188 Burp Suite Jobs

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders" cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell's underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell's mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats. In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Developer, Application Security. The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers" security journey with tried and true best practices. We are a Java, Python, and React shop combined with world-class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It's challenging and rewarding! If you are up for the challenge, come join us. You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities. Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure). Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk. Bachelor's degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python. Must have prior in-depth demonstrable experience developing in JAVA and Python; Basically you are developer first and a security engineer second. Applicants that do not have this experience will not be considered. Experience developing in, and securing, Javascript and React a plus. Experience securing integrations and code that utilizes Elasticsearch, Snowflake, Databricks, RDS a big plus. Detail-oriented with problem-solving, communication, and analytical skills. Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation. Excellent understanding and utilization of OWASP. Demonstrated ability to secure API; Techniques, patterns, will be assessed. Experience designing and implementing application security solutions for web and or mobile applications. Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects. Experienced in application penetration testing; and understanding of remediation techniques for common misconfigurations and vulnerabilities. Demonstrable experience in understanding patching and library upgrade paths including interdependencies. Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus. Capability to deploy, provide maintenance for, and operationalize scanning solutions. Hands-on ability to conduct scans across application repositories and infrastructure. Must be willing to work extended hours and weekends as needed. Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts. Preferred Qualifications: You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE. Proficient with penetration testing tools such Burp suite, Metasploit or ZAP. You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better. As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation. Capability to develop operational process from scratch or improve current processes and procedures through well-thought-out hand-offs, integrations, and automation. Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications. Understanding of modern endpoint security technologies/concepts. Adept at working with distributed team members. What Cowbell brings to the table: Employee equity plan for all and wealth enablement plan for select customer-facing roles. Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours, and much more. Professional development and the opportunity to learn the ins and outs of cyber insurance, cybersecurity as well as continuing to build your professional skills in a team environment. Equal Employment Opportunity: Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE Transparency, Resiliency, Urgency, and Empowerment, we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk. At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards. We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.,

The role will involve the following responsibilities: - Performing Web Application Security Testing - Conducting Mobile Application Security Testing - Scanning Networks for Security Vulnerabilities - Coordinating with clients for Project-related queries - Participating in meetings with client teams to discuss security issues and recommendations - Generating detailed security reports - Monitoring project progress and providing regular updates - Researching Open Source security tools and new security topics - Developing a Security Knowledge base for the team The ideal candidate should possess a strong understanding of application security concepts, including mitigation techniques in the following areas: - Web Application Security (OWASP Top 10) - Mobile Application Security (Mobile OWASP Top 10) - Threat Modelling - Risk Rating Frameworks - Web Traffic Interception (for Web/Mobile apps) - SSL - Network Concepts - Web Development Basics (HTTP/HTML/JavaScript) - Basic Mobile Application Concepts (either Android or iOS) Skills required for this role include proficiency in: - Web application security - Mobile security - Nessus - Burp Suite - OWASP - Reporting and Presentation Skills,

As a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients" systems and networks. This position offers an exciting opportunity to work on challenging projects, collaborate with talented professionals, and contribute to the advancement of cybersecurity practices. You will perform end-to-end Vulnerability Assessment and Penetration Testing (VAPT) for clients" IT infrastructure, applications, and networks. Conduct thorough security assessments using industry-standard tools and methodologies, including but not limited to, Nmap, Nessus, Metasploit, Burp Suite, and OWASP. Identify and exploit security vulnerabilities to assess the potential impact on clients" systems and data. Prepare detailed assessment reports outlining findings, risk levels, and recommended remediation measures. Collaborate with clients" IT teams to prioritize and address identified security issues in a timely manner. Develop and implement custom scripts or tools to enhance testing capabilities and automate repetitive tasks. Stay abreast of emerging security threats, vulnerabilities, and industry best practices to continually improve testing methodologies. Provide guidance and mentorship to junior security engineers, fostering a culture of knowledge sharing and skill development within the team. Requirements: - Bachelor's degree in Computer Science, Information Technology, or related field. - 2+ years of experience in cybersecurity, with a focus on Vulnerability Assessment and Penetration Testing. - Proficiency in using tools such as Nmap, Nessus, Metasploit, Burp Suite, and OWASP. - Hands-on experience with various operating systems, including Windows, Linux, and Unix. - Strong understanding of network protocols, web application architecture, and common security vulnerabilities. - Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar certifications preferred. - Excellent analytical skills and attention to detail, with the ability to prioritize and manage multiple tasks effectively. - Effective communication skills, both verbal and written, with the ability to convey technical concepts to non-technical stakeholders. - Proven track record of delivering high-quality security assessments and actionable recommendations.,

