Acunetix, Checkmarx, BurpSuite, and others will be beneficial. This position offers equal employment opportunities and encourages individuals with a passion for cybersecurity to apply and contribute to our dynamic team at KPMG in India.,

Roles & responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Experience in one or more of the following is a plus: mobile application testing, Web application pen testing, application architecture, and business logic analysis. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatorytechnical & functional skills Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in the development of web applications and/or APIs. should be able to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred: GWAPT, CREST, OSCP, OSWE, OSWA

Greetings from "HCL Software" "HCL Software”: - Is a Product Development Division of HCL Tech: That operates its primary Software business. At HCL Software we Develop, Market, Sell and Support over 20 Product families in the areas of Customer Experience, Digital Solutions, Secure DevOps, Security & Automation. We have offices and labs around the world to serve thousands of customers. Our mission is to drive customer success with our relentless product innovation at more than 20,000 organizations in every region of the world - including more than half of the Fortune 1000 and Global 2000 companies. We are looking for a Sr. DevOps Engineer position within our Product team. We are looking for candidates with 5+ years of experience who possess the following skills: About the Role We are seeking a skilled DevOps Engineer to manage and enhance installation and deployment processes for AppScan 360 . This role focuses on maintaining existing installers, developing new ones, and contributing to core platform improvements. You will leverage automation, CI/CD pipelines, and configuration management to ensure efficient and scalable deployments. Required Skills & Qualifications 5+ years of experience in DevOps or software installation packaging. Expertise in installer creation and automation (e.g., InstallShield, MSI, NSIS). Experience with VM provisioning and automation. Proficiency in CI/CD tools (Jenkins, GitLab CI, Azure DevOps). Strong scripting skills (Bash, Python, PowerShell). Familiarity with infrastructure as code (IaC) tools like Terraform. Knowledge of Windows and Linux environments. Ability to troubleshoot complex installation and deployment issues. Strong communication and collaboration skills. Location: (Remote/Hybrid). Key Responsibilities Own and improve existing installers , ensuring seamless operation. Develop, maintain, and integrate new installers for AppScan 360 with a focus on efficiency and scalability. Automate installation and deployment processes. Collaborate with engineering and product teams to ensure smooth integration. Develop and maintain CI/CD pipelines to streamline releases. Implement configuration management and automated VM-based deployments. Troubleshoot and resolve installation and deployment issues. Contribute to core platform development, driving innovation and efficiency. Maintain comprehensive documentation for installation, deployment, and DevOps workflows.

Job Title: WebPT P1 - Consultant Location: Bangalore & Pune (Hybrid Role) Contract Duration: 6 Months Roles & Responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Conduct manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: Web applications Internal applications APIs Internal and external networks Mobile applications Experience in one or more of the following is a plus: Mobile application testing Web application pen testing Application architecture Business logic analysis Work on application tools to perform security tests, including: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux Able to explain vulnerabilities such as: IDOR (Insecure Direct Object References) Second Order SQL Injection CSRF (Cross-Site Request Forgery) Provide root cause analysis and remediation guidance for identified vulnerabilities. Mandatory Technical & Functional Skills: Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux (or equivalent) Minimum three (3) years of performing manual penetration testing and code review against: Web applications Mobile apps APIs Minimum three (3) years of experience working with both technical and non-technical audiences in reporting results and leading remediation conversations. Preferred: One year of experience in the development of web applications and/or APIs. Ability to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. Certifications (Preferred but not required): GWAPT (GIAC Web Application Penetration Tester) CREST (Certified Testing Professional) OSCP (Offensive Security Certified Professional) OSWE (Offensive Security Web Expert) OSWA (Offensive Security Web Application) This is a 6-month contract role with hybrid work arrangements in Bangalore and Pune .

