3 Burp Jobs

About One One's mission is simple - to help customers achieve financial progress. One is creating simple solutions to assist customers in saving, spending, borrowing, and growing their money all in one place. The U.S. consumer today deserves better, as millions of Americans are unable to access credit, build savings or wealth, and are managing their financial lives through multiple disconnected apps. Approximately a quarter of U.S. adults are unbanked or underbanked, and about 80% of fintech users rely on multiple accounts to manage their finances. One is unique as it is backed by a preeminent fintech investor (Ribbit) and the world's largest retailer (Walmart), maintaining the speed and independence of a startup while employing a strong and growing collection of world-class talent. This presents an opportune moment to build a business that aids people in achieving financial progress. Come build with us! The Role As an Application Security Engineer at One, you will be responsible for ensuring that One delivers secure and reliable applications at scale. Your role involves partnering with engineers to integrate security into the product from the ground up, developing engineering tools and workflows to test and validate artifacts, and actively creating security frameworks. You will champion modern Application Security Engineering at One, directly impacting the security of all products. Additionally, you will provide subject-matter expertise to product teams on security best practices, optimize secure coding practices, utilize offensive security techniques to strengthen our environment, and enhance overall security practices. Responsibilities - Ensuring the quality and security of applications and products by guiding their development through the Secure Development Lifecycle (SDLC) process. - Conducting SAST/DAST and penetration testing on core application services, web applications, and mobile applications. - Developing, maintaining, and extending an in-house application security and penetration testing automated testing framework. - Creating secure libraries, hardening existing libraries and frameworks, and eliminating vulnerabilities. - Enforcing SDLC practices through Infrastructure-As-Code (IaC) policies whenever possible. - Collaborating closely with Engineering teams to validate the security posture of new features before production deployment. - Triaging and validating security vulnerabilities, acting as a subject-matter expert in AppSec for the Engineering team. - Refactoring and deploying secure libraries and frameworks across the code repository. - Training engineers, architects, code reviewers, and others on secure coding practices. - Contributing to application threat models and maintaining awareness of vulnerabilities in application technologies. - Working with Security and other engineering teams to maintain a security architecture that provides controls across all platforms to mitigate risk. - Providing expertise on code-level security concerns during product development. Requirements - 5+ years of experience in security engineering, DevSecOps, and application development. - Strong knowledge of CVSS, MITRE ATT&CK, and OWASP Top 10. - Proficiency in TypeScript and practical understanding of AWS core services. - Experience with modern application architecture, deployment practices, and secure software development frameworks. - Familiarity with Library/API/Framework development and integrating security scanning tools with CI/CD. - Expertise in security vulnerabilities, cryptography, and security evaluation tooling. - Exposure to technologies like AWS, iOS, Android, Vault, Kubernetes, React, GraphQL, and Datadog. - Understanding of regulatory compliance concerns (GLBA, CCPA, PCI). - Triple H Factor: Humble, Hungry, and Honest with an act-like-an-owner mentality. What it's like working @ One - Competitive compensation. - Benefits effective from day one. - Early access to a high-growth fintech startup. - Generous stock option packages. - Employer Provident Fund contributions. - Comprehensive health insurance for you and your family, including mental health support. - Flexible time off programs, monthly transport allowance, work-from-home stipend, and a hybrid working model. Leveling Philosophy One follows a flat titling structure to scale the company thoughtfully and avoid inequities. Internal titles reflect specific functional responsibilities and additional descriptors for clarity within the organization. Employees are compensated based on experience and internal level within One. Inclusion & Belonging,

The role of a Specialist in Software Testing requires a candidate with a minimum of 2-5 years of experience in Application Security Testing. As a Specialist, you will be responsible for working on OWASP Top 10 - application security risks, conducting Manual Security Testing & Analysis, and designing Security Tests. It is essential to possess excellent interpersonal and presentation skills, along with strong verbal and written communication abilities. Key Skills required for this role include proficiency in Application Security, OWASP, BURP, LINUX, and Manual Testing (TST). The role falls under the category of Information Technology in the Outsourcing/Offshoring industry. This is a full-time, permanent position. If you are looking to join a dynamic team where you can utilize your expertise in Software Testing and Application Security, this Specialist role is an excellent opportunity for you. Job Code: GO/JC/20600/2025 Recruiter Name: Sriram,

7+ years of related work experience. Strong written and verbal communication skills. Strong analytical and problem-solving skills. Ability to work on multiple projects at same time. Experience with mainstream defect tracking tools and test management tools. Proficient in any of the programming languages including Java, Python, SQL, and JavaScript/TS, with hands-on experience in building and testing backend and frontend components. Strong experience in designing, executing and maintaining automated and manual tests for REST/SOAP APIs. Experienced in UI automation for both browser and desktop applications using tools such as Selenium and Playwright (for web) and UFT and Squish (for desktop and hybrid applications). Experience in designing and executing performance and security tests using tools like JMeter, BURP suite or similar. Experience using test result reporting tools like Allure, Extent Reports or similar Well-versed in Continuous Integration/Continuous Deployment (CI/CD) pipelines using tools such as Jenkins, GitHub Actions, GitLab CI, and Azure DevOps. Also experienced in using Chocolatey for managing Windows-based dependencies and packages in CI pipelines and familiar with Coinbase CI/CD standards for secure and compliant deployment practices in financial environments. Skilled in version control systems like Git and experienced with repository management platforms such as Bitbucket, GitHub, and GitLab for collaborative development and code management. In addition, the following requirement is desired: Experience in the Financial Industry (trading tools with real-time cross-asset data and fixed income is preferred).