As a Cybersecurity Penetration Tester at our organization in Hyderabad, you will play a key role in supporting our security initiatives on an On-Demand or Hourly Basis. Your primary responsibility will be to conduct penetration testing on web applications, networks, and infrastructure to identify security vulnerabilities. Utilizing tools like Metasploit, Burp Suite, and other industry-standard tools, you will assess and improve our systems" security posture. Your findings will be documented, and security risks will be reported with clear remediation strategies to ensure effective resolution. Collaboration with internal teams is essential to address identified vulnerabilities efficiently. You will also be required to perform security audits and provide actionable insights to enhance security controls across the organization. Proficiency in utilizing Wiz, a Vulnerability Management Tool, for identifying and managing security risks will be preferred. To excel in this role, you should have proven experience as a Penetration Tester or Security Analyst with a strong background in vulnerability assessment. Proficiency in penetration testing tools such as Metasploit, Burp Suite, and knowledge of Wiz or similar vulnerability management tools will be beneficial. A solid understanding of network security, application security, and system hardening is required. Excellent analytical, problem-solving, and communication skills are essential for effective collaboration with internal teams. Your ability to work independently and deliver high-quality results within deadlines will be crucial for success in this role.,

Knowledge of scripting languages (Perl, Python, HTML, Java, Shell). Hands-on experience in dynamic analysis, container testing, fuzzing, OWASP top 10 and vulnerability scanning if have any certificate ( CEH, ethical hacking

As an Application Security professional, you will play a crucial role in safeguarding the solutions by analyzing their design and identifying potential security threats. Your expertise in threat modeling methodologies such as STRIDE and DREAD will enable you to recommend appropriate mitigations for the identified threats. Furthermore, you will be responsible for providing Secure Software Development Lifecycle (SDL) Training, where you will communicate security concepts effectively to developers and deliver engaging training sessions. Your proficiency in manual code review techniques and familiarity with automated code analysis tools like SAST and SCA will be essential in identifying vulnerabilities and interpreting code review results. In addition, your hands-on experience with security testing tools like Burp Suite and knowledge of security testing methodologies will help you identify and exploit common web application vulnerabilities. You will also be involved in vulnerability scanning and analysis using tools such as Nessus and Qualys, where your ability to analyze scan results, filter out false positives, and prioritize remediation actions will be critical. Your technology-specific knowledge of Microsoft .NET technologies, Identity protocols like OpenID Connect and OAuth 2.0, and cloud technologies, particularly Microsoft Azure, will be beneficial in addressing security implications. A deep understanding of web security fundamentals, including HTTP, HTML, JavaScript, and databases, along with knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and web security mitigations and best practices, will be required in this role. Additionally, your basic penetration testing skills, understanding of penetration testing methodologies and tools, and ability to report findings and recommend remediation actions will be valuable assets. To excel in this role, you should stay up-to-date with the latest security trends, vulnerabilities, and mitigation strategies. Active participation in the security community to maintain current knowledge will be essential to ensure the security posture of applications remains robust. Your skills in threat modeling, penetration testing, code review, Burp Suite, OWASP, and Nessus will be instrumental in fulfilling the responsibilities of this role effectively.,

At BMC, trust is not just a word - it's a way of life! We are an award-winning, equal opportunity, culturally diverse, and fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, as we believe that you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud! BMC Software is currently seeking a motivated and skilled individual to join the Product Security Group in a senior technical position. The successful candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, and penetration testing. As a penetration tester, you will play a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. **Roles And Responsibilities:** - Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. - Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. - Provide expert guidance on application security best practices. - Research and develop new penetration testing methodologies, tools, and techniques. **Qualifications & Skills:** - 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. - Penetration testing experience is essential; prior participation in bug bounty programs is a plus. - Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). - Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. - Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. - Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. - Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. - Ability to think creatively and analytically to identify and exploit vulnerabilities. - Strong problem-solving skills when encountering unexpected challenges during testing. - Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. - Meticulous attention to detail in documenting findings and creating reports. - Effective time management skills to meet project deadlines and testing schedules. - High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. **Preferred Skills:** - Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). - Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks. BMC's culture is built around its people. With over 6000 brilliant minds working together across the globe, you won't be known just by your employee number, but for your true authentic self. If you are unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply! We want to attract talents from diverse backgrounds and experiences to ensure we face the world together with the best ideas.,

Cyber security instructor, SOC operations, Bug bounty operations, Network Security, Python Scripting, Security Consulting, Training Delivery, Student Mentorship, Assessment and Evaluation

Min 4–7-year experience performing security testing on Industrial control system components like PLC’s, SCADA, IIOT devices etc. Proven experience in conducting penetration tests, vulnerability assessments, and security audits across diverse environments. Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP etc. Strong knowledge of common security vulnerabilities, attack vectors, threat modelling and exploitation techniques. Proficiency in using penetration testing tools and frameworks such as Nessus, Burp Suite, Nmap, and other ethical hacking tools. Understanding of component/system architectures in OT environments. Understanding and evaluation of security testing methods. Knowledge of typical industrial protocols (e.g., Modbus, Profinet, OPC, DNP3.0, CAN) Excellent communication skills, with the ability to clearly articulate technical findings and recommendations to both technical and non-technical audiences Roles and Responsibilities Handle the training delivery for IEC 62443 topics and OT security Handle the OT security project delivery and AUdits

