360 Burp Suite Jobs

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModelingAbility to conduct threat modeling sessions to identify and mitigate security risks. Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools. Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify.

Responsibilities: Lead cybersecurity testing for IoT devices per BIS/ITSAR, ensuring ISO 17025 compliance. Develop methodologies, oversee assessments, review reports, collaborate with clients on security needs, and enhance lab operations.

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps. This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent Skills: penetration testing,mobile app testing,sast,ios,android,dast Mandatory Key SkillsSAST,DAST,Penetration testing,Android,ioS,manual testing,AppSec*

Role Overview: We are seeking an enthusiastic Security Researcher to join our growing organization. Our global organization works in the areas of malware research, customer escalation response and system Engineering and development. You will be expected to learn the ins-and-outs of our daily malware escalation responses, routines and procedures. Additionally, you will help build automations, and author detection content which will help fight the bad guys. About the role: You must have awareness of threats around the globe, regional threats and top adversaries / criminal groups focusing on malware including affiliate networks pertaining to Windows OSes. You will process incoming requests from our customers and Support team regarding malware analysis and detection. You will provide static and dynamic analysis of malware including - infection, propagation, lateral movement, exploitation POCs, etc. You will extract malicious patterns from malware and author effective detection and repair signatures and test them before being utilized by our Trellix products. You will participate in the incident response process on need basis and prepare analysis of the incident, remediation instructions, and assist customers. Using your coding skills, there may be opportunity to develop automation framework for malware analysis and efficiency improvements. You will propose and create innovative solutions for problems that our customers are facing. You will share your most exciting research findings through blogs and internal presentations. You will work closely with colleagues in the same and other time zones, and attend a daily handover to the next region. You will be required to do on-call work during holidays and weekends as part of a team Rota. About You: Ideally you must have experience in a Security or Malware Researcher role You must have experience with Python, C/C++, or other similar programming languages You must understand Windows PE file format. You should have knowledge of Windows OS internals - memory, threads, processes, API, etc. You should have knowledge of Networking protocols and experience with network traffic analysis tools (Wireshark, Fiddler). Proficiency in debugger usage (OllyDbg, IDA pro) would be advantageous Previous experience in reverse engineering would be advantageous You should have experience of various malware analysis tools You should have excellent problem-solving skills, fast learner, self-motivated to take initiatives with focus on achieving results in timely manner You should have proven ability to translate insights into business recommendations Degree Level Computing Qualification or equivalent with 2+ years demonstrated experience Ability to positively adapt to changes and multitasking in a fast-moving industry

