360 Burp Suite Jobs - Page 12

Your day at NTT DATA The Vulnerability Assessment Specialist is a seasoned subject matter expert, responsible for conducting advanced vulnerability assessments, identifying vulnerabilities, and provides expert recommendations to mitigate security risks to ensure the security and integrity of the organization's systems and infrastructure. This role requires collaboration with cross-functional teams, and they lead/perform vulnerability assessments, analyze findings, and provide recommendations to mitigate security risks and contributes to the improvement of vulnerability management practices. What you'll be doing Key Responsibilities: Conducts vulnerability assessments using automated scanning tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Conducts penetration tests using automated tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and prioritizes vulnerabilities based on severity, impact, and exploitability. Assesses the potential risks associated with identified vulnerabilities. Analyzes the business impact, likelihood of exploitation, and potential attack vectors to prioritize remediation efforts based on risk severity. Provides detailed remediation recommendations to system owners, administrators, and IT teams. Collaborates to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Utilizes vulnerability scanning tools such as Nessus, OpenVAS, Qualys, or similar tools to conduct scans, configure scan policies, and fine-tune scan parameters for accurate and comprehensive assessments. Utilizes penetration testing tools such as Metasploit, Burp Suite, and similar tools to conduct tests, configure test policies, and fine-tune test parameters for accurate and comprehensive assessments. Prepares vulnerability assessment reports, documenting assessment findings, risk analysis, and recommended actions. Communicates assessment results to stakeholders, including technical and non-technical audiences, in a clear and concise manner. Collaborates with cross-functional teams, including IT operations, development teams, and security stakeholders, to ensure effective communication, coordination, and alignment on vulnerability management efforts. Communicates technical concepts and recommendations to non-technical stakeholders. Participates in security awareness programs and provides training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene. Promotes a culture of security awareness within the organization. Collaborates with incident response teams to identify and address vulnerabilities associated with security incidents. Provides support during incident response efforts and contribute to post-incident analysis and remediation. Stays updated with the latest security trends, emerging vulnerabilities, and industry best practices. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Shares knowledge and provides guidance to improve vulnerability management practices. Shares knowledge and provides guidance to improve penetration testing practices. Contributes to open source security projects and the security community. Performs any other related task as required. Knowledge and Attributes: Seasoned understanding of vulnerability assessment methodologies, tools, and industry best practices. Seasoned understanding of penetration testing methodologies, tools, and industry best practices. Seasoned understanding of networking concepts, operating systems, and common software vulnerabilities. Solid proficiency in using vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Solid proficiency in using penetration testing tools such as Metasploit, Burp Suite, and similar tools. Seasoned knowledge of risk analysis principles and the ability to assess the business impact of vulnerabilities. Solid knowledge of vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Strong analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend effective remediation actions. Excellent written and verbal communication skills to prepare vulnerability assessment reports and effectively communicate technical information to diverse stakeholders. Excellent collaboration and teamwork skills to work effectively with cross-functional teams and stakeholders. Seasoned familiarity with security frameworks, standards, and regulatory compliance requirements. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP)GIAC Penetration Tester (GPEN) or GIAC Certified Vulnerability Assessor (GCVA) are beneficial. Required Experience: Seasoned demonstrated experience in information security or related roles, with a focus on conducting vulnerability assessments and providing remediation recommendations. Seasoned demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, network security assessments, penetration testing, or code review. Experience in bug bounty programs and identifying zero-day vulnerabilities is a plus.