The Role Description: Designated position will be a part of India Managed Security Services Organization. The individual will be required to lead AppSec and Vulnerability Management business function and will be responsible for conducting security assessment, Penetration testing of IT/Cloud and OT infrastructure, application security assessment of hosted applications and DevSecOps support for new applications throughout their lifecycle to identify potential vulnerabilities, suggest mitigation strategies, and support the customers/ partners in implementing these strategies. This included project management, service delivery and quality assurance, customer management, relationship with vendors & technology partners. Key General Responsibilities: Lead and drive the AppSec & Vulnerability management function and service delivery by new projects acquisition, project delivery through execution & operations support Strong leadership skills with the ability to lead department and manage functional teams Build and grow the competency through hiring and developing the current team Provide strong technical leadership to the delivery team, partners and customers Results-oriented and ability to think big can work backward from customers needs Project Management, Service Management, Customer handling, Quality assurance Highly effective communicator and demonstrated ability to work cross-functionally, with a track record of delivering results and demonstrating strong ownership People management and accountable for hiring, talent development, performance management, succession planning, coaching to direct reports, and engagement for the teams Excellent communication and interpersonal skills, with the ability to influence and engage stakeholders at all levels within the organization and with customers, partners/vendors Support sales strategy to meet agreed business revenue through pre-sales & appropriate solutions Identify and grow new opportunities with existing customer and ensure customer satisfaction and retention Key Technical Responsibilities: As Technical leader, drive future strategy around Threat intelligence, security architecture reviews, vulnerability management, security configuration, DevSecOps and application security Perform manual/automation internal and external vulnerability assessments in IT/Cloud and OT Perform security control assessment and vulnerability assessments in OT environment Perform Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) to identify vulnerabilities in software applications Conduct Vulnerability Assessment and Penetration Testing (VAPT) in Web, Android and API Perform Gray Box and/or Penetration testing on WEB, API and Mobile Device (Android) Complete project work with quality and within deadlines as required, complete the analysis and draw comprehensive conclusions, making appropriate recommendations and mitigation plan Communicate technical impact and business risk to a non-technical audience after the project Provide expert advice on the selection and implementation of appropriate Security Assessment / Testing software and tools Implement and manage DevSecOps by utilizing Software Assurance Maturity Model (SAMM) to evaluate and improve the security of software development processes Follow security standards and frameworks, and implement best practices methodologies Work closely with product development teams to ensure secure coding practices are followed Educate customers, technical team, application developers about Emerging threat and vulnerability, application security to raise awareness and build a Security Champion program General Experience Requirement for the role: Having 8+ years of experience in the leading and managing Threat & Vulnerability competency, projects and customer engagements Having 6-8 years of core hands-on experience in fields of cyber-Security, security standards, best practices, vulnerability assessments, web application testing, network and mobile application assessment, and penetration testing 1-2 years of experience in enterprise security management, security products/solution integration/security operations, with good understanding of Network and system security concepts and standards, security best practices Experience building and leading and managing security teams with experience in Cyber security practices, AppSec, threat intelligence, vulnerability management, penetration testing, infrastructure security assessment Excellent Project Management, Service Management and customer handling skills Possess excellent written, presentation and verbal communication skills necessary for team coordination, helping partners, and service discussions along with organizational skills Good analytical skills with an ability to think outside the box to solve highly technical problems Ability to work effectively with clients, management, staff members, vendors, and consultants Good interpersonal skills to interact and collaborate with senior management stakeholders such as IT, Network and Security and CIO/ CTO/ business leadership teams Ability to work calmly with patience in high pressure situations in a dynamic environment Education and Certification preferred for the role: BTech/B.E. in CSE/IT/CSA/ECE MCA/ MTech/MS in CSE/IT/CSA/Electronics Any of the security certifications such as CEH, CHFI, ECSA, OSCP, GPEN, CISSP/CISM/CISA Technical Skills that are Key to this role: Strong background in Network/Infrastructure Vulnerability Assessment and Penetration Testing Good understanding of security vulnerabilities, OWASP Top 10 vulnerabilities, Enterprise security architecture, standards, relevant best practices and frameworks Extensive expertise in Web, API, Android Mobile Apps, and AWS/Azure Cloud Security, Experience with software penetration testing, architectural risk assessment, threat modeling, static code analysis and secure code review on WEB, API and Android mobile applications Web Application Penetration Testing: Strong experience in assessing web applications for security vulnerabilities using tools such as Burp Suite, OWASP ZAP, or similar. Mobile Application Penetration Testing: Proficiency in evaluating the security of mobile applications on Android platforms, including reverse engineering and code analysis. Cloud Security: In-depth knowledge of cloud security best practices, including experience with AWS/ Azure Cloud Platform, and the ability to configure security controls and monitor for cloud-based threats, with experience in AWS/Azure cloud security assessments. API Security: Expertise in assessing the security of APIs, including authentication, authorization, and data protection. Web Application and Mobile Apps security assessment in accordance with the OWASP standards. Vulnerability Assessment includes analysis of bugs in various applications on various domains by using both manual and Automation tools. Familiarity with security in DevOps and continuous integration/continuous deployment (CI/CD) pipelines. Experience of working on Windows and Linux with Good understanding of operating system internals (Windows, Linux and Mobile OS (Android) and app development (especially mobile) Should be familiar with common compliance requirements like GDPR, PCI-DSS, ISO 27001 Experience with mobile Open Web Application Security Project (OWASP) standards and testing checklist. Should be able to configure automated scanners (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scans. Assessment of scanner results and intelligently identifying false positives from the scan results. Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities.Hands-on experience with popular security tools NMAP, Nessus, Burp Suite, Nessus, Netsparker, Metasploit, OWASP ZAP. Familiar with Agile process and development tools (Jira, Confluence, Bitbucket, Git, Maven, Jenkins, etc