Were looking for a highly skilled UI Developer with a strong background in building native applications across Windows, macOS, iOS, and Android platforms. This role requires hands-on expertise in platform-specific development tools and languages, such as C/C++, .Net, WinAPI, Cocoa, Swift, Kotlin, and Android NDK, to deliver intuitive, high-performance user interfaces tailored to each ecosystem. The ideal candidate also brings a strong focus on security, with the ability to integrate features like hardware-backed encryption, secure boot, and multi-factor authentication into consumer-facing applications. Youll play a critical role in creating seamless, secure user experiences across desktop and mobile devices. Responsibilities As a member of the OCI Enterprise Management Systems function, you will assist in defining and developing software for tasks associated with the developing, debugging or designing of software applications or operating systems. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs. Key Responsibilities Design and develop secure, high-performancenative user interfacesfor Windows, macOS, iOS, and Android platforms. Leverage platform-specific technologies (e.g., WinAPI, Cocoa, Swift, Kotlin, Android NDK) to deliver responsive, intuitive UI experiences. Integrate hardware-backed security features includingTrusted Platform Module (TPM),Apple Secure Enclave, andAndroid Keystorefor secure boot, attestation, and encrypted storage. Implementcryptographic algorithms and secure communication protocolsto protect data at rest and in transit. Build and supportrobust authentication mechanisms, including MFA, biometrics (Face ID, Touch ID, fingerprint), and token-based access. Collaborate withsecurity architectsand engineers to define and implement secure software architecture. Conductcode reviews,threat modelling, andsecurity assessmentsto proactively identify and address vulnerabilities. Stay informed on emerging threats, CVEs, and platform security updates, ensuring applications are always a step ahead. Partner closely withproduct managers, UX designers, and backend engineersto deliver cohesive, high-quality apps on time. Mentor junior developers in secure coding practices, cryptography, and platform-specific development techniques. Requirements Bachelors degree inComputer Science,Engineering or relevant experience. Proven experience developingnative applicationsforWindowsand at least two additional platforms (macOS, iOS, Android). Proficient inC/C++, Java, .NETand platform-native development frameworks such asWinAPI,Cocoa,Swift,Kotlin, andAndroid NDK. Proven experience designing and buildingcommercial-grade endpoint softwareat scale, with a strong emphasis onreliability, performance, and maintainabilityacross diverse hardware and operating system environments Strong knowledge ofTPM,Secure Enclave, andAndroid Keystore, with experience integrating these technologies for secure storage and authentication. Hands-on experience withcryptographic librariessuch asOpenSSL,CryptoAPI, andCommonCrypto. Familiarity with authentication protocols likeOAuth2.0,OpenID Connect,FIDO, and optionallyKerberos,SAML, andLDAP. Deep understanding ofWindows and macOS internals, including system architecture, low-level APIs, and built-in security features such asBitLocker,User Account Control (UAC),Windows Defender, andmacOS System Integrity Protection (SIP), Gatekeeper, and FileVault. Experience using mobile security testing tools such asAppScan,Burp Suite, orMobile Security Framework (MobSF). Strong attention to detail with a passion for writing secure, efficient, and maintainable code. Excellent communication skills and a collaborative mindset, with the ability to mentor and inspire peers.

Key Responsibilities: Conduct comprehensive application security assessments, focusing on the OWASP Top 10 for web and mobile applications. Utilize vulnerability assessment tools to identify and analyze security risks within applications and systems. Collaborate with development teams to integrate security practices into the software development lifecycle (SDLC). Provide recommendations and guidance for remediating vulnerabilities and improving application security posture. Monitor security alerts and take appropriate action to mitigate potential threats. Assist in developing and implementing security policies, procedures, and best practices. Stay up-to-date with the latest security trends, tools, and technologies to ensure the organizations security measures remain adequate and relevant. Communicate technical security issues and solutions effectively to both technical and non-technical stakeholders. Qualifications: 2-5 years of experience in application security, focusing on identifying and mitigating security vulnerabilities. Strong knowledge of OWASP's Top 10 security risks for web and mobile applications. Familiarity with vulnerability assessment tools like Nessus, Burp Suite, Fortify, etc. Prior programming experience (e.g., Python, Java, JavaScript, etc.) is an added advantage and will be highly beneficial. Excellent problem-solving skills and attention to detail. Strong communication skills, with the ability to explain complex security issues clearly and concisely. Ability to work independently and as part of a team in a fast-paced environment. Relevant certifications (such as CEH, OSCP, CISSP) are a plus but not required. Knowledge of CSPM and DSPM Mandatory Key SkillsSecOps,Security Testing,OWASP,Java,JavaScript,CEH,OSCP,CISSP,Nessus*,Burp Suite*,Python*

* Mentor and guide training resources across Kerala, ensuring effective knowledge transfer. * Deliver comprehensive training on RedTeam courses, including but not limited to ADCD, CPT, CICSA, CSA, CCSA, CRTA, CEH, P+, S+, CYSA+, CHFI, etc.