Introduction As security Specialist a, You will play a role in client facing support for IBM Managed Infra Security Delivery and delivering management services for Deploy, configure, and maintain Radware Server/Link Load Balancer solutions to ensure optimal performance and reliability as part of IBM Security Delivery Team. If you thrive in a dynamic, reciprocal workplace, IBM provides an environment to explore new opportunities every single day. And if you relish the freedom to bring creative, thoughtful solutions to the table, there's no limit to what you can accomplish here. Your Role And Responsibilities Your Role and Responsibilities Conduct Vulnerability Assessment & Penetration Testing (VAPT) for web applications, APIs, and networks. Analyze and identify security vulnerabilities, ensuring alignment with OWASP Top 10 and secure coding best practices. Provide security requirement analysis for applications. Offer risk mitigation planning, vulnerability remediation recommendations, compliance guidance, and metrics reporting. Plan and coordinate Network & Application Security testing. Utilize security testing tools such as Burp Suite, Kali-Linux, AppScan, Nessus. Generate and share reports with customers using MS Office tools. Collaborate with teams to enhance security implementations and provide best practice recommendations. Preferred Education Bachelor's Degree Required Technical And Professional Expertise 3-4 years of demonstrating experience in planning and executing VA & penetration tests exercises against web applications, APIs, Network. Minimum 3+ years of experience in Network and Application Security Proficient in Secure coding best practices and OWASP TOP 10 vulnerabilities Experience in security requirements analysis for application Experience in security requirement implementation recommendations & guidance Prior experience in Network & Application Security Test planning & coordination Experience in Application risk mitigation planning, Vulnerabilities remediation recommendation & guidance, Compliance & Metrics reporting Preferred Technical And Professional Experience Industry certifications such as CEH/OSCP or equivalent preferred. Familiarity with security standards (OWASP, SANS, ISO).

Job Title: Cyber Security Engineer / Analyst – Projects & Operations Department: Information Security / Cybersecurity Location: Gurgaon Experience Required: 1 to 3 Years Key Responsibility : We are looking for a dynamic and technically skilled Cyber Security Analyst to manage and support cybersecurity projects and operations. This dual-role position will focus on the implementation of cybersecurity initiatives (POC, tool comparisons, use case finalization, and deployment) while also being actively involved in day-to-day cybersecurity operations, focusing on endpoint security, WAF/API security, vulnerability management, and application security tools. Cyber Security Projects: Plan and execute Proof of Concept (POC) for new security tools and technologies. Conduct comparative analysis of cybersecurity solutions and prepare evaluation reports. Assist in the finalization of security use cases in collaboration with stakeholders across SOC, application, and infrastructure teams. Support deployment and configuration of cybersecurity tools and ensure seamless integration into existing environments. Maintain documentation, deployment guides, and handover knowledge to operations teams. Application Security: Run static/dynamic scans using AppScan, SonarQube, and manage findings. Collaborate with developers for remediation of code-level vulnerabilities. Cloud Security (Prisma Cloud): Monitor compliance and threat posture for cloud-native applications and services. Investigate alerts and coordinate responses with cloud and DevOps teams. Required Skills & Qualifications: Bachelor’s degree in Information Technology, Computer Science, or related field. 1–3 years of hands-on experience in cybersecurity projects and operations. Working knowledge of: CrowdStrike Falcon, Akamai WAF/API Protector, Qualys VMDR, Application Security Tools (AppScan, SonarQube), Cloud Security Platforms (Prisma Cloud). Understanding of cybersecurity concepts: threat detection, vulnerability management, risk mitigation, and secure coding practices. Good communication and documentation skills for reporting and collaboration. Preferred Certifications (Optional): CompTIA Security+, CEH, or equivalent CrowdStrike Certified Falcon Administrator Akamai Security Certifications Qualys Certified Specialist Basic cloud certifications (AWS/Azure/GCP) Interested candidates may send their CV deen.dayal@maxhealthcare.com Regards DDeen

Dear Candidate, We are hiring a Compliance Engineer to ensure code and dependencies meet licensing and audit standards. Key Responsibilities: Track open-source usage and license compliance. Automate compliance scanning and reporting. Assist in security reviews and audits. Required Skills & Qualifications: Familiarity with tools like FOSSA, Black Duck. Knowledge of OSS licenses (MIT, GPL, Apache). Experience with code scanning and SBOMs. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

About the Company - Kempegowda International Airport, Bengaluru (KIAB/ BLR Airport), named after founder of the City – Hiriya Kempegowda – has the unique distinction of being the first Greenfield Airport in India, established on a Public-Private Partnership (PPP) model. This heralded a revolution in Indian aviation, as more airports in the Country were privatised, thereafter. Responsibilities - Managed XDR Operations: Oversee threat detection, threat prevention, identity and access management, and incident response activities. Optimize the performance of managed XDR solutions to proactively identify and mitigate risks. Ensure a well-defined incident response plan is in place and regularly tested through simulations. Continuously improve detection and response capabilities based on threat intelligence and industry trends. Regularly review and update playbooks to address emerging threats and advanced attack techniques. Conduct post-incident reviews to identify lessons learned and improve processes. Monitor and evaluate partner performance, addressing any issues related to quality, cost, or delivery. Manage escalations as per contracted frameworks. Ensure unresolved escalations are tabled in governance forums and taken up for resolution. Drive the resolution of such escalations by working with all concerned stakeholders Review and provide feedback on periodic process, SLAs and KPI reports published by various ICT teams Escalate process compliance issues to senior leadership along with suggestion on remediation plan Review all Change Requests and provide insight & recommendations ensuring CRs/amendments are fit for purpose, negotiated and executed by working with all stakeholders. Execution of Security Projects: Lead and manage the successful delivery of cybersecurity projects, ensuring they align with business needs. Define clear project milestones, KPIs, and timelines to track progress effectively. Collaborate with internal and external stakeholders to ensure smooth implementation. Transition completed projects into ongoing operations with defined ownership and support mechanisms. Anticipate potential challenges and implement proactive risk management strategies. Financial Management: Oversee the development, management, and monitoring of the InfoSec budget, ensuring optimal allocation of resources. Accountability of budgeting and periodic financial forecasting for InfoSec – ensuring that the inputs on budgeting and forecasting are as per agreed frequency. Analyze and report on InfoSec financial performance, providing insights and recommendations for cost optimization, return on investment (ROI) and/ or Value Realization. Prepare and track InfoSec PRs and invoice processing and subsequent payments to partners and vendors. Ensure all InfoSec vendor payments are validated and approved by respective InfoSec teams and are aligned to agreed vendor payments terms and conditions. Track vendor payments against approved amount in InfoSec budget. Publish reports on InfoSec Financial Management to ICT leadership for review Security Architecture: Develop and implement a robust security architecture framework that integrates IT and OT systems. Evaluate and recommend security technologies and tools to improve organizational resilience. Ensure scalability, flexibility, and future-readiness of the security architecture. Conduct regular architecture reviews to ensure compliance with evolving standards and business changes. Provide technical leadership on emerging technologies and trends, such as Zero Trust and Secure Access Service Edge (SASE). Act as the primary SPOC for InfoSec in ARB (Architecture Review Board), ensuring terms and conditions are favorable and aligned with BIAL’s strategic information security goals. Regularly review deployments for compliance with organizational policies, regulatory requirements, ARB approvals and industry standards. Use insights gained from project performance to refine future ARBs, driving continuous improvement in partner selection, infosec requirements, service delivery and cost management. Maintain accurate and up-to-date records of all contractual communications, amendments, and performance evaluations. ICS Security: Develop and enforce security policies and controls for Industrial Control Systems (ICS) and Operational Technology (OT). Work closely with BIAL Projects and E&M teams to design secure processes for OT systems/ ICS. Perform regular vulnerability assessments and penetration testing of OT systems. Ensure alignment with BIAL Operational Technology Cybersecurity Policy and other relevant ICS/OT-specific security standards, such as IEC 62443. Establish monitoring mechanisms to detect and respond to threats in real-time within OT environments. Governance, Risk, and Compliance (GRC): Develop, implement, and maintain information security policies and governance frameworks. Conduct periodic risk assessments and audits to identify vulnerabilities and ensure regulatory compliance, both internally and with external partners. Provide regular updates to executive leadership on the organization’s risk profile and mitigation strategies. Manage relationships with regulatory authorities and ensure timely reporting of compliance metrics. Promote a culture of security awareness and responsibility throughout the organization. Ensure the maintenance of the BIAL’s certifications and standards, including ISO 27001:2022. Strategic Leadership: Provide strategic direction and leadership to the InfoSec team, fostering a culture of excellence and continuous improvement. Drive innovation in information security solutions and practices, ensuring the organization remains competitive and forward-looking. Act as a key advisor to senior management on Information Security matters, contributing to strategic decision-making. Qualifications: Bachelor’s degree in computer science, Information Security, or a related field (Master’s degree preferred). Certifications such as CISSP, CISM, CISA, CEH, or equivalent are highly desirable. A minimum of 12 years of experience in information security, with at least 5 years in a leadership role. Required Skills: Comprehensive understanding of cybersecurity frameworks, technologies, and methodologies (e.g., NIST CSF, ISO 27001, MITRE ATT&CK, ITIL v3, PMP, TOGAF, ISO 20k & 27k and COBIT). Expertise in managed XDR operations, incident response, threat intelligence, and identity management. Familiarity with security architecture principles, ICS/OT security frameworks, and industrial protocols. Strong knowledge of GRC principles and regulatory standards applicable to the industry. Proficient in process improvement and development practices. Strong knowledge of SLA & service management, contract negotiation, and operations management. Knowledge with InfoSec tools like: AV/EDR, Data Leakage Prevention, Metasploit, TripWire, Rapid7, Tenable, Snort, Nessus, Burp Suite, Appscan, Nmap, Wireshark, Firewalls, SIEM, SOAR, , SASE, CASB, PIM/PAM, WAF, O365 suite (Intune, Conditional access, Data classification and protection). Preferred Skills: Experience in driving initiatives centered on continuous improvement, innovation, execution excellence, customer centricity and automation. Leadership and strategic planning skills to align cybersecurity with organizational goals. Analytical and problem-solving skills for assessing threats, vulnerabilities, and risks in complex environments. Exceptional communication and stakeholder management skills to influence decision-making and secure buy-in. Technical expertise in deploying advanced security tools and technologies. Proven ability to lead cross-functional teams, drive organizational change, and manage complex projects. Ability to build and maintain relationships with internal teams, partners, and external vendors.