You are looking for an experienced Java Team Lead who can demonstrate strong technical expertise and leadership skills. In this role, you will be responsible for overseeing the design, development, and deployment of Java-based applications while providing guidance and mentorship to a growing development team. With a minimum of 5 years of overall experience in Java development, including at least 2 years in a leadership role, you will be instrumental in leading the team towards successful project outcomes. Your primary responsibilities will include leading the design and implementation of Java applications, reviewing and testing code to maintain quality and performance standards, and ensuring adherence to SDLC processes and timelines in collaboration with other teams. As a Java Team Lead, you will also be tasked with providing technical mentorship to junior developers, assigning tasks effectively, and ensuring that the application's security measures comply with OWASP guidelines and industry best practices. Proficiency in Spring MVC, Spring Boot, Spring Security, JPA, Hibernate, HTML/JSP/React, and Eclipse is essential for this role, along with a strong background in SQL Server or Oracle databases. Your expertise should extend to identifying and addressing OWASP vulnerabilities, familiarity with DAST and SAST tools, and experience with security tools like Burp Suite, OWASP ZAP, and SonarQube. Additionally, knowledge of microservices architectures and cloud services (AWS, Azure, or GCP) will be advantageous in fulfilling the requirements of this position. To qualify for this role, you should hold a Bachelor's or Master's degree in Computer Science, Engineering, or a related field. If you are ready to take on this challenging yet rewarding opportunity, we look forward to considering your application.,

You will be joining BMC, where trust is not just a word but a way of life. As an award-winning, equal opportunity, and culturally diverse organization, we are dedicated to making a positive impact on the community every day. At BMC, we prioritize work-life balance, allowing you to excel in your role while maintaining your personal priorities. Your achievements will be celebrated, and you will be supported by a team that inspires, motivates, and uplifts you. The IZOT product line at BMC focuses on Intelligent Z Optimization & Transformation products, assisting major companies in monitoring and managing their mainframe systems. We are committed to modernizing mainframe systems by enhancing developer experience, mainframe integration, application development speed, code quality, and application security. Through continuous innovation and growth, we strive to provide cutting-edge solutions to our clients. We are currently seeking a skilled Manager - Product Security to lead a team of penetration testers supporting BMC's IZOT product line. In this role, you will oversee offensive security assessments for mainframe-based solutions and modern application ecosystems. Your responsibilities will include managing security testing, red teaming, vulnerability analysis, and secure architecture reviews. You will play a crucial role in setting strategic goals, driving security initiatives, and promoting secure-by-design practices throughout product development. To excel in this position, you should possess the following qualifications and experience: - Bachelor's or master's degree in computer science, Information Security, or a related field. - 8+ years of experience in cybersecurity roles, with at least 3 years in a technical leadership or management capacity. - Proven track record in leading or conducting penetration testing on mainframe and modern platforms. - Hands-on experience in performing red team-style assessments or advanced threat emulation on mainframe and modern systems. - Proficiency in tools such as REXX, ISPF, JCL, Nmap, Burp Suite, Wireshark, and scripting languages like Python, REXX, Bash. - Ability to deliver technical and executive-level security reports and communicate effectively with cross-functional teams. - Familiarity with hybrid environments, modern enterprise integration methods, and board-level reporting. At BMC, we value our employees and foster a culture where each individual is recognized for their unique contributions. If you are passionate about joining our team and feel aligned with our values, we encourage you to apply, even if you have taken a career break. We believe in diversity and inclusion, and we welcome talented individuals from all backgrounds. Please note that the salary provided is just one aspect of BMC's comprehensive compensation package, which may include additional benefits based on your location and performance. We are committed to fair and transparent compensation practices to ensure our employees are valued and rewarded appropriately.,