Understand common cyber attacks, e. g. , social engineering, phishing, identity theft. Obfuscation, trojans, dumpster diving, insider attacks, etc. Strong Knowledge of Information Security & Ethical Hacking Concepts. Required Candidate profile Freshers B.Tech | BCA | MCA | Must have Knowledge about Ethical Hacking , Cyber Security Proficiency in testing tools (Kali Linux, Metasploit, Burp Suite, Wireshark) Whatsapp Resume: 7042302345

As a Penetration Tester, you will be responsible for conducting security assessments on various systems and applications to identify vulnerabilities and provide recommendations for mitigation. Here is a summary of the key details from the job description provided: - **Role Overview:** With at least 7 years of experience in penetration testing, you will demonstrate proven abilities in both black box and white box testing methodologies. Your primary focus will be on manual penetration testing, utilizing tools such as Burp Suite, Checkmark, OWASP ZAP, Nmap, Nessus, and Metasploit Framework. You should have hands-on experience in API penetration testing of Rest/SOAP based interfaces and possess a deep understanding of OWASP methodology and web vulnerabilities. - **Key Responsibilities:** - Perform vulnerability assessments using both manual and automated techniques. - Conduct source code analysis for vulnerabilities utilizing scanning tools. - Collaborate with development teams to assess and mitigate risks based on penetration test results. - Apply PCI, NIST guidelines, ISO2700x, cloud security, virtualization, SecDevOps, and containerized deployment best practices. - Demonstrate strong written and oral communication skills. - **Qualifications Required:** - Minimum 7 years of experience in penetration testing. - Proficiency in using vulnerability scanners and frameworks such as Burp Suite, Checkmark, OWASP ZAP, Nmap, Nessus, and Metasploit Framework. - Strong knowledge of API penetration testing and web vulnerabilities. - Familiarity with scripting languages like Python. - Comfortable working in Linux/Unix environments. - Desirable skills in PCI, NIST guidelines, ISO2700x, cloud security, virtualization, SecDevOps, and containerized deployment. This role requires an extremely committed and self-motivated individual who can excel in challenging situations and effectively communicate findings and recommendations to stakeholders.,

The Cyber Security Senior Analyst - Penetration Testing, is responsible for conducting vulnerability assessments, threat modeling, penetration tests of Cigna s IT infrastructure and applications. This role will work closely with the Information Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cigna s systems, using both manual and automated methods. Responsibilities Execute internal and external penetration tests against corporate web applications, APIs, networks, infrastructure and operating systems in order to discover vulnerabilities. Execute mobile application penetration tests for both Android and iOS based devices. Execute penetration tests in cloud-hosted environments. Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation, and communicate risk findings with development and infrastructure teams. Develop scripts, tools, or methodologies to enhance Cigna s penetration testing processes. Work as part of a team to identify risks, communicate to key stakeholders, and provide value to the organization. Skills required Demonstrated ability to work as both an individual contributor and a team player in a fast paced environment. Coordinate with people and teams to forecast activity completion and the ability to work in a team environment, sharing workloads and responsibilities. Knowledge of Windows and *nix-based operating systems. Understanding of core Internet protocols (e.g. TCP, UDP, DNS, HTTP, TLS, IPsec) and the OSI model. Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.). Understanding of Cloud environments such as SaaS, PaaS and IaaS. Basic exploit development and validation skills. Proficiency in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.). Proficiency in network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.) Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET). Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments. Knowledge of networking fundamentals and common attacks. Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell.) Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C). Ability to analyze vulnerabilities and misconfigurations, appropriately characterize threats, and provide remediation recommendations. Qualifications High School diploma; Bachelors degree preferred. 3-5 years or more of penetration testing experience. Passionate about security and finding new ways to break into systems, as well as defend them. Strong analytical and problem solving skills, with the ability to think outside the box . Ability to work in a flexible environment where requirements and procedures continuously evolve. Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences.

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to: SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to: Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to: OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to: Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to: API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to: SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to: Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to: OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to: Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to: API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

Job Summary: The Cybersecurity Engineer focuses on vulnerability assessments and penetration testing (VAPT), identifying risks and developing strategies to secure critical systems. Key Responsibilities: Conduct penetration testing on IT infrastructure and applications. Identify and exploit vulnerabilities in systems and applications. Collaborate with development teams to remediate security issues. Experience on vulnerability assessments to identify and address system weaknesses and potential risks. Maintain up-to-date knowledge of emerging cybersecurity threats and tools. Qualifications: Bachelors degree in Computer Science, IT, or related field. 5+ years of experience in cybersecurity with a focus on VAPT. Certifications: OSCP, CEH, or equivalent. Experience with penetration testing tools such as Burp Suite and Metasploit Note – Immediate Joiners will be preferred.

