360 Burp Suite Jobs - Page 11

Senior Security Consultant (Secure Code Review + Web Application Penetration Testing). NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at?www.netspi.com/careers.. NetSPI is seeking a Senior Security Consultant who will serve as a resource for delivery of secure code review and web application penetration assessment. This position requires an understanding of various web technologies, enterprise secure development and risk management. In addition, it requires experience with application security assessments/testing, as well as demonstrated competencies in problem solving, client service, written/verbal communication, and project execution.. Responsibilities. Conduct in-depth penetration testing and secure code review assessments on web applications. Dynamically exploit vulnerabilities found in codebase and correlate insecure coding practices into dynamic application vulnerabilities. Deliver secure code review assessment on programming languages such as Java, C#, Python, C/C++, Perl, PHP. Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques. Train and assist developers in writing secure software and remediating existing vulnerabilities. Provide oversight to peers on service lines through QA process. Mentor and assist team members in effectively delivering assessments and enhancing skillsets. Present detailed penetration test findings to clients and assist in remediation planning. Engage in research to develop new penetration testing methods, tools, and innovative exploit techniques. Contribute to the cybersecurity community through tools, presentations, white papers, and blogging. Maintain consistency with other internal requirements related to day-to-day administration tasks (time keeping, status updates to clients, etc.). Minimum Qualifications. Minimum of 3-5 years of experience in application security including both secure code review and web application penetration testing. Exceptional familiarity in all Burp Suite functions. Published Burp extensions and ability to create new Burp Suite extensions preferred. Detailed understanding of the OWASP Top 10 and CWE Top 25 issues with focus on ability to identify and remediate vulnerability in source code. Ability to explain risk and business impact of security vulnerabilities to variety of audience. Bachelor’s degree or higher, preferably in Computer Science, Engineering, Mathematics, IT, or a related field; equivalent experience will also be considered.. Preferred Qualifications. Experience in detecting, analyzing and providing recommendation guidance on security vulnerabilities using SAST and/or manual secure code review in at least two of the following languages: Java, C#, PHP, Python, C/C++. Experience in software development in at least one server-side programming language. We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.. Show more Show less

What You'll Do. Join us in building a secure, scalable, and experienced platform to support Avalara's expanding business and global customer base. As a Senior Application Security Engineer, you'll work with world-class engineers and architects to ensure security is embedded in everything we build—both in today's systems and the future of our architecture. This role is perfect for someone passionate about automation, cloud-native security, and AI-driven application defense.. You'll help shape the future of Avalara Security, driving security as code, ensuring automation-first practices, and integrating modern AI tooling into security workflows. You understand the value of developer empathy, moves quickly without sacrificing quality, and excels in an environment that combines startup energy with enterprise scale.. You will report to security leadership at Avalara. This is a remote position.. Job Responsibilities. What Your Responsibilities Will Be. You will build, maintain, and continuously improve an automated security pipeline framework integrated into our CI/CD environments.. You will lead development of Infrastructure-as-Code and Policy-as-Code for application security enforcement and consistency across environments.. You will evaluate and integrate security tools (SAST, DAST, SCA, CSPM, EDR) and AI-based solutions into engineering workflows and CI/CD pipelines.. You will provide applicable guidance and mentorship to development and Avalara Security engineering teams on secure development best practices.. Investigate, prototype, and apply AI/ML-based solutions for application behavior analysis, anomaly detection, and threat hunting.. Promote security by design across the organization, and help foster a security-first culture.. Contribute to the continuous refinement of the SDLC to ensure security is smooth, consistent, and measurable.. What You’ll Need To Be Successful. Required Qualifications. 8+ years of experience in application security, secure software development, or security engineering.. Strong programming proficiency in Python and GoLang (hands-on).. Experience with secure SDLC practices and CI/CD pipeline integration.. Strong hands-on experience with Kubernetes, container security, and cloud infrastructure security—preferably AWS and GCP.. Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation.. Working knowledge of cryptographic protocols and standards: TLS, OAuth, SAML, JWT, etc.. Familiarity with Git, modern source control practices, and agile development methodologies.. Experience working with a broad range of security tools, including:. Tenable, Wiz (Cloud Security Posture Management). Checkmarx, Mend (SAST, SCA). Acunetix, Burp Suite (DAST). CrowdStrike (EDR/XDR). Bachelor's Degree in Computer Science, Engineering, or a related field.. Proven experience contributing to security automation efforts within a security organization like Avalara Security.. Experience with AI/ML tools and frameworks applied to application security or behavior analytics.. Security certifications such as OSWE, CSSLP, AWS Security Specialty, or Kubernetes Security Specialist.. Passion for enabling developer-friendly security solutions and maximum automation.. How We’ll Take Care Of You. Total Rewards. In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses.. Health & Wellness. Benefits vary by location but generally include private medical, life, and disability insurance.. Inclusive culture and diversity. Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship.. What You Need To Know About Avalara. We’re Avalara. We’re defining the relationship between tax and tech.. We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year, and this year we became a billion-dollar business. Our growth is real, and we’re not slowing down until we’ve achieved our mission to be part of every transaction in the world.. We’re bright, innovative, and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them.. We’ve been different from day one. Join us, and your career will be too.. We’re An Equal Opportunity Employer. Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.. Show more Show less

About LeadSquared One of the fastest-growing SaaS companies in the CRM space, LeadSquared empowers organizations with the power of automation More than 1700 customers with 2 lakhs+ users across the globe utilize the LeadSquared platform to automate their sales and marketing processes and run high-velocity sales at scale, We are backed by prominent investors such as Stakeboat Capital, Jyoti Bansal, and Gaja Capital to name a few We raised $153mn in our latest Series C funding round from WestBridge Capital, and we're now India's 103rd Unicorn! We are expanding rapidly and our 1100+ strong and still growing workforce is spread across India, the U S, the Middle East, ASEAN, ANZ, and South Africa, Among the Top 50 fastest-growing tech companies in India as per Deloitte Fast 50 programs Frost and Sullivan's 2019 Marketing Automation Company of the Year award Among Top 100 fastest growing companies in FT 1000: High-Growth Companies AsiaPacific Listed as Top Rates Product on G2Crowd, GetApp, and TrustRadius Location : Cessna Business Park (Bangalore)-WFO Requirements 23 years of experience in product or application security; at least 1 year of hands-on software development experience is highly desirable, Proficiency in application security testing using tools such as Burp Suite, SonarQube, SQLMap, and others (SAST, DAST, SCA), Experience with secure coding practices, and strong scripting skills in Python or JavaScript, Solid understanding of industry standards and frameworks such as OWASP Top 10, SANS CWE, etc Knowledge of security fundamentals like cryptography, authentication, risk assessment, and threat modeling, Exposure to cloud platforms (e-g , AWS, Azure) and their associated security best practices, Familiar with CI/CD pipelines and DevSecOps practices for integrating security into development workflows, Understanding of compliance standards such as ISO 27001 and HIPAA, Ability to automate security testing to increase assessment coverage and efficiency, Strong communication skills to effectively convey technical findings to both technical and non-technical stakeholders, Key Responsibilities Conduct application security assessments on web,API and mobile platforms, Perform secure code reviews on apps Carry out cloud security assessments for SaaS infrastructure and services, Manage the vulnerability lifecycle from discovery to resolution, Deliver security training and awareness sessions to internal teams, Develop tools and frameworks to support security automation and engineering initiatives,

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to: SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to: Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to: OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to: Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to: API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

Who we think will be a great fit. A passion for information security with a hacker mindset! Self-motivation and Proactiveness Communication skills What we need... We want people with preferably two or more, of the following: 1. Web Application Security Testing. Knowledge about BURP Suite, manual and automated SQLi Bypass filters that detect SQLi, XSS, etc. People who don't think Injection means only SQLi but SSTI, SSJI, ORMi [HQLi], LDAPi, Eli, XMLi etc. 2. Network Infrastructure Testing. Ability to write custom scripts and wrappers. Knowledge of tools like Responder, Ettercap, tcpdump, Empire, etc.not just Nmap and Nessus Have good knowledge about PowerShell scripting and AD/DC infrastructure. 3. Mobile App Testing. Root/jailbreak and Certificate pinning bypass without any automated tool Dynamic instrumentation using Frida De-obfuscation of APK/IPA file 4. IoT Testing. MQTT attacks Fuzzing of IoT devices Firmware extraction 5. Cloud Testing. A good understanding of the cloud infrastructure that includes AWS, Azure and Google cloud. Have a good understanding of microservices architecture. 6. Secure Code Review. Ability to visualize and compile applications without any compiler (in your mind). Has the ability to learn a new programming language on-the-go. Preferred candidate profile : Candidates with relevant professional experience will be given preference.

https://zrec.in/ai3DV?source=CareerSite

Job Title: Security Tester/Security Test Engineer Location: Chennai/Hyderabad Mode: Hybrid Notice Period: Immediate/Currently Serving 6+ years of experience only (relevancy) Role Summary: This job is responsible for assisting in application security testing, including source code review, automating application security testing process and developing application security solutions to influence organizational efficiency and security. Assists in evaluating security risk assessments and presenting security information to workforce and management. Serves as a resource to the workforce regarding security-based questions and problems. ESSENTIAL RESPONSIBILITIES SAST & DAST Level 1 scan SAST & DAST Level 2 scans after getting approval/certification. Triaging of scan findings Document identified vulnerabilities from scans and review with application teams. Participate in peer reviews. Assist with API Security testing. Pull and complete non-testing related stories from the team backlog (Update documentation, complete research, POCs, process improvement items, documentation of automation components etc...) Collecting security requirements. Educational Qualification Any Degree Must Have 6 - 10 years of experience in Application Security testing Proficiency with Web application and API security testing process. Deep knowledge of Web technologies (i.e How web application works, Authentication, Authorization, HTTP Response & HTTP Request). Thorough understanding of SAST & DAST process. Experience in Burp suite/Acunetix/ Sonarqube or any other security testing tools. Proficiency in Vulnerability reporting process and Remediation process. Ability to handle meetings with Development team to share and explain about vulnerabilities and its remediations. Good to Have: Development experience using Java technologies. Knowledge of GIT, Eclipse, and experience in working with Agile methodology. Good written and verbal communication along with logical thinking and problem-solving abilities Ability to learn new things quickly. Always keen to learn about latest security risk. Any Certifications - Added Advantage

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modelling: Ability to conduct threat modelling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

Role Profile Senior Application Security Engineer Department Information Security/ Cybersecurity Reports ToManager / Lead Security Engineer Location :Hyderabad (WFO) Role Summary: The Security Engineer will play a critical role in strengthening the security posture of applications and infrastructure by implementing secure development practices, performing vulnerability assessments, and integrating security into the SDLC. The ideal candidate will have hands-on experience with OWASP ASVS, security testing tools like ZAP, and a solid understanding of Python-based backend systems. Key Responsibilities: Implement and enforce security policies aligned with OWASP ASVS 4.0.3. Conduct Static and Dynamic Application Security Testing (SAST/DAST) using tools such as ZAP, Fortify, Burp Suite, and GitHub security. Collaborate with DevOps teams to embed security in CI/CD pipelines. Perform threat modelling and risk assessments for applications and APIs. Identify and remediate security vulnerabilities in Python-based services. Prepare and support documentation for STQC audits and other compliance processes. Create and maintain secure coding guidelines for developers. Track and manage vulnerabilities using centralized dashboards or ticketing systems. Collaborate with developers and QA teams during SDLC to ensure secure code deployment. Required Qualifications & Skills: 810 years of Overall experience in IT . 56 years of hands-on experience in Application Security. Strong knowledge of OWASP Top 10 and OWASP ASVS frameworks. Practical experience with ZAP, Fortify, Burp Suite, or similar tools. Good understanding of Python backend services and typical security flaws. Knowledge of CI/CD security integration tools and methodologies. Familiarity with STQC security processes and regulatory compliance documentation. Knowledge of SAST/DAST/IAST methodologies and modern DevSecOps practices. Bachelors degree in computer science, Cybersecurity, or related discipline. Soft Skills: Strong analytical and problem-solving abilities. Excellent written and verbal communication skills. Collaboration and team orientation. High attention to detail and documentation. Strong stakeholder management across development, DevOps, and compliance teams. Preferred Qualifications: Certifications such as OSCP, CISSP, CEH, or GWAPT. Exposure to cloud security (AWS/GCP/Azure). Scripting knowledge for automation using Python or Bash. Experience with container and Kubernetes security tools. Key Relationships: InternalDevelopment Teams, DevOps Teams, QA Teams, Compliance Team, Product Owners ExternalAuditors, Regulatory Authorities (e.g., for STQC), Security Vendors Role Dimensions: Team Size: Individual contributor or small security team lead Scope: Application security coverage across all internal and external apps Impact: High directly impacts risk mitigation, compliance, and secure software delivery Success Measures (KPIs): % of vulnerabilities resolved within SLA Number of applications onboarded to security tools Security issues found in pre-production vs post-deployment Developer adoption rate of secure coding practices STQC and other audit clearance rates Mean time to detect and remediate vulnerabilities Competency Framework Alignment: Technical Expertise Deep understanding of of AppSec tools and practices Results Orientation Works cross-functionally with technical teams Problem Solving Strong in analysing and resolving security issues Communication Explains complex security concepts to non-tech teams Adaptability Takes ownership of vulnerabilities and resolutions

Your potential, unleashed. Indias impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilientnot only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile As Assistant Manager in our Cyber Team youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Threat Modelling: Conduct threat modelling sessions to identify potential security risks to applications, networks, and infrastructure. Utilize various threat modelling frameworks (e.g., STRIDE, PASTA) to evaluate the risk associated with business processes and IT systems. Vulnerability Assessment & Penetration Testing: Perform regular vulnerability assessments and penetration testing on applications, systems, and networks to identify weaknesses and misconfigurations. Security Risk Analysis: Analyse vulnerabilities identified in VAPT engagements and prioritize them based on risk to the business. Provide recommendations for remediation and mitigation. Incident Response: Assist in responding to security incidents by analysing threat patterns, supporting forensic investigations, and recommending preventative measures. Collaboration with Teams: Work closely with developers, DevOps, and other stakeholders to design and implement secure development practices and advise on secure code development practices. Reporting: Document findings from threat modelling, vulnerability assessments, and penetration tests, and present them to management and other key stakeholders. Security Awareness: Promote awareness of cybersecurity risks within the organization and provide guidance on secure coding and risk mitigation strategies. Required Skills and Qualifications: Strong knowledge of Threat Modelling methodologies and tools (e.g., Microsoft Threat Modelling Tool, OWASP Threat Dragon). Hands-on experience in performing Vulnerability Assessment and Penetration Testing (VAPT) using tools like Nmap, Burp Suite, OWASP ZAP, Nessus, and Metasploit. Solid understanding of common vulnerabilities (e.g., SQL injection, Cross-Site Scripting, Buffer overflows) and security protocols (e.g., TLS/SSL, OAuth, OpenID). Familiarity with network security (firewalls, IDS/IPS, VPNs, etc.) and web application security. Experience in performing risk analysis, writing security reports, and presenting findings to both technical and non-technical audiences. Knowledge of OWASP Top 10, CVE, and vulnerability databases. Proficiency in one or more programming languages (e.g., Python, Java, C, or scripting languages) is a plus. Understanding of security frameworks and compliance requirements (e.g., NIST, ISO 27001, GDPR, SOC 2) is desirable. Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus. Strong problem-solving skills and the ability to work independently and in a team. Prior experience in BFSI would be preferred. Preferred Qualifications: Certification: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar penetration testing certifications. Certified Information Systems Security Professional (CISSP) or similar information security certifications. Previous experience in threat hunting, incident response, or application security. Understanding of security in Agile/Scrum development processes. Location and way of working Base location: Pune Professional is required to work from office. How youll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the worlds most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyones welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.

As a Cyber Security Analyst you will be responsible for the administration, endpoint protection, vulnerability management, intrusion detection system, security information & event management, Active Directory, Domain Controller and Email Security.

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modeling: Ability to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

We are seeking a highly skilled and motivated Technical Security Professional specializing in Vulnerability Assessment and Penetration Testing (VAPT), Source Code Review, API Security, and Web Application Security. As a member of our team, you will be responsible for ensuring the security and integrity of our systems, applications, and networks. Responsibilities Conduct comprehensive Vulnerability Assessments and Penetration Tests (VAPT) on various systems, networks, and applications to identify security weaknesses and potential vulnerabilities. Perform thorough Source Code Reviews to identify security flaws, coding errors, and vulnerabilities in web applications and software products. Assess and enhance API security by evaluating API designs, configurations, and implementations for potential security risks and vulnerabilities. Evaluate and enhance the security posture of web applications by conducting thorough security assessments and implementing appropriate security controls. Develop and implement security testing methodologies, tools, and procedures to improve the efficiency and effectiveness of security testing activities. Provide technical expertise and guidance to development teams, system administrators, and other stakeholders on security best practices and mitigation strategies. Collaborate with cross-functional teams to remediate identified security vulnerabilities and implement security controls to mitigate risks. Stay updated on the latest security trends, vulnerabilities, and best practices to continuously improve the security posture of our systems and applications. : Bachelor's degree in Computer Science, Information Security, or a related field. (Master degree preferred) 5 to 7 years of experience in conducting Vulnerability Assessments and Penetration Tests (VAPT) on enterprise systems, networks, and applications. 4 to 7 years of experience in performing Source Code Reviews for web applications and software products. Proficiency in using industry-standard security testing tools such as Nessus, Metasploit, Burp Suite, etc. Strong understanding of web application security principles, common vulnerabilities (e.g., OWASP Top 10), and mitigation techniques. Experience in assessing and enhancing API security, including authentication, authorization, encryption, and access control mechanisms. Knowledge of secure coding practices and common programming languages (e.g., Java, Python, C/C++, etc.). Knowledge of cloud security and DevSecOps processes. Excellent analytical and problem-solving skills with the ability to identify and mitigate complex security risks and vulnerabilities. Strong communication and interpersonal skills with the ability to effectively collaborate with cross-functional teams and stakeholders. Relevant security certifications such as CISSP, CEH, OSCP, etc., are preferred.

Hello Visionary ! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. We are looking for a highly skilled and motivated Product & Solution Security Professional to join our team. The ideal candidate will be responsible for defining secure design principles and supporting cross-functional teams to ensure secure architecture, implementation, and testing of products and solutions. Key Responsibilities Integration with SDLC Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. Perform security code reviews and analyze vulnerabilities during different SDLC phases. 2. Security Activities Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. Stakeholder Interaction Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization . 4. Security Tools and Technologies Implement and manage security tools such as static and dynamic analysis tools and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance product’s security posture. 5. Training and Awareness Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security . Skills and Qualifications 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred CEH, Certified Secure Software Lifecycle Professional (CSSLP) or equivalent. Experience Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. 7 - 10 years of experience in cybersecurity, with a focus on application security. Make your mark in our exciting world at Siemens . This role, based in Bangalore , is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow We’ll support you with Hybrid working opportunities. Diverse and inclusive culture. Variety of learning & development opportunities. Attractive compensation package. Find out more about Siemens careers at www.siemens.com/careers

Role & responsibilities We are looking to add a VAPT specialist to our team! This position will be conducting vulnerability assessments, penetration testing, and security audits to identify, report, and mitigate security weaknesses across applications, networks, and systems. Conduct vulnerability assessments and penetration tests on internal and external applications, networks, and systems. Develop, document, and implement testing methodologies based on industry standards and compliance requirements (e.g., OWASP, NIST, ISO 27001). Identify security risks, potential threats, and vulnerabilities and provide detailed reports with actionable recommendations. Collaborate with development, infrastructure, Network, SOC and application teams to guide them in remediating identified security issues. Perform re-testing to validate remediation actions taken to address vulnerabilities. Stay updated on emerging security threats, vulnerabilities, and tools related to penetration testing. Ensure testing activities comply with relevant security policies, regulatory requirements, and standards. Support the development of VAPT policies, standards, and guidelines. Prepare regular reports and dashboards for management and stakeholders, summarizing findings and status updates. Preferred candidate profile At least 1+ years of experience in vulnerability assessment and penetration testing in both application and network environments. In-depth knowledge of security standards, frameworks, and methodologies, such as OWASP, PTES, and MITRE ATT&CK. Proficiency with security testing tools like Burp Suite, Nessus, Metasploit, Nmap, and Wireshark. Strong understanding of network protocols, application security, and secure coding practices. Familiarity with regulatory standards, such as GDPR, HIPAA, and PCI-DSS, and how they impact VAPT requirements. Ability to communicate complex technical information to both technical and non-technical stakeholders. Relevant certifications (e.g., CEH, OSCP, GIAC GPEN, or GWAPT) are preferred. Vulnerability scanning and penetration testing Threat modeling and risk assessment Security auditing and report writing Collaboration and communication Analytical and problem-solving skills

Location: Mumbai/Bangalore Experience: 5 to 8 years Responsibilities: Conduct comprehensive security assessments, including network penetration testing and vulnerability analysis, to identify security gaps in critical systems. Simulate real-world attacks to test the effectiveness of security measures and identify potential weaknesses. Develop and execute red team operations, including social engineering, network exploitation, and physical security testing. Create detailed reports documenting findings, attack vectors, and remediation strategies. Stay up-to-date with the latest security trends, tools, and techniques to ensure cutting-edge testing methodologies. Complete the projects within budgeted efforts and deliver high quality reports. Open for onsite deployments anywhere across the world as business demands Required skill set: Bachelors degree in computer science, Information Security, or a related field. Strong understanding of network protocols, operating systems, and security architectures. Proficiency in using penetration testing tools such as Nessus, Metasploit, Burp Suite, and Wireshark and similar. Flexible and creative in helping to find acceptable solutions for customers. Excellent problem-solving skills and the ability to think like an attacker. Strong verbal and written communication skills to effectively convey complex security issues to technical and non-technical stakeholders. Relevant certifications such as OSCP, OSCE, CRTP or similar. Good to have Skills: Experience with reverse engineering and exploit development. Knowledge of cloud security and containerization technologies. Familiarity with regulatory requirements and industry standards (e.g., GDPR, PCI-DSS, ISO) Ability to work on multiple complex assignments simultaneously.

We are looking for a skilled and motivated Penetration Tester to join our DART (Detection and Response Team) and help deliver high-impact Penetration Testing as a Service (PTaaS) engagements to our global clients. This is a hands-on role focused on continuous testing, real-world simulations, and providing actionable insights using industry-leading tools like Metasploit Pro and CIS-CAT Pro. Youll be part of a CREST-aligned team helping financial institutions, government bodies, and mid-market clients secure their infrastructure, web applications, cloud platforms, and internal networks. Key Responsibilities Perform internal and external network penetration testing Conduct web application and API testing using OWASP and custom test cases Simulate real-world attack vectors including privilege escalation and lateral movement Execute configuration audits using CIS-CAT Pro for hardening validation Design and run automated and manual exploit campaigns using Metasploit Pro Prepare detailed reports with technical findings, business risk, and remediation guidance Participate in client scoping sessions and debriefs Collaborate with the development and infrastructure teams to validate remediations Contribute to continuous improvements of our PTaaS platform and methodology What Were Looking For 36 years in penetration testing, red teaming, or offensive security Strong knowledge of security testing methodologies (OWASP, PTES, MITRE ATT&CK) Hands-on experience with Metasploit Pro, Burp Suite, CIS-CAT Pro, or similar tools Certifications preferred : OSCP, CREST CRT, CRTO, or equivalent Preferred candidate profile Familiarity with cloud security (Azure, AWS, M365) and Active Directory attacks Strong report writing and client communication skills

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Primary Skills : Manual Penetration Testing using OWASP checklists, Penetration Testing, Cloud Security Assessment, Cybersecurity, Security Configuration Review, Source Code Review Job Description: 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API & Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms. Notice: Immediate to 15 days Location: ENBD Bangalore or ENBD Chennai or Dubai Location: Bangalore/Chennai/Dubai Experience: 4-6 Years Thanks & Regards, Ankita Ghosh

Senior Security Engineer Experience: 3-8 Years Exp Salary: 10 to 30 LPA Preferred Notice Period: 60 Days Opportunity Type: Onsite (Bengaluru, Karnataka) Placement Type: Full-time (*Note: This is a requirement for one of Uplers' Clients) Must have required skills: Frida, Ghidra, Reverse Engineering Anakin (YC S21) (One of Uplers' Clients) is Looking for: Senior Security Engineer who is passionate about their work, eager to learn and grow, and committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you. Role Overview Description About the Role: Were looking for an experienced engineer to help us understand and interact with web and mobile application APIs in a structured and compliant manner. This includes analysing how apps and websites generate secure API requests, inspecting native/mobile code, and building reliable systems for data extraction, strictly under the terms of service. Key Responsibilities: Analyse Android apps (Java/Kotlin/native code) to understand API flows and request signing mechanisms. Study browser and JavaScript behaviour to understand how websites structure and secure their API calls. Investigate how common client-side security mechanisms (e.g., token generation, header signing, session validation) are implemented. Build tools or automation scripts to replicate legitimate client behaviour in a compliant and respectful manner. Collaborate with internal teams to integrate and maintain data extraction systems responsibly. Must-Have Skills: Experience in reverse engineering Android apps (APK analysis, native code inspection). Deep understanding of web technologies, JavaScript execution, and HTTP protocol. Familiarity with client-side security implementations such as token generation, obfuscation, and API protection. Must have a solid understanding of JWT, JWE, cookies, and session management in web and mobile applications. Hands-on experience with tools like Frida, mitmproxy, Burp Suite, Wireshark, Ghidra/IDA Pro or similar. Strong scripting skills (Python, Node.js, etc.) Nice-to-Have: Background in security engineering, penetration testing, or application security research. Familiarity with CAPTCHA handling methods and automation frameworks (e.g., Puppeteer, Playwright). Experience with mobile app instrumentation (NDK, JNI). Experience working with large-scale distributed systems, as it helps in building scalable and resilient data extraction infrastructure. About Uplers: Our goal is to make hiring and getting hired reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant product and engineering job opportunities and progress in their career. (Note: There are many more opportunities apart from this on the portal.) So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

Senior Security Engineer Experience: 3-8 Years Exp Salary: 10 to 30 LPA Preferred Notice Period: 60 Days Opportunity Type: Onsite (Bengaluru, Karnataka) Placement Type: Full-time (*Note: This is a requirement for one of Uplers' Clients) Must have required skills: Frida, Ghidra, Reverse Engineering Anakin (YC S21) (One of Uplers' Clients) is Looking for: Senior Security Engineer who is passionate about their work, eager to learn and grow, and committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you. Role Overview Description About the Role: Were looking for an experienced engineer to help us understand and interact with web and mobile application APIs in a structured and compliant manner. This includes analysing how apps and websites generate secure API requests, inspecting native/mobile code, and building reliable systems for data extraction, strictly under the terms of service. Key Responsibilities: Analyse Android apps (Java/Kotlin/native code) to understand API flows and request signing mechanisms. Study browser and JavaScript behaviour to understand how websites structure and secure their API calls. Investigate how common client-side security mechanisms (e.g., token generation, header signing, session validation) are implemented. Build tools or automation scripts to replicate legitimate client behaviour in a compliant and respectful manner. Collaborate with internal teams to integrate and maintain data extraction systems responsibly. Must-Have Skills: Experience in reverse engineering Android apps (APK analysis, native code inspection). Deep understanding of web technologies, JavaScript execution, and HTTP protocol. Familiarity with client-side security implementations such as token generation, obfuscation, and API protection. Must have a solid understanding of JWT, JWE, cookies, and session management in web and mobile applications. Hands-on experience with tools like Frida, mitmproxy, Burp Suite, Wireshark, Ghidra/IDA Pro or similar. Strong scripting skills (Python, Node.js, etc.) Nice-to-Have: Background in security engineering, penetration testing, or application security research. Familiarity with CAPTCHA handling methods and automation frameworks (e.g., Puppeteer, Playwright). Experience with mobile app instrumentation (NDK, JNI). Experience working with large-scale distributed systems, as it helps in building scalable and resilient data extraction infrastructure. About Uplers: Our goal is to make hiring and getting hired reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant product and engineering job opportunities and progress in their career. (Note: There are many more opportunities apart from this on the portal.) So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure you re set up for success, you will bring the following skillset & experience: 5+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

We are looking for a Senior Penetration Tester to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Here is how, through this exciting role, YOU will contribute to BMC's and your own success: Primary Roles and Responsibilities: Lead security assessments of applications and solutions deployed on IBM z/OS-based environments. Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems.. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure you re set up for success, you will bring the following skillset & experience: 8+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

Dear Candidate, We are looking for an Application Security Engineer to identify, mitigate, and prevent security risks in software applications across the SDLC. Key Responsibilities: Conduct static and dynamic application security testing (SAST/DAST). Collaborate with development teams to integrate secure coding practices. Perform threat modeling, code reviews, and security assessments. Respond to security vulnerabilities and guide remediation efforts. Develop automated tools and CI/CD security checks. Required Skills & Qualifications: Strong understanding of OWASP Top 10 and secure software development. Experience with security tools (Burp Suite, Fortify, SonarQube, Checkmarx). Proficiency in at least one programming language (e.g., Java, Python, C#). Familiarity with DevSecOps and container security. Security certifications are a plus (e.g., CSSLP, OSWE, CEH). Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Application Security Perform security reviews, code audits, and threat modeling of web and mobile applications. Work with DevOps and development teams to integrate secure coding practices and tools (e.g., SAST, DAST, SCA). Conduct penetration testing and vulnerability assessments on internal and external applications. Remediate OWASP Top 10 and other emerging threats. Infrastructure & Server Security Harden Linux and Windows servers following CIS/NIST benchmarks. Implement endpoint security solutions (AV, EDR, MDM). Monitor, detect, and respond to system anomalies and unauthorized access. Manage patching and update cycles in coordination with system teams. Network Security Secure network architecture, firewall policies, VPNs, NAT, and VLAN segmentation. Analyze and mitigate threats like DDoS, MITM, spoofing, etc. Configure and manage intrusion detection/prevention systems (IDS/IPS). Perform routine audits and packet-level analysis for suspicious activity. Cloud Security Secure cloud infrastructure (Alibaba Cloud/AWS/Azure/GCP). Manage IAM, WAF, Security Groups, and cloud-native threat detection tools. Audit and improve security configurations in containers, CI/CD pipelines, and serverless deployments. Monitoring, Audit, and Compliance Work closely with compliance teams to meet standards like SAMA-CSF, ISO 27001, and PCI-DSS. Implement and tune SIEM/SOAR systems for proactive monitoring and incident response. Maintain audit trails, security reports, and logs for investigations and audits. Qualifications & Requirements Bachelors degree in computer science, Cybersecurity, or a related field. 4+ years of experience in cybersecurity roles with exposure to infrastructure and application security. Proficiency in tools like Burp Suite, Nessus, Wireshark, Nmap, Suricata, OSSEC/Wazuh, etc. Strong knowledge of TCP/IP, Linux security, cloud security, and secure coding principles. Experience with at least one cloud platform (Alibaba Cloud preferred). Familiarity with regulatory and compliance standards in the GCC region is a plus. Security certifications such as CEH, OSCP, CISSP, or CISM are a plus. Preferred Strong problem-solving and analytical skills. Ability to work under pressure in a fast-paced environment. Excellent communication skills to interface with technical and non-technical stakeholders. Self-motivated and able to work independently or as part of a team.