As an IT Security Senior Analyst, you will be responsible for performing penetration testing (PT), SAST, and articulating findings in an easily comprehensible manner to asset owners. Collaborative skills are essential for this role. Your key responsibilities will include building a Secure Development Lifecycle (SDLC) by embedding SAST, SCA, DAST, and penetration testing into the development pipeline. You will conduct penetration testing of various component types such as web applications, APIs, mobile applications (iOS + Android), and infrastructure (server + network). Additionally, you will run SAST & DAST scans, analyze tool results, provide remediation support, and review open-source components. It will be your responsibility to assess, report, and close identified vulnerabilities and validate issues as part of the responsible disclosure program. You will be required to provide status reports to the PT Service owner and other stakeholders related to key metrics, risk indicators, trending, and compliance. Furthermore, you will analyze security assessment results and threat feeds to appropriately react to security weaknesses or vulnerabilities. Supporting the Automation of Vulnerability Management program to achieve efficiency and effectiveness, as well as configuring and maintaining regular and ad-hoc vulnerability scans using SAST & DAST tools against internal and external applications are also part of your role. To be successful in this position, you should have a minimum of 1.5 years of experience in performing penetration testing of web applications, APIs, mobile applications (iOS + Android), and infrastructure (server + network). Experience working with SAST & DAST programs, developing and communicating SDLC processes, and performing manual source code reviews is required. Proficiency in using tools like Burp Suite and exposure to platforms such as Veracode, Acunetix, Kali Linux, and Android Studio (AVD) are preferred. A good understanding of Windows, Linux, Active Directory, and networking protocols is also necessary.,

As a Staff Application Security Engineer at Zscaler, you will be an integral part of the Product Security team. You will report to the Director of Vulnerability Management and play a vital role in conducting comprehensive static and dynamic analysis of applications to detect and address security vulnerabilities at an early stage of the development process. Your responsibilities will include implementing Software Composition Analysis (SCA) tools to manage open-source components, ensuring their security and up-to-date status. Additionally, you will be responsible for assessing and securing containerized environments and Infrastructure as Code (IAC) deployments, emphasizing the adherence to security best practices to safeguard the infrastructure against potential threats. To be successful in this role, you should possess expertise in DevSecOps, with a minimum of 4 years of hands-on experience in deploying and managing security protocols such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), or Infrastructure as Code (IaC). Proficiency in application security tools like Snyk, Semgrep, Coverity, and knowledge of dependency management tools is essential. You should have a strong understanding of secure coding practices, vulnerability management, remediation techniques, and expertise in source control and CI pipelines. Preferred qualifications include experience as a software developer or in a DevSecOps position, proficiency in programming languages like Java, Python, JavaScript, C/C++, and Golang. Extensive experience in Cloud Security is desirable, with the ability to secure cloud environments in AWS, Azure, and Google Cloud, along with knowledge of cloud-native security tools and methodologies. Joining Zscaler means becoming part of a diverse and inclusive team that values collaboration and belonging. Our comprehensive Benefits program supports employees and their families at various life stages, offering health plans, vacation and sick time off, parental leave options, retirement plans, education reimbursement, in-office perks, and more. By applying for this role, you agree to comply with applicable laws, regulations, and Zscaler policies related to security, privacy standards, and guidelines. Zscaler is committed to providing reasonable support and accommodations in recruiting processes for candidates with different abilities, long-term conditions, mental health conditions, religious beliefs, neurodiversity, or pregnancy-related support.,

Job Title: Application Security Expert - Red Team / Ethical Hacker Department: Information Security / Cybersecurity Reports To: Group CISO Job Summary: The Application Security Expert - Red Team / Ethical Hacker is a critical role responsible for proactively identifying and exploiting security vulnerabilities in our software applications throughout the entire Software Development Life Cycle (SDLC). Operating as a key member of the in-house Red Team, this role will focus on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to strengthen our overall security posture. Responsibilities: Red Teaming & Attack Simulation: Plan and execute realistic attack simulations against our web, mobile, and desktop applications to identify weaknesses and bypass security controls. Develop and utilize custom exploits, tools, and techniques to mimic the tactics, techniques, and procedures (TTPs) of advanced threat actors. Conduct social engineering campaigns to assess employee awareness and identify potential vulnerabilities. Advanced Penetration Testing: Perform in-depth penetration tests of applications, networks, and systems, using both automated tools and manual techniques. Identify and exploit complex vulnerabilities, including those related to application logic, authentication, authorization, and data handling. Develop detailed penetration test reports with clear and actionable recommendations for remediation. Secure Code Review (Offensive Perspective): Conduct code reviews from an offensive perspective, identifying potential vulnerabilities that could be exploited by attackers. Provide developers with guidance on secure coding practices and vulnerability remediation techniques. Develop and maintain secure coding guidelines and checklists. Vulnerability Research & Exploit Development: Stay up-to-date on the latest security threats, vulnerabilities, and exploit techniques. Conduct vulnerability research to identify new and emerging threats. Develop custom exploits and tools to test and demonstrate the impact of vulnerabilities. SDLC Integration & Security Advocacy: Collaborate with development teams to integrate security testing and red teaming activities into the SDLC. Participate in design reviews and provide security guidance on application architecture and design. Promote a security-conscious culture within the development organization. Vulnerability Management (Validation & Verification): Validate and verify the effectiveness of vulnerability remediation efforts. Retest remediated vulnerabilities to ensure they have been properly addressed. Security Tooling & Automation (Offensive Tools): Evaluate, recommend, and customize offensive security tools and technologies. Automate red teaming and penetration testing processes to improve efficiency and coverage. Required Skills and Qualifications: Education: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Experience: 8+ years of experience in application security, penetration testing, red teaming, or a related field. Demonstrable experience conducting advanced penetration tests and red team engagements. Strong understanding of web application vulnerabilities (e.g., OWASP Top 10, SANS Top 25). Experience with various penetration testing tools and frameworks (e.g., Metasploit, Burp Suite, Kali Linux). Experience with exploit development and reverse engineering. Technical Skills: Expert proficiency in one or more programming languages (e.g., Python, Java, C, C++). Strong understanding of web application architectures and technologies. Deep understanding of network protocols and security concepts. Familiarity with cloud security principles and practices (e.g., AWS, Azure, GCP). Understanding of authentication and authorization mechanisms. Certifications (Required/Preferred): Offensive Security Certified Professional (OSCP) - Required Certified Ethical Hacker (CEH) - Preferred GIAC Web Application Penetration Tester (GWAPT) - Preferred Offensive Security Certified Expert (OSCE) - Highly Preferred Offensive Security Web Expert (OSWE) - Highly Preferred

Job Responsibilities • Support asset development, process establishment. • Conducting application security assessments (web, mobile, web service, Infra etc.). These assessments involve manual testing andanalysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and/or code review tools such as HCL AppScan/HP Fortify or CMx. We expect candidate to have experience doing similar assessments, candidate can be trained on any proprietary assessment methodology. • Reporting/Dashboarding/Retesting and participation in conference calls with clients to review assessment results and consult with the clients on remediation options. • Participating/Driving conference calls with potential clients to scope out newly requested security projects and estimate effort and resource requirement to complete the project etc. Skills Required Mandatory: • 7+ years of strong Application Security experience in S-SDLC Threat Modeling, Code Review, Vulnerability Assessment, Penetration Testing. Web Service/API security testing, Firmware Assessment. • Expert in Application Security process establishment. • Through exposure on DevSecOps implementation/integration. • Deep hands on experience into Mobile application Security Android/iOS - reverse engineering/memory analysis etc. • Security tool experience - • HCL AppScan/CheckMarx/Veracode/Fortify /BurpSuite/Nmap/Nessus/Metasploit • Good exposure on penetration testing. Good to have one of the given certifications - OSCP/GPEN/GWAPT/CSSLP etc. • Independent global client handling AppSec delivery exposure. >=2years. • Moderate exposure on AppSec technical solutioning, estimation and RFP/RFI response, Client presentation. • Excellent interpersonal skill.

Hiring Application Security Exp: 5+ Years Notice Period : Preferring Immediate Joiners - 30 Days(If Serving and have LWD Confirmation) - Candidate who are in bench or not serving notice period dont apply Location: Marathahalli-Bangalore Mode Of Work : Hybrid Mandatory Skills Required : Application Security,Penetration Testing,SAST,DAST,IT Risk Assesment, Hands-on experience in penetration testing and tools like Apisan, WebInspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity CEH/SSCP/OSCP certified. Mode of interview - 1st technical virtual & 2nd technical face to face in Marathahalli - Bangalore location - If you're available for face to face discussions on weekdays - Apply for this role. Interested candidates share your updated resume to suvetha.b@twsol.com

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems . If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Additional Responsibilities: Job Opening is for multiple locations- Bangalore, Hyderabad, Trivandrum, Chennai, Pune Technical and Professional Requirements: Security testing with 3-10 years exp - SAST/DAST/API, Network, Mobile Security/DevSecops/Cloud Security/Threat Modelling/Vulnerability Management/Logging & Audit/GRC/Security Operations/IAMSkills Required - Security Testing--Primary skills:Application Security,Application Security-Burpsuite,Application Security-Devsecops,Application Security-Ethical Hacking(CEH),Application Security-Nessus,Application Security-SSL(Secure Sockets Layer),Application Security-Threat Modeling,Application Security-Vulnerability Assessment/Penetration Testing,Application Security-Vulnerability Management,Application Security-Web Security,Application Security-Webservices Security,Security testing-Vulnerability testing,Technology-Application Security-Vulnerability Management-Qualys,Mobile Testing-Mobile Security Testing Preferred Skills: Technology-Application Security-Application Risk Profiling Threat Modeling Technology-Application Security-Ethical Hacking Technology-Application Security-Mobile Application Security Technology-Application Security-Penetration Testing (Black/White/Grey Box Testing) Technology-Application Security-Vulnerability Management Technology-Mobile Testing-Mobile Security Testing Technology-Security Testing-Security Testing - ALL Technology-Infrastructure Security-Secure Web Gateway-TrendMicro Interscan web security Virtual appliance