As a Associate Information Security (VAPT), you will be part of our dynamic and growing cyber security team You will assist in conducting vulnerability assessments and penetration testing on various systems, networks, and applications This role is ideal for recent graduates or individuals looking to start their career in cyber security, offering hands-on experience and mentorship from experienced professionals, Key Responsibilities Conduct Vulnerability Assessments: Assist in identifying and evaluating vulnerabilities in systems, applications, and networks, Use various tools and techniques to scan and analyze security weaknesses, Penetration Testing: Assist in planning and executing penetration tests on web applications, networks, and other systems, Document and report security issues and vulnerabilities identified during testing, Security Analysis and Reporting: Help in analyzing assessment and testing results to identify potential security risks, Contribute to the creation of detailed reports with findings, risk analysis, and recommended corrective actions, Collaboration and Support: Work closely with senior analysts and team members to understand project requirements and objectives, Provide support in implementing security measures and solutions as needed, Learning and Development: Participate in training sessions, workshops, and certification programs to enhance technical skills, Stay updated with the latest security trends, tools, and best practices, Required Qualifications Educational Background: Bachelors degree in Computer Science, Information Technology, Cyber Security, or a related field, Technical Skills: Basic understanding of networking, operating systems, and web applications, 2 to 5 years of total experience, Familiarity with common security tools (e-g , Nmap, Wireshark, Metasploit, Burp Suite), Basic knowledge of programming/scripting languages (e-g , Python, Bash) Job Overview APPLY NOW Show more Show less

Job responsibility 4– 8 years of post-qualification experience with strong working knowledge on Manual Security code review. Roles and Responsibilities Technical Skills Required: Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Role Overview: As a Tech Lead specializing in Python & Web Data Solutions, you will play a crucial role in leading a team of developers to design, develop, and implement scalable data scraping solutions. Your expertise in advanced scraping techniques, reverse engineering, and automation will be vital in driving the team towards success. Key Responsibilities: - Design and develop scalable data scraping solutions using tools like Scrapy and Python libraries. - Lead and mentor a team of 5+ developers, managing project timelines and deliverables. - Implement advanced blocking and captcha-solving techniques to bypass scraping restrictions. - Conduct source code reverse engineering and automate web and app interactions. - Manage proxies, IP rotation, and SSL unpinning to ensure effective scraping. - Maintain and improve API integrations and data pipelines. - Ensure code quality through effective version control, error handling, and documentation. - Collaborate with cross-functional teams for project planning and execution. - Monitor performance and provide solutions under high-pressure environments. Qualifications Required: - Minimum 4 years of experience in the IT scraping industry. - Minimum 2 years of experience leading a team of 5+ developers. - Proficiency in tools such as Scrapy, Threading, requests, and web automation. - Technical expertise in advanced Python, captcha solving, blocking handling, source reverse engineering, proxy management, IP rotation, app automation, SSL Unpin, Frida, API Management, Version Control Systems, Error Handling, SQL, MongoDB, and Pandas. - Leadership skills including basic project management, moderate documentation, team handling, pressure management, flexibility, adaptability, and high accountability. Additional Details: The preferred (good to have) qualifications include experience with Linux and knowledge of tools like Appium, Fiddler, and Burp Suite.,