We are looking to hire a Cyber Security Engineer with strong analytical skills and a comprehensive understanding of cybersecurity principles. The ideal candidate will have hands-on experience in web application, network security and hardware security with the ability to identify vulnerabilities, execute penetration tests, and recommend effective mitigations. The role requires an individual who is detail-oriented, able to work under pressure, and capable of delivering results within tight deadlines. Responsibilities: Conduct web application penetration testing using established methodologies (e.g., OWASP). Perform network penetration testing and identify system-level vulnerabilities. Conduct hardware-level security assessments and penetration tests on embedded systems, PCBs, SoCs, firmware, and IoT devices. Perform side-channel analysis, fault injection, and reverse engineering of hardware and firmware. Analyze firmware images for vulnerabilities using both static and dynamic methods. Analyse existing security measures and recommend improvements. Document findings, provide detailed risk assessments, and deliver remediation strategies. Advise on and implement security best practices across applications and infrastructure. Collaborate with development and infrastructure teams to ensure secure design and implementation. Stay current with evolving threats, vulnerabilities, and mitigation techniques. If experienced, conduct mobile application penetration testing (preferred, not mandatory). Requirements: A degree in computer science, IT, systems engineering, or related qualification. Core experience and profound knowledge in application and infrastructure security testing. Strong understanding and hands on experience on application and infrastructure vulnerabilities, automated/manual testing, auditing and remediation techniques. Strong understanding of OWASP Threats classification Experience with standard security tools such as Metasploit, SQLMap, Nmap, OWASP ZAP, Burp Suite etc. Experience with network/infrastructure vulnerability assessment tools such as Nessus, Qualys etc. Experience with establishing penetration testing procedures and processes. Proficiency in any one of the scripting languages like Python, C++, Java, Ruby, Node, Go, and/or Power Shell Ability to work under pressure in a fast-paced environment. Strong attention to detail with an analytical mind and outstanding problem-solving skills. Great awareness of cybersecurity trends and hacking techniques. Good to have: Understanding of server and client-side application development. Experience with performing code review, wireless and firewall assessments. Experience in evasion techniques to bypass firewalls and intrusion detection systems. Experience with Mobile Application Penetration testing, APIs etc. Knowledge in Application Architecture Review, Threat Modelling concepts Security Certifications: OSCP, OSEE, OSCE etc.

Your Role and Responsibilities Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design. Key responsibilities Plan the penetration test Select, design and create appropriate tools for testing Perform the penetration test on computer systems, networks, web-based and mobile applications Document your methodologies, findings Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs. Review your findings and feedback to development teams Analyse the outcomes and make recommendations for security improvements Carry out application, network, systems and infrastructure penetration tests Review physical security and perform social engineering tests where appropriate Evaluate and select from a range of penetration testing tools Keep up to date with latest testing and ethical hacking methods Deploy the testing methodology and collect data Report on findings to a range of stakeholders Make suggestions for security improvements Enhance existing methodology material Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Experience – 2 to 5 years in Cybersecurity Web Application Testing Basic understanding of HTTP Protocol HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc. Basic understanding of HTML/JavaScript Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities Automated Testing Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.) Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan. Assessment of scanner results and intelligently identifying false positives from the scan results. Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender. Manual Testing: Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing. Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities. Preferred technical and professional experience Preferred Professional and Technical Expertise Webservice Testing SOAP/REST APIs testing. Configuring cURL commands and POSTMAN tool to capture the request in automated scanner. Network Testing Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc. Basic understanding of network devices like router, switches, firewall/IDS/IPS etc.. Network scanning tools such as Nessus, Nmap, Metasploit etc. Exploitation and Post Exploitation of network vulnerabilities. Threat Model and Source code security scanning Perform/Participate in threat model creation/design or review Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools. Security Certifications Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc

As an Application Security Specialist,youll play a vital role in building secure systems from the ground up. Workingclosely with engineering, compliance, and DevOps teams, you will ensure ourapplications meet rigorous security and regulatory standards across globaljurisdictions. Your Impact on the Mission: Integrate security into the Software Development Lifecycle (SDLC) , embedding security controls at every phase. Conduct threat modeling , secure code reviews , and penetration testing for internal and third-party applications. Collaborate with development teams to address security issues across CI/CD pipelines (DevSecOps). Manage and mitigate application-level risks in line with security frameworks and regulatory requirements. Support compliance efforts for GDPR , NIS2 , PCI-DSS , and DORA by applying security controls and maintaining evidence. Drive secure practices in the software supply chain , improving defenses against attacks like those seen in SolarWinds. Business Impact Reduces application security vulnerabilities across internal and customer-facing systems. Helps ensure Noventiqs compliance with global cybersecurity regulations. Lowers production defects and remediation costs through early detection. Strengthens resilience ofcloud-native and third-party platforms. What Youll Bring to The Table About You: 5 years in Application Security, including secure development, testing, and DevSecOps. Solid understanding of OWASP Top 10 , SAST/DAST , threat modeling , and common attack vectors. Familiarity with CI/CD environments (e.g., GitLab, GitHub Actions, Azure DevOps). Hands-on experience with tools such as Burp Suite , OWASP ZAP , SonarQube , Checkmarx , or similar. Preferred Certifications Industry-recognized certifications are a plus, including: OSCP , GWAPT, CISSP, or CSSLP Bonus for Azure Security Engineer (AZ-500) or Certified DevSecOps Professional Frameworks Compliance Working knowledge of: OWASP , CIS Controls v8, ISO/IEC 27001 GDPR , NIS2 Directive, PCI-DSS, DORA Regulation

Vulnerability Assessment, Vulnerability Mitigation, Manual Penetration Testing using OWASP checklists, Penetration Testing, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Cyber Security Perform comprehensive penetration testing and vulnerability assessments on enterprise networks, firewalls, routers, switches other infrastructure components Identify and exploit vulnerabilities to assess the security posture of network components Provide detailed reports with risk ratings, remediation steps, and security recommendations Work with IT DevOps teams to ensure timely resolution of vulnerabilities Utilize industry-standard tools such as Nessus, Nmap, Metasploit, Burp Suite, Wireshark, Open VAS Implement and manage vulnerability scanning solutions across the organization Collaborate with IT, DevOps security teams to ensure patches and mitigations are applied effectively Conduct security assessments for cloud environments (AWS, Azure, GCP) including configuration audits Identify misconfigurations, privilege escalations security risks in cloud infrastructure Implement continuous monitoring logging solutions for cloud security visibility

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment Consulting, Cybersecurity, Data Security Assessment Consulting Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies Prepare detailed reports on findings from simulations and suggest improvements Facilitate training sessions for internal teams on security awareness and breach response tactics

Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, Static/dynamic testing of mobile applications, Static Code analysis Artifacts/Grey box Infra Activity (VA/CA) Windows Server - Performing Scanning and preparing reports - application Security Testing/ Infra VACA

Static Code analysis Static/dynamic testing of mobile applications Vulnerability Assessment Penetration Testing. SAST Penetration testing Vulnerability Assessment

Role & responsibilities Orange Business is hiring for Cybersecurity Expert - Pentest for Greater Noida location. Performing (Web, mobile, Cloud-based AWS, Azure, etc.), thick-clients business solutions and infrastructure pentest as assigned by the customer Work on full assessment & revalidation cases within customer defined timelines. Handling report creation based on pentest outcome as per customer template Develop new test cases, scenario & able to perform API pentesting Develops, tests and validates solutions to remediate exploitable conditions on devices such as web servers, mail servers, routers, firewalls and intrusion detection systems | Provide results report and help team to evaluates, codes and implements software fixes (patches) to address system vulnerabilities such as malicious code (e.g., viruses), system exploitation using SQL injection, cross-site scripting, buffer overflows, parameter tampering, hidden field manipulation, cookie poisoning and web services manipulation | Conducts security assessments of systems and applications using penetration tests, ethical hacking tools and risk assessment/mediation methodologies to evaluate vulnerabilities Perform source code review & configurations reviews against CIS benchmarks and security standards Participating in end user calls with customer for requirement gathering, explanation of findings, technical discussions. Preferred candidate profile Mandatory skill set Proficiency in Pentest tool such as using Burp suite and Kali Linux Proficiency in Python and Java, JavaScript, and Other coding languages • Good experience in performing security penetration testing and vulnerability assessment for internal, external web & mobile applications, wireless networks and IT infrastructure, end-points, cloud etc. Experience in testing diverse infra components including various enterprise platforms such as private clouds, Openshift infra, dockers/container infra etc. Experience in Source code reviews, red team exercises, security architecture configuration reviews, and technical security compliance reviews Knowledge on Web-based applications and services (SOAP/REST) Well versed in writing reports, test cases etc. OSCP/ OSWP / OSCE certification (preferred), SANS or Certified Penetration Tester, Certified Expert Penetration Tester or GIAC Certified Penetration Tester Secondary skill set Knowledge on Azure & scripting language Nice to have knowledge on other hacker tools;Appscan, Fortify, Wireshark, nmap, netcat, ZAP, FireBug, Nessus, John the Ripper.

Hiring for Security Test Engineer at Bangalore location Role: Security Test Engineer Exp: 2 - 7 Years Job location: Bangalore Notice Period: Immediate joiners only - Must Work Mode: Hybrid Interview Mode: 2 rounds ( Virtual & F2F round is Must ) Direct Responsibilities: To perform Penetration testing (Gray Box and/or Black Box), for Web applications, Thick Client, API, and mobile applications. Understand and deep knowledge of application security engineering principles to follow secure development practices which includes secure build processes, secure code review, security testing. Understanding of the security tools in DevOps Processes Knowledge of one or more scripting languages for automation Collaborate with the developers to help them understand the vulnerabilities reported in application. Contributing Responsibilities To understand the applications security requirements and identify & document the scope of the test. Ensure execution of the documented security scenarios for the application under test. Document and report all findings. Escalate issues to the local management and onshore stakeholders in case it affects the testing progress. Ensure processes for the project is followed for the assessments. Help review peer's work and mentor junior members in the team. Technical & Behavioral Competencies: Clear understanding of OWASP Top 10 - application security risks Tools/OS: Burp Suite, OWASP ZAP, Kali Linux Manual Security Testing & Analysis, Security Test Designing Excellent Interpersonal and presentation skills Strong in verbal and written communication Good analytical skills Strong Time Management Must be flexible, independent, self-motivated. Team Player Interested candidates can share your updated profile to premkumar.m@kiya.ai

Greetings from Peoplefy Infosolutions !!! We are hiring for one of our reputed MNC client based in Pune . We are looking for candidates with 3 + years of experience in below skills - Primary skills : Ethical Hacking Penetration Testing Software development Cyber forensics or threat hunting Application security Secure coding Burp suite, OWASP, OWASP ZAP Interested candidates for above position kindly share your CVs on asha.ch@peoplefy.com with below details - Experience : CTC : Expected CTC : Notice Period : Location :

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Skills: Vulnerability Assessment,Penetration Testing,Manual Penetration Testing using OWASP checklists,Static/dynamic testing of mobile applications,OWASP Top 10 Roles and Responsibility: Roles and responsibility: Perform Web Application Security Assessment, API Security Assessment, Mobile Application Security Assessment & Thick Client Security Assessment. Report Preparation etc. Thanks and Regards, Ankita Ghosh

Design, develop, and maintain automated and manual test cases with a focus on security. Perform static and dynamic application security testing (SAST/DAST). Identify, document, and track security-related defects and work with engineering teams for remediation. Conduct threat modeling and risk assessments as part of the software development lifecycle. Validate fixes and patches for known vulnerabilities. Assist in integrating security testing tools (e.g., OWASP ZAP, Burp Suite, SonarQube) into CI/CD pipelines. Stay current with security best practices, industry trends, and vulnerability databases (e.g., CVE, NVD). Collaborate with QA, DevSecOps, and security analysts to promote secure development practices. Participate in code reviews and assist in the development of secure coding guidelines.

Hands-on experience in using tools like Cypress,Playwright, JMeter, Appium, and Postman using AI-powered testing platforms. experience in managing large testing teams, client relationships. Suitable candidates, please share CV to trinadh@desicrew.in

What you will do Let’s do this. Let’s change the world. In this vital role you will Guide and support junior team members by offering technical advice, conducting code reviews, and sharing knowledge to promote their professional development. Perform security testing (e.g., penetration testing, code reviews) and ensure continuous security monitoring across the organization’s IT landscape. Identify vulnerabilities in networks, systems, applications, and infrastructure through hands-on penetration testing. Attempt to exploit discovered vulnerabilities to demonstrate their impact and prove their existence (e.g., retrieving sensitive data, elevating user privileges, or gaining access to admin functionality). Perform assessments on web applications, cloud environments, and network infrastructure. Use automated tools and manual techniques to identify security weaknesses. Conduct advanced post-exploitation tasks to simulate real-world attack scenarios. Work with third-party security vendors for audits, product testing, and external assessments when required. Use automated tools (e.g., Burp Suite, OWASP ZAP, or Acunetix) to identify common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and others. Document identified vulnerabilities in detail, explaining how they were found, their severity, and their potential impact. Include proof-of-concept (PoC) for critical vulnerabilities. Offer actionable, practical solutions for fixing the vulnerabilities, such as secure coding practices, configuration changes, or security controls. Use risk-based prioritization, categorizing issues by their severity and business impact (e.g., high, medium, low) to help the organization focus on the most critical issues. Continuously learn about the latest vulnerabilities, exploits, and security trends. Present the findings to stakeholders, security teams, and management, explaining the business risk and potential impacts of the vulnerabilities discovered. Familiarity with industry standards and compliance requirements (e.g., PCI-DSS, NIST, ISO 27001) and their relevance to penetration testing. What we expect of you We are all different, yet we all use our unique contributions to serve patients. This role has a strong focus on ensuring the organization's infrastructure, applications, and systems are secure from external and internal threats. This role is responsible for conducting authorized security tests on IT infrastructure to evaluate the strength of its systems against potential cyberattacks. A variety of automated tools and manual techniques are leveraged to simulate real-world attacks. The penetration tester then works with the organization to prioritize, remediate and report on identified issues, strengthening the overall security posture. Basic Qualifications: Bachelor’s degree with 6 - 8 years of experience in Computer Science, Cybersecurity or Information Systems related field . Preferred Qualifications: Must-Have Skills: Strong knowledge of common vulnerabilities (e.g., OWASP Top 10, SANS Top 25), network protocols, encryption standards, application security and common penetration testing methodologies (ISSAF, OSSTMM, PTES). Familiarity with tools like Burp Suite, OWASP ZAP and Metasploit. A deep understanding of web application architecture, databases, and authentication mechanisms. Ability to think critically and creatively when testing and attempting to exploit vulnerabilities. Good-to-Have Skills: Experience with threat intelligence and incorporating emerging threats into penetration testing practices Proficiency in scripting and automation (e.g., Python, Bash) is a plus Professional Certifications (please mention if the certification is preferred or mandatory for the role): PreferredeJPT, eCPPT, eWPT, OSCP, OSWA, GWAPT What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Infrastructure Security Vulnerability Management Operations Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and overseeing the transition to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure that the implemented solutions align with organizational objectives, all while maintaining a focus on continuous improvement and risk management. Roles & Responsibilities:-Remediation of vulnerabilities-Exp in Tenable,Wiz.IO, Checkmarx and Burpsuite-Defining Scan schedule-Reporting and Dashboard-Metrics driven dashboards Professional & Technical Skills: -Establish and operationalize an enterprise vulnerability management program, including:- Scanner deployment and configuration- VM operating procedures- Remediation working group- Attack surface management procedures- Vulnerability intelligence integration- Exception handling procures- vulnerability risk standard-To integrate VM program operations with existing Cloud security, GRC and IT capabilities/processes.