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology-Security Testing-Security Testing - ALL

Support asset development, process establishment. Conducting application security assessments (web, mobile, web service, Infra etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and/or code review tools such as HCL AppScan/HP Fortify or CMx. We expect candidate to have experience doing similar assessments, candidate can be trained on any proprietary assessment methodology. Mandatory: 5+ years of strong Application Security experience in S-SDLC Code Review, Vulnerability Assessment, Penetration Testing. Web Service/API security testing Hands on experience into Mobile application Security Android/iOS - reverse engineering/memory analysis etc. Security tool experience - HCLAppScan/CheckMarx/Fortify/Veracode/Burp Suite Good exposure on penetration testing. Good to have one of the given certifications - OSCP/GPEN/GWAPT/CSSLP etc. Independent global client handling AppSec delivery exposure. >=2 years. Excellent interpersonal skill.

Apply on company website- https://zrec.in/hIRJh?source=CareerSite

Urgent Hiring ... Information Security Analyst Chennai 5-8 yrs Immediate to 30 days Skills- VAPT, Application Security, Vulnerability assessment, penetration Testing, web application testing, Mobile Testing, API Testing, Kali Linux, Burp suite.

JTSi Technologies India is looking for Application Security Engineer to join our dynamic team and embark on a rewarding career journey Analyzing customer needs to determine appropriate solutions for complex technical issues Creating technical diagrams, flowcharts, formulas, and other written documentation to support projects Providing guidance to junior engineers on projects within their areas of expertise Conducting research on new technologies and products in order to recommend improvements to current processes Developing designs for new products or systems based on customer specifications Researching existing technologies to determine how they could be applied in new ways to solve problems Reviewing existing products or concepts to ensure compliance with industry standards, regulations, and company policies Preparing proposals for new projects, identifying potential problems, and proposing solutions Estimating costs and scheduling requirements for projects and evaluating results

Job Description Role Summary: The candidate will be responsible for: 1) Implement best testing and DevOps practices. 2) Application assessment (manual and automation) and further evolution on continuous basis, 3) Develop the new test automation libraries for application testing and security assessment. 4) Collaborate with the teams 5) Perform code reviews on regular basis 6) Assist team in development of any testing tool for application and its security testing on need basis 7) Collaborate with the team/Project Manager and Business Analyst to develop effective strategies for testing framework, plans and necessary roadmap. 8) Post application security testing a remediation support, review open source components 9) Reviewing application code against the secure coding baseline and practices including top rated OWASP global issues. 10) Executing test cases (manual or automated) and analyze results 11) Create logs to document testing phases and defects, reporting and tracking till closure of reported issues. 12) Report bugs and errors to development teams including conduct regression testing to sign-off deliverables 13) Conduct post-release/ post-implementation testing including test plan for every version change with impact & risk assessment 14) Work with cross-functional teams to ensure quality throughout the software development lifecycle 15) Need to mentor team about preparation of test cases as required and have good understanding of test life cycle 16) Participate in various application security assessments, build and improve application security framework, and coordinate with IV&V agencies. Identify, classify and find remedy for security non-compliances. Additional Information Responsibilities: • Leading the team in designing QA test procedures. • Implementing testing procedures and overseeing the QA process. • Troubleshooting quality issues and modifying test procedures. • Conducting analysis checks on product specifications. • Ensuring the successful deployment of the packages into the respective environments • Designing test plans, scenarios, scripts, and procedures. • Executing tests • Analyzing test results and reporting to the development team • Creating an automation test plan and Identifying/selecting the automation test cases • Configuring Test automation tools • Hands on knowledge of Selenium Environment Setup with an Integrated Development Environment (IDE), Burp Suite or security tools • Automating the design of a framework and implementing it as per the structure of the project • Creating, enhancing, debugging, and running the test cases • Collating and monitoring the defect management process • Managing the changes and executing regression tests Requirements Education: BE./ B.Tech/M.C.A/M.Sc (Computer Science/IT) Experience: 1) Candidate should have 8-10 years with minimum 5 years of experience in application testing, application security testing or security architecture - Mandatory 2) Proven experience as a Software Quality Assurance Tester or similar role - Mandatory 3) Familiarity with Agile frameworks and regression testing is a plus - Added advantage 4) Ability to document and troubleshoot errors 5) Knowledge in Payments Systems - Added advantage 6) Knowledge in Banking domain - Added advantage 7) Excellent communication skills with Analytical mind and problem-solving aptitude 8) Good communication skills, email etiquettes, with ability to work in all shifts (24/7) Certification: Mandatory: Advanced Application/ Security Testing Certification from any reputed institute Optional Certifications: Certified Software Quality Analyst (CSQA) / CMSQ (Certified Manager of Software Quality), CAST (Certified Associate in Software Testing) ISTQB Foundation Level Certification (CTFL) ISTQB Advanced Level Test Automation Engineer ISTQB Agile Testing Knowledge: Good understanding of the SDLC and STLC Experience in Manual & Automation Testing Understanding of Payment System business, and Scope of security testing within various applications Good knowledge in Testing and Security tools like Burp Suite Good knowledge in Session Management, Authentication, Authorization, Access control, Input Validation, Business logic security testing, Webservices/API security testing Extensive knowledge of OWASP top 10 vulnerabilities Self-driven and ability to work independently with minimal supervision Knowledge of various types of security vulnerabilities Working knowledge in Agile environment Strong written and verbal communication Technical Skills: Web technologies such as HTML, httpd, Javascript, AJAX, JSON, XML, and DOM API, any IDE, Restful services, Opensource technologies