As a Security Operations Engineer at Commvault, you will play a key role in driving innovation in application security by integrating automated testing tools into CI/CD workflows. Your focus will be on building scalable solutions, collaborating with cross-functional teams, and enhancing security processes to support the global security program. **Key Responsibilities:** - Design, build, implement, and maintain scalable automation tools and pipelines for application security, including static (SAST), dynamic (DAST), and software composition analysis (SCA) scanning. - Collaborate with developers, security engineers, and DevOps teams to seamlessly integrate security automation into CI/CD workflows. - Identify opportunities for improving security tool coverage, efficiency, and performance. - Develop custom scripts, plugins, or APIs to extend the capabilities of security testing and remediation automation. - Monitor and analyze security automation tool results, generate actionable insights, and support incident response and remediation efforts. - Stay updated on the latest security automation trends, technologies, and best practices, advocating for continuous improvement in tooling and processes. - Provide mentorship and guidance to other engineers on secure coding and secure development lifecycle practices. **Qualifications Required:** - 8+ years of software engineering experience with a focus on security automation or application security. - Proficiency in programming languages such as Python, Ruby, Go, Java, or similar. - Strong understanding of application security principles, vulnerabilities (e.g., OWASP Top Ten), and remediation techniques. - Hands-on experience with security scanning tools such as SAST, DAST, and SCA. - Familiarity with CI/CD pipelines and infrastructure as code tools is a plus. - Solid understanding of software development lifecycle processes and seamless integration of security automation. - Excellent problem-solving skills and ability to work independently and as part of a team. **Preferred Skills:** - Experience with cloud-native security automation in AWS, Azure, or GCP environments. - Familiarity with container security and related security scanning solutions. - Knowledge of threat modeling and security risk assessments. Commvault is committed to an inclusive and accessible interviewing process. If you require accommodation due to a disability or special need, please contact accommodations@commvault.com. For general inquiries, please reach out to wwrecruitingteam@commvault.com.,

We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure youre set up for success, you will bring the following skillset & experience: 3+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

Work Experience 4– 8 yrs of post-qualification experience with strong working knowledge on Manual Security code review. Roles and Responsibilities Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred: GWAPT, CREST, OSCP, OSWE, OSWA work location-Bnagalore

Sr. Product Cybersecurity Verification Tester -Bangalore About the Role: Join a global electrical solutions leader, and help make our products more secure. In this role, you will: Conduct penetration testing of applications, networks, IoT & embedded products Perform vulnerability assessments, firmware analysis & compliance checks (ISA/IEC 62443 SDL) Work on Industrial Control Systems (ICS) cybersecurity Automate testing, document reports, and collaborate with product teams What Were Looking For: 5+ years in penetration testing / app security / embedded product security Hands-on with tools: Burp Suite, ZAP, Nessus, Rapid7, SAST/DAST, fuzzing Familiarity with Microsoft Threat Modelling & Jira Experience in IEC 62443 SDL, embedded/IoT product testing Strong collaboration, documentation & communication skills Location: Bangalore If you are passionate about cybersecurity testing and want to secure cutting-edge industrial & IoT products, apply now! Email : anagha.s@anlage.co.in /9167463379