Job requisition ID :: 81576 Date: Jul 3, 2025 Location: Kochi Designation: Consultant Entity: Deloitte Touche Tohmatsu India LLP Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST/ Your role as a Consultant We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, Senior Executive across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation Committed to creating purpose - Creating a sense of vision and purpose Agile - Achieving high-quality results through collaboration and Team unity Skilled at building diverse capability - Developing diverse capabilities for the future Persuasive / Influencing - Persuading and influencing stakeholders Collaborating - Partnering to build new solutions Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization Effective communication – Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte Empathetic leadership and inclusivity - creating a safe and thriving environment where everyone's valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive. How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. Your work profile. Work you’ll do as a part of our Cyber team you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. You’ll: • Works on projects with clearly defined guidelines as team member with responsibility for project delivery • Works under general supervision with few direct instructions • Performs cyber security assessments which includes vulnerability assessment & penetration testing, network security architecture review, secure configuration / code review, etc. • Understands basic business and information technology management processes. • Demonstrates knowledge of firm's methodologies, frameworks and tools • Participate in practice development initiatives The key skills required are as follows: • Understanding of basic business and information technology management processes • Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture • Experience in Infrastructure Penetration Testing and Application Security Testing • Experience in Secure Code Review (Code Security Review) • Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. • Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. • Experience in basic scripting such as: Shell, Python, PERL, etc. • Basic knowledge of Technoilogies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Role and Responsibilities: • Understanding of basic business and information technology management processes • Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture • Experience in Infrastructure Penetration Testing and Application Security Testing • Experience in Secure Code Review (Code Security Review) • Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. • Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. • Experience in basic scripting such as: Shell, Python, PERL, etc. • Basic knowledge of Technoilogies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Educational Qualification: Bachelor’s/master’s degree Certifications: OSCP How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

We are looking for a highly motivated HCL AppScan Engineer to join our cybersecurity team. In this role, you will be responsible for deploying, managing, and optimizing HCL AppScan solutions within our application security environment. You will work closely with development, DevOps, and security teams to integrate robust application security testing into our software development lifecycle (SDLC) and CI/CD pipelines. Your expertise will help us identify vulnerabilities early, ensure secure coding practices, and protect our applications from evolving security threats. What You’ll Do : * Deploy & manage HCL AppScantools across environments (cloud/on-prem). * Perform SAST & DAST scans to detect and fix security issues. * Integrate AppScan into CI/CD toolslike Jenkins, GitLab, or Azure DevOps. * Analyze vulnerabilities, generate reports, and guide developers on fixes. * Collaborate with Dev, QA & Security teams to promote secure coding. * Document processes and keep up with latest security trends (e.g., OWASP Top 10). ✅ What We’re Looking For: * Bachelor’s in CS, IT, Cybersecurity or related field. * Experience using HCL AppScan, SAST/DAST tools, and CI/CD platforms. * Strong knowledge of application security, automation scripting (Python, Bash), and secure coding standards. * Good communication skills and the ability to work in fast-paced environments. Bonus Skills: * Experience with Fortify, Checkmark * Knowledge of Linux, Docker, or Kubernetes. Job Types: Full-time, Permanent Pay: ₹30,000.00 - ₹50,000.00 per month Shift: Day shift Fixed shift Morning shift Work Days: Monday to Friday Education: Bachelor's (Required) Experience: HCL AppScan: 1 year (Required) Support Engineer: 1 year (Required) Location: Pragati Vihar, Delhi, Delhi (Required) Work Location: In person

TitleSecurity Test Engineer Key Responsibilities Core Skills Must have Work Experience Minimum of 2+ Years of work experience in Application security, Vulnerability Assessment & Penetration Testing. Skill Set Vulnerability Assessment and Penetration Testing for Web application and API. Knowledge on open source and commercial tools Source code Review Knowledge on scripting language is desirable. Expertise in DAST for web Application (e.g. Acunetix, IBM AppScan, Burpsuite etc.) tooling including triage. Advance Understanding of Security standard and best practices. Hands on exp in Kali Linux , SQL Map Expertise in Vulnerability Assessments using various open source and commercial tools. Sound knowledge of network security devices (Firewalls, proxies , NIDS/NIPS, ETC.) Ability to analyse and detect false positives from the vulnerabilities identified by scanners and communicate effectively with all stakeholders in order to mitigate the existing vulnerabilities in the application. Experience in in performing SAST scan with tool (e.g. Veracode, SecureAssist, IBM AppScan, Checkmarx , Snyk) tooling including triage. Understanding of webbased application vulnerabilities and API Vulnerabilities (OWASP TOP 10) Strong customer service orientation & Experience working in a teamoriented, collaborative environment. Strong organization and time management skills Offshore

Software Engineer Associate Advisor - HIH - Evernorth Position Overview The Provider Technology Shared Services Engineering team is seeking a Software Engineer Associate Advisor for a Band 3 Contributor Career Track position. The Software Engineer Associate Advisor will play a critical role in system development within the broader Provider Technology Solutions and Engineering organization, significantly influencing Operations and Technology Product Management. This position will provide expertise in the engineering, design, installation, and startup of automated security testing solutions, including a self-service onboarding kit that enables users to begin utilizing the solution within minutes. The solutions developed will be accessible to individuals with minimal technical skills and will require no additional coding, ensuring zero maintenance is needed. As a member of our team, you will operate within a high-performance, high-frequency enterprise technology environment. This role entails collaborating closely with IT management and staff to identify automated solutions that leverage existing resources with tailored configurations for each security testing use case. The objective is to minimize redundancy in solutions while promoting an enterprise mindset focused on reusability and maintaining high standards, ultimately ensuring minimal future maintenance requirements. The Software Engineer Lead Analyst demonstrates significant creativity, foresight, and sound judgment in the conception, planning, and execution of security initiatives. Additionally, the Lead Analyst stays informed about the latest advancements in technology, including AI and machine learning, to enhance both existing and new automation solutions. These solutions are designed to optimize production costs while facilitating the addition or updating of features aimed at improving the overall software development lifecycle experiences. Responsibilities Provide comprehensive consultation to business unit and IT management, as well as personnel, regarding all facets of application development, security testing and automation solutions across diverse development, financial, operational, and computing environments. Responsible for performing vulnerability assessments, threat modeling, penetration testing, and team campaigns of the Provider's IT infrastructure and applications, while closely collaborating to identify, evaluate, and remediate potential weaknesses in provider systems utilizing automated methods. Provides strategic vision in architectural design and Security Test Automation guidance for the team, emphasizing a thorough evaluation of the quality attributes of a software system. This includes considerations for static, dynamic security tests rather than focusing solely on the functionality of individual features. Additionally, actively oversees and manages the design of supported automation solutions. Conduct comprehensive research and evaluation of all potential solutions to recommend the most efficient and cost-effective automation solution that can be reused with an enterprise mindset, facilitating scalability for both existing and new applications with minimal modifications. Ensures that engineering solutions are aligned with the overall Technology strategy while addressing all application requirements. Demonstrate industry-leading technical abilities that enhance product quality and optimize day-to-day operations. Understand how changes impact work upstream and downstream including various back end and front-end architectural modules. Enhance personnel effectiveness using heat matrices to prioritize Quality and Development Engineering resources on high-impact interfaces while identifying areas of lesser focus. Perform automated activities, including analysis of logs, memory, and disk artifacts, utilizing a variety of commercial and open-source security tools to respond to and triage security threats. Troubleshoot and optimize automated solutions and associated artifacts to ensure efficient operation within CI/CD pipelines and on local machines, reducing software and package dependencies or conflicts to improve cycle times. Execute on a strategy to hand over the automation solutions to every Agile teams for adoption and use within their areas of focus, requiring zero maintenance and minimal effort for any enhancements without delving into coding. Encouraging and building automated processes wherever possible. Recognized internally as a subject matter expert. Qualifications Required Skills: Lead and execute internal and external penetration tests against web applications, APIs, Desktop, networks, Windows and Unix variants to discover vulnerabilities. Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation. Develop scripts, tools or methodologies to enhance . penetration testing processes. Experience in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.) Experience with network and server assessment tools (e.g. Nessus, Metasploit, Nmap, Nikto, etc.) Understanding of web application frameworks (React, Spring boot, Ruby on Rails, J2EE, PHP, ASP.NET) Strong experience in manual and automated techniques for penetration testing and executing vulnerability assessments. Knowledge of Windows and *nix-based operating systems. Knowledge of networking fundamentals and common attacks. Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell). Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C). Exploit development and validation skills. Ability to analyse vulnerabilities, appropriately characterize threats, and provide remediation recommendations. Understanding of core Internet protocols (e.g. DNS, HTTP, TCP, UDP, TLS, IPsec) Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.) Demonstrated ability to coordinate people and lead teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities. Required Experience & Education: A Bachelor's degree in Computer Science or a related field is required. 8 - 11 years of professional experience in security and penetration testing experience. At least 3 years of experience in Agile methodologies is required. Passionate about security and finding new ways to break into systems as well as defend them Strong analytical and problem solving skills with the ability to “think outside the box” Familiarity with an onshore/offshore operational model is essential. Demonstrated experience in the architecture, design, and development of large-scale enterprise application solutions is required. Desired Experience: Proficient in Security and Penetration Test Automation and automation methodologies. Proficient in triaging and identifying security issues, including root cause analysis, connection problems, and application bottlenecks. Providing coaching and guidance to team members. Location & Hours of Work < >Full-time position, working 40 hours per week. Expected overlap with US hours as appropriatePrimarily based in the Innovation Hub in Hyderabad, India in a hybrid working model (3 days WFO and 2 days WAH) Equal Opportunity Statement Evernorth is an Equal Opportunity Employer actively encouraging and supporting organization-wide involvement of staff in diversity, equity, and inclusion efforts to educate, inform and advance both internal practices and external work with diverse client populations. About Evernorth Health Services Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.

Position Summary Softcell Global Technologies Pvt. Ltd. is seeking a Source Code Auditor with proven expertise in both manual and automated code review. The ideal candidate should be adept with modern SAST & DAST tools and collaborative platforms, understand secure software development practices, and be capable of identifying real-world vulnerabilities across multiple languages and frameworks. This role is critical in identifying security vulnerabilities, ensuring secure coding practices, and integrating security throughout the SDLC. Key Responsibilities Code Review (Manual + Automated) Conduct comprehensive manual reviews to identify security flaws, insecure patterns, and logical vulnerabilities. Perform automated static and dynamic code analysis using tools like SonarQube, Fortify, Veracode, Burp Suite, OWASP ZAP, DeepSeek, etc. Document findings with clear proof-of-concept and mitigation recommendations. Security Compliance & Best Practices Assess code for input validation, output encoding, SQLi, XSS, CSRF, auth flaws, and cryptographic implementations. Validate third-party libraries using Snyk, Dependency-Check, or WhiteSource. Ensure compliance with OWASP, PCI-DSS, HIPAA, or other relevant industry standards and coding benchmarks. Analyze code structure and maintainability, ensure modularity, proper separation of concerns, adherence to SOLID principles, and avoidance of anti-patterns or code smells. Documentation & Reporting Generate detailed audit reports with risk ratings and recommendations. Review project documentation such as changelogs, API docs (Swagger/OpenAPI), and code metadata. Enforce internal coding standards and audit policies. Collaboration & Reviews Conduct peer reviews using GitHub/GitLab, Crucible, or similar platforms. Assist development teams in understanding and resolving security issues. Participate in internal security training and secure coding awareness programs. Preferred Tools & Platforms SAST & Security Linters: SonarQube, Fortify SCA, Checkmarx, Veracode, etc DAST: OWASP ZAP, Burp Suite, Acunetix, Netsparker, AppScan, etc Manual Review & Collaboration: GitHub, GitLab, Bitbucket, Crucible, Review Board, Phabricator Dependency & License Scanning: Snyk, OWASP Dependency-Check, WhiteSource, Semgrep CI/CD & DevOps: Jenkins, GitHub Actions, GitLab CI, Burp Suite Enterprise Preferred Certifications OSWE – Offensive Security Web Expert CSSLP – Certified Secure Software Lifecycle Professional (ISC²) ECSP – EC-Council Certified Secure Programmer CREST CCT App – Certified Application Security Tester Secure Code Warrior / Microsoft Secure Code certifications Qualifications Minimum 2 years of experience in source code auditing Strong understanding of secure coding across Java, .NET, Python, PHP, JavaScript, etc. Bachelor’s degree in Computer Science, Cybersecurity, or related field. Excellent communication, documentation, and collaboration skills. Must be available in Mumbai for full-time onsite work. Additional Details Immediate Joiners Only Practical Skills Are a Must – Onsite face-to-face technical round (No virtual/remote interviews) Why Join Softcell? Work with cutting-edge tools and enterprise projects. Learn from industry experts and grow within a specialized cybersecurity team. Contribute to critical application security reviews across domains like finance, retail, healthcare, and government. About Company At Softcell Technologies, we bring over 30 years of expertise in delivering end-to-end IT infrastructure solutions to enterprises across India. With deep roots in security, cloud, data center, and engineering technologies, we empower organizations to meet complex IT challenges. Softcell is also a CERT-In empaneled organization, recognized for conducting official cybersecurity assessments across industries. Join us to work on high-impact security projects, lead technical engagements, and grow within a passionate cybersecurity team.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. Bachelor or Master degree in computer science with a minimum of 8 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Two or more years of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Experience with discovering, utilizing, and possibly writing exploits for such vulnerabilities as buffer and stack overflows Familiar with the logistics of security testing such as acquiring authorization for testing, reporting, risk analysis of findings, data handling, and legal considerations Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST, aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Perform analysis and testing to verify the strengths and weaknesses of client IT environments utilizing commercial and open source security testing tools Perform Internet penetration testing (blackbox/ greybox / whitebox testing) and network architecture reviews (manual/ automated) Perform other security testing tasks such as wireless penetration testing, social engineering campaigns (email, web, phone, physical, etc.), mobile application testing, embedded device testing, and similar activities meant to identify critical weaknesses within client environments Assist with the development of remediation recommendations for identified findings Identify and clearly articulate (written and verbal) findings to senior management and clients Help identify improvement opportunities for assigned clients Supervise and provide engagement management for other staff working on assigned engagements Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, and senior management in the U.S. on a daily basis Key Skills To Accelerate Career Maintains a high degree of quality and client relationship on multiple clients at the same time Positively engages, motivates and influences team members Identifies client needs/requirements and initiates discussion to expand services through a solid understanding of the firm’s service capabilities and offerings Subscribes to and actively read industry publications and share relevant information with clients as considered applicable At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

Work Location:- Bangalore / Pune Experience:- 4 to 7 years Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Title: Security Test Engineer Key Responsibilities: Core Skills : Must have Work Experience Minimum of 2+ Years of work experience in Application security, Vulnerability Assessment & Penetration Testing. Skill Set Vulnerability Assessment and Penetration Testing for Web application and API. Knowledge on open source and commercial tools Source code Review Knowledge on scripting language is desirable. Expertise in DAST for web Application (e.g. Acunetix, IBM AppScan, Burpsuite etc.) tooling including triage. Advance Understanding of Security standard and best practices. Hands on exp in Kali Linux , SQL Map Expertise in Vulnerability Assessments using various open source and commercial tools. Sound knowledge of network security devices (Firewalls, proxies , NIDS/NIPS, ETC.) Ability to analyse and detect false positives from the vulnerabilities identified by scanners and communicate effectively with all stakeholders in order to mitigate the existing vulnerabilities in the application. Experience in in performing SAST scan with tool (e.g. Veracode, SecureAssist, IBM AppScan, Checkmarx , Snyk) tooling including triage. Understanding of webbased application vulnerabilities and API Vulnerabilities (OWASP TOP 10) Strong customer service orientation & Experience working in a teamoriented, collaborative environment. Strong organization and time management skills Offshore PAN India About Virtusa Teamwork, quality of life, professional and personal development: values that Virtusa is proud to embody. When you join us, you join a team of 27,000 people globally that cares about your growth — one that seeks to provide you with exciting projects, opportunities and work with state of the art technologies throughout your career with us. Great minds, great potential: it all comes together at Virtusa. We value collaboration and the team environment of our company, and seek to provide great minds with a dynamic place to nurture new ideas and foster excellence. Virtusa was founded on principles of equal opportunity for all, and so does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.

Title: Security Test Engineer Key Responsibilities Core Skills : Must have Work Experience Minimum of 2+ Years of work experience in Application security, Vulnerability Assessment & Penetration Testing. Skill Set Vulnerability Assessment and Penetration Testing for Web application and API. Knowledge on open source and commercial tools Source code Review Knowledge on scripting language is desirable. Expertise in DAST for web Application (e.g. Acunetix, IBM AppScan, Burpsuite etc.) tooling including triage. Advance Understanding of Security standard and best practices. Hands on exp in Kali Linux , SQL Map Expertise in Vulnerability Assessments using various open source and commercial tools. Sound knowledge of network security devices (Firewalls, proxies , NIDS/NIPS, ETC.) Ability to analyse and detect false positives from the vulnerabilities identified by scanners and communicate effectively with all stakeholders in order to mitigate the existing vulnerabilities in the application. Experience in in performing SAST scan with tool (e.g. Veracode, SecureAssist, IBM AppScan, Checkmarx , Snyk) tooling including triage. Understanding of webbased application vulnerabilities and API Vulnerabilities (OWASP TOP 10) Strong customer service orientation & Experience working in a teamoriented, collaborative environment. Strong organization and time management skills Offshore PAN India

Vulnerability Assessment & Penetration Testing & configuration review for network, web app, mobile app & thick-client app Configuration reviews for OS ,DB, Firewall, routers, Switches Prepare Threat Intelligence reports Cyber-attack simulations Required Candidate profile Vulnerability Assessment Penetration Testing (PT) Web App Security Knowledge of security assessment tools e.g, Nessus, Acunetix, Appscan, nmap, etc Knowledge of OS -Linux/ UNIX Perks and benefits +++ 10% Perf Bonus + Mediclaim + 30% Company Bonus