Job Description Role Summary: The candidate will be responsible for: 1) Implement best testing and DevOps practices. 2) Application assessment(manual and automation) and further evolution on continuous basis, 3) Design/Architect test automation framework and develop the new test automation libraries for application testing and security assessment. 4) Collaborate with the teams to discuss, analyze requirements and put low level design 5) Perform code reviews on regular basis 6) Assist team in development of any testing tool for application and its security testing on need basis 7) Collaborate with the team/Project Manager/Scrum Master and Business Analyst to develop effective strategies for testing framework, plans and necessary roadmap. 8) Post application security testing a remediation support, review open source components 9) Reviewing application code against the secure coding baseline and practices including top rated OWASP global issues. 10) Executing test cases (manual or automated) and analyze results 11) Create logs to document testing phases and defects, reporting and tracking till closure of reported issues. 12) Report bugs and errors to development teams including conduct regression testing to sign-off deliverables 13) Conduct post-release/ post-implementation testing including test plan for every version change with impact & risk assessment 14) Work with cross-functional teams to ensure quality throughout the software development lifecycle 15) Need to mentor team about preparation of test cases as required and have good understanding of test life cycle 16) Participate in various application security assessments, build and improve application security framework, and coordinate with IV&V agencies. Identify, classify and find remedy for security non-compliances. Additional Information Responsibilities: Leading the team in designing QA test procedures. Implementing testing procedures and overseeing the QA process. Troubleshooting quality issues and modifying test procedures. Conducting analysis checks on product specifications. Reviewing Quality Assurance reports. Ensuring the successful deployment of the packages into the respective environments Designing test plans, scenarios, scripts, and procedures. Executing tests Analyzing test results and reporting to the development team Creating an automation test plan and Identifying/selecting the automation test cases Configuring Test automation tools Hands on knowledge of Selenium Environment Setup with an Integrated Development Environment (IDE), Burp Suite or security tools Automating the design of a framework and implementing it as per the structure of the project Creating, enhancing, debugging, and running the test cases Collating and monitoring the defect management process Managing the changes and executing regression tests Coming up with exact solutions for problems related to object identity and error handling Requirements Education: BE./ B.Tech/M.C.A/M.Sc (Computer Science/IT) Experience: 1) Candidate should have minimum 10+ years of experience in application testing, security testing or Security Architecture - Mandatory 2) Proven experience as a Software Quality Assurance Tester or similar role - Mandatory 3) Familiarity with Agile frameworks and regression testing is a plus - Added advantage 4) Ability to document and troubleshoot errors 5) Knowledge in Payments Systems - Added advantage 6) Knowledge in Banking domain - Added advantage 7) Excellent communication skills with Analytical mind and problem-solving aptitude 8) Good communication skills, email etiquettes, with ability to work in all shifts (24/7) Certification: Mandatory: Advanced Application/ Security Testing Certification from any reputed institute Optional Certifications: Certified Software Quality Analyst (CSQA) / CMSQ (Certified Manager of Software Quality), CAST (Certified Associate in Software Testing) ISTQB Foundation Level Certification (CTFL) ISTQB Advanced Level Test Automation Engineer ISTQB Agile Testing Knowledge: Good understanding of the SDLC and STLC Experience in Manual & Automation Testing Understanding of Payment System business, and Scope of security testing within various applications Good knowledge in Testing and Security tools like Burp Suite Good knowledge in Session Management, Authentication, Authorization, Access control, Input Validation, Business logic security testing, Webservices/API security testing Extensive knowledge of OWASP top 10 vulnerabilities Self-driven and ability to work independently with minimal supervision Knowledge of various types of security vulnerabilities Working knowledge in Agile environment Strong written and verbal communication Technical Skills: Web technologies such as HTML, httpd, Javascript, AJAX, JSON, XML, and DOM API, any IDE, Restful services, Opensource technologies