We are seeking an experienced and highly skilled Penetration Tester with expertise in mobile application security, specifically for both Android and iOS platforms. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in mobile applications, networks, APIs, and other critical systems. Your primary responsibility will be performing thorough security assessments, including reverse engineering, malware analysis, and incident forensics, to ensure the security and resilience of mobile applications and systems. The ideal candidate should have hands-on experience with penetration testing tools, mobile application testing, and advanced exploitation techniques. You will also be expected to collaborate with various teams, including Red Teams, to develop strategic security initiatives and offer expert-level recommendations for security improvements. Key Responsibilities: Mobile Application Penetration Testing: Conduct in-depth security assessments of mobile applications for both Android and iOS platforms, identifying vulnerabilities and recommending remediation strategies. Red Team Activities: Participate in Red Team exercises to simulate real-world attacks, uncover hidden threats, and assess the effectiveness of security controls. Security Assessments: Perform penetration testing on applications, networks, mobile platforms, APIs, cloud environments, and critical systems to identify advanced threats and vulnerabilities. Custom Exploit Development: Develop custom exploit code and scripts to demonstrate potential security risks to stakeholders and stakeholders, providing hands-on demonstrations of vulnerabilities. Reverse Engineering & Malware Analysis: Use reverse engineering techniques and tools to analyze complex threats, malware, and incidents, providing detailed reports on findings. Collaboration with Leadership: Collaborate with executive leadership and senior management to develop and execute strategic security initiatives and roadmaps to mitigate security risks. Security Architecture Guidance: Provide expert-level guidance on secure coding practices, cryptography, architecture design principles, and implementation to mitigate risks effectively. Tool Development & Automation: Develop custom penetration testing tools and scripts to automate testing processes and enhance capabilities for thorough assessments. Incident Forensics: Lead efforts to analyze and investigate security incidents, determining the root causes and recommending improvements for better prevention. Required Skills and Qualifications: Mobile Pen Testing Expertise: Strong experience in mobile application penetration testing for both Android and iOS platforms. Penetration Testing Tools: Expertise in tools and frameworks such as Metasploit, Burp Suite, Nessus, NMAP, and custom/open-source tools. Red Teaming & Advanced Exploitation: Advanced proficiency in red teaming, black box testing, and using advanced exploitation techniques to identify vulnerabilities. Malware Analysis & Reverse Engineering: Experience in malware analysis and reverse engineering to assess complex threats and incidents. Cryptography & Secure Coding: In-depth knowledge of cryptography, secure coding practices, and secure architecture design principles. Custom Tools & Scripting: Hands-on experience in developing custom scripts and tools to automate testing processes and enhance the effectiveness of assessments. Penetration Testing Methodologies: Expertise in applying penetration testing methodologies, including both network and application-level security assessments. Certifications (Preferred): o OSCP (Offensive Security Certified Professional) o CRTP (Certified Red Team Professional) o eLearn Security Certified Professional Penetration Tester V2.0 o Any other relevant certifications are a plus. Required Experience: Overall Experience: 12+ years in penetration testing, security assessments, and threat analysis. Relevant Experience: 10 years of hands-on experience specifically in penetration testing for mobile applications (Android & iOS), network security, cloud environments, and APIs. Experience working in Red Team environments is a plus. Mandatory Key Skills android,design principles,black box testing,cryptography,mobile application security,security assessment,mobile penetration testing,ios framework,red,secure coding,testing methodologies,burp suite*,penetration testing*,nmap*,nessus*,metasploit*

Technical capability: We are seeking a talented and highly motivated Cybersecurity Engineer to join our Information Security team. The ideal candidate will possess strong communication skills, hold relevant security certifications, and have proven expertise in penetration testing and implementing robust cybersecurity solutions. This role involves protecting our organizations systems, networks, and data against evolving security threats while ensuring compliance with industry standards. Role & Responsibilities: Design, implement, and maintain security solutions to safeguard the organizations infrastructure, applications, and data. Perform comprehensive penetration testing of networks, applications, and systems to identify vulnerabilities and assess risk exposure. Monitor and analyze security events and incidents using Security Information and Event Management (SIEM) tools. Conduct vulnerability assessments and work with teams to remediate identified risks. Collaborate with cross-functional teams to integrate security best practices into system architecture and application development. Respond to security incidents, perform root cause analysis, and recommend corrective actions. Manage security tools and technologies. Support compliance initiatives, ensuring adherence to regulatory requirements like GDPR, HIPAA, or PCI-DSS. Provide security awareness training to employees to foster a strong culture of cybersecurity. Stay updated on emerging threats, vulnerabilities, and security technologies to ensure proactive protection measures. Preferences and qualifications: Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field (or equivalent experience). Proven experience in cybersecurity engineering or related roles, with a focus on penetration testing (PT). Strong verbal and written communication skills, with the ability to explain technical concepts to non-technical stakeholders. Relevant security certifications such as CISSP, CISM, CEH, OSCP, CompTIA Security+, or equivalent. Proficiency in penetration testing tools such as Metasploit, Burp Suite, Nessus, Kali Linux, or similar. Hands-on experience with security technologies, including firewalls, SIEM, IDS/IPS, endpoint protection, and DLP solutions. Knowledge of cloud security practices across platforms like AWS, Azure, or GCP. Familiarity with scripting or automation tools (e.g., Python, PowerShell) for improving security processes. Solid understanding of network protocols, system architecture, and security principles. Experience with incident response and forensic analysis. Familiarity with zero-trust architectures and advanced authentication methods.

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4 plus years of experience Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModellingAbility to conduct threat modelling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools. Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModellingAbility to conduct threat modelling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools. Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify.