8 Appsec Jobs

Function Goal : To support the organization's information security efforts by assisting with the monitoring and initial analysis of security threats, providing support in risk management activities, and helping ensure compliance with security policies to protect the organization's information assets. Key Result Areas : Assist in the development, review, and maintenance of security policies and procedures and provide support for security-related documentation to ensure robust security frameworks are in place. Ensure compliance with relevant security standards and regulatory requirements and participate in internal and external security audits to ensure the organization meets all necessary guidelines. Assist in the development and implementation of new security initiatives and technologies. Provide support for security-related projects, including planning, execution, and monitoring. Coordinate with project teams to ensure security requirements are met. Monitor and assess the effectiveness of security training programs. Promote best practices and educate staff on security policies and procedures. Create and distribute security awareness materials, such as security bulletins, phishing simulations and posters to ensure all employees are well-informed and vigilant and have a high level of security awareness. Assist in identifying potential security risks and vulnerabilities within the organization's systems and processes. Participate in the evaluation of risks by analyzing the likelihood and potential impact of security threats. Use tools and techniques to document identified risks and share findings with senior team members for further analysis to ensure proactive risk management. Participate in training and development opportunities to enhance security skills and knowledge. Provide feedback on existing security processes and suggest improvements to enhance effectiveness and to ensure continuous improvement of security measures.

Implement security strategy, policies & controls.Oversee risk, vendor security, BCDR, vulnerability remediation & AppSec.Drive compliance, training,audits,and continuous improvement.GRC tool expertise,ISO27001 Implementer/Auditor,CGRC/BCMS preferred.

Who are we looking for? Focused on the customer, Managed Services' mission is to ensure that clients get the most out of Checkmarx Products and Solutions. We are looking to grow our team with a talented Application Security Architect to support Checkmarx services and our customers. We are looking for a resilient and self-motivated individual who wants to be part of an expanding team in a fast-growing industry. Responsibilities : Review customers software architectures with a focus on potential security threats Provide dev teams with explanation and mitigation advice for security vulnerabilities found in the Checkmarx scans; Design and coordinate the implementation and maintenance of tailored solutions that will meet customer requests, needs and requirements; Collaborate with Product Management, R&D and Support teams in handling customer issues or internal Checkmarx initiatives; Occasionally assist in pre-sale activities, like providing product demonstrations; Assistance in the implementation of Application Security Programs and processes; Providing training for developers and management Travel to customer sites for meetings and technical activities; Requirements Degree in Software Engineering or equivalent At least 4+ years of combined experience in development, in any programming language,and Application Security (minimum 2 years in AppSec). Previous experience in one or more Application Security practices, such as pen-testing, security code review, AST products, research Knowledge on how to conduct a Threat Modeling exercise. Knowledge of AppSec industry standards, frameworks and guidelines, such as OWASP Top 10 (Web, Api or Mobile) and Secure SDLC. Client handling skills for Security Engagements; Good written and verbal communication skills in English; Ability to travel (up to 20%); Pro-active and sense of ownership; Get an advantage if you have Security Certifications (CISSP, CSSLP, CEH, OSCP, etc.).

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Look for immediate joiner. Jd Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast

Look for immediate joiner. Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS) We should look for a candidate who has deep and diverse hands on exp in above skills Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent

Application & product security, including threat modeling and secure SDLC Cloud security (AWS/GCP/Azure), container security (Docker, Kubernetes & API protection DevSecOps- automation in IaC & CI/CD pipelines Scripting (Python/Shell), Linux security Required Candidate profile Sr Security Egr - 7+ yrs exp. to lead & enhance security across the SDLC. expertise in application security, threat modeling, cloud security (AWS/GCP/Azure), DevSecOps practices & strong communication

Job Description Design, develop, troubleshoot and debuSaaS Security Testing Services team is looking for Security Testing and Tools Engineers with various degree of experience in AppSec/Product Security field in Oracle India Development Center under the Oracle SaaS Cloud Security (SCS) organization. Oracle SaaS a.k.a. Oracle Cloud applications, built on machine learning, offer the most complete application suite with the best technology, enabling fast innovation with a modern UX and customer-first approach and one of the top strategic cloud services for Oracle. The SCS organization is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day. You will get the opportunity to join our efforts to reshape not only future of security testing and automation for Fusion App SaaS Services at Oracle but influence the security testing landscape across all the SaaS offerings. We are seeking hands-on, senior security analyst with the depth and breadth to evaluate complex web applications and technology stacks for security and build/code to address the security threats. You will have the opportunity to work in a cloud-scale environment using the latest security technologies/tools and collaborate with the best minds in the industry, to collectively stay ahead and respond to growing threats to cloud services. SaaS STS team will optimally engage in conducting white box/grey box application security testing - complementing what the development teams do in a more integrated and more coordinated setting through the security automation and tooling. SaaS STS team responsibilities will include implementation of Static Code Analysis, Dynamic App Security Testing/Fuzz Testing, Interactive / manual App security testing, facilitate automation of security verifications in CI/CD pipeline and evidence capturing for compliance audits. This position requires technical security knowledge and Cloud/DevSecOps or product development experience. Career Level - IC4 Responsibilities Job Requirements: MS or equivalent degree in computer science, or equivalent 6+ years of software engineering and technical leadership with proven results in software development, appsec and pen-testing Detailed exposure to web application pen test, forensics and intrusion handling The ideal candidate will have the following skills: Experience in product development or Security QA or penetration testing of Enterprise software, SaaS, IaaS or PaaS cloud services preferred Web application pen test, intrusion detection, vulnerability assessment Proficiency with Java, RESTful API, micro-services, Python. Experience in file system and operating system security analysis and attack vector detection Experience in database encryption methods and implementation, DB fuzzing and DB pen test Hands-on expertise on pen-testing of cloud applications and related infrastructure Understanding exploit mechanisms using CVEs for web services and microservices Should have worked on industry standard tools for security BURP, Web Inspect, Qualys, Nessus, REST API fuzzer, SAST tools etc. Ability to work in an agile and continuous software integration model. Security certifications like OSCP, LPT, ECSA, CISSP would be an added advantage Key Responsibilities You will work with Oracle Fusion Apps and other SaaS Services development teams to identify gaps in security testing and implement scalable solutions to improve security testing You will perform appsec and pen-testing of Oracle SaaS applications and infrastructure. You will implement automated security processes and security tooling in CI/CD pipeline. You will work with development teams and provide remediation mentorship to address any security findings You will evaluate and deploy new security tools and technologies to handle constantly evolving security threats landscape and support hyper-scale SaaS growth.