-Scanning of Scout's entire IP space (internal and external) using Tenable. Scanning technology will be provided by Scout.-End-to-end centralized operations of the vulnerability management program encompassing all identified vulnerabilities resulting from penetrating testing, infrastructure scanning, DAST, and OT security assessments, and including risk analysis, remediation support, exception handling, mitigation, and reporting. Additional Information:- The candidate should have minimum 3 years of experience in Infrastructure Security Vulnerability Management Operations.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Role Profile Senior Application Security Engineer Department Information Security/ Cybersecurity Reports ToManager / Lead Security Engineer Location :Hyderabad (WFO) Role Summary: The Security Engineer will play a critical role in strengthening the security posture of applications and infrastructure by implementing secure development practices, performing vulnerability assessments, and integrating security into the SDLC. The ideal candidate will have hands-on experience with OWASP ASVS, security testing tools like ZAP, and a solid understanding of Python-based backend systems. Key Responsibilities: Implement and enforce security policies aligned with OWASP ASVS 4.0.3. Conduct Static and Dynamic Application Security Testing (SAST/DAST) using tools such as ZAP, Fortify, Burp Suite, and GitHub security. Collaborate with DevOps teams to embed security in CI/CD pipelines. Perform threat modelling and risk assessments for applications and APIs. Identify and remediate security vulnerabilities in Python-based services. Prepare and support documentation for STQC audits and other compliance processes. Create and maintain secure coding guidelines for developers. Track and manage vulnerabilities using centralized dashboards or ticketing systems. Collaborate with developers and QA teams during SDLC to ensure secure code deployment. Required Qualifications & Skills: 8–10 years of Overall experience in IT . 5–6 years of hands-on experience in Application Security. Strong knowledge of OWASP Top 10 and OWASP ASVS frameworks. Practical experience with ZAP, Fortify, Burp Suite, or similar tools. Good understanding of Python backend services and typical security flaws. Knowledge of CI/CD security integration tools and methodologies. Familiarity with STQC security processes and regulatory compliance documentation. Knowledge of SAST/DAST/IAST methodologies and modern DevSecOps practices. Bachelor’s degree in computer science, Cybersecurity, or related discipline. Soft Skills: Strong analytical and problem-solving abilities. Excellent written and verbal communication skills. Collaboration and team orientation. High attention to detail and documentation. Strong stakeholder management across development, DevOps, and compliance teams. Preferred Qualifications: Certifications such as OSCP, CISSP, CEH, or GWAPT. Exposure to cloud security (AWS/GCP/Azure). Scripting knowledge for automation using Python or Bash. Experience with container and Kubernetes security tools. Key Relationships: InternalDevelopment Teams, DevOps Teams, QA Teams, Compliance Team, Product Owners ExternalAuditors, Regulatory Authorities (e.g., for STQC), Security Vendors Role Dimensions: Team Size: Individual contributor or small security team lead Scope: Application security coverage across all internal and external apps Impact: High – directly impacts risk mitigation, compliance, and secure software delivery Success Measures (KPIs): % of vulnerabilities resolved within SLA Number of applications onboarded to security tools Security issues found in pre-production vs post-deployment Developer adoption rate of secure coding practices STQC and other audit clearance rates Mean time to detect and remediate vulnerabilities Competency Framework Alignment: Technical Expertise Deep understanding of of AppSec tools and practices Results Orientation Works cross-functionally with technical teams Problem Solving Strong in analysing and resolving security issues Communication Explains complex security concepts to non-tech teams Adaptability Takes ownership of vulnerabilities and resolutions

Perform security testing on applications using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools to identify vulnerabilities and recommend mitigations.

The Pen Testers role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Pen Testers domain.

Roles and Responsibilities Conduct vulnerability assessments using Nessus, Burp Suite, and Qualys to identify potential security risks. Develop and maintain comprehensive reports on identified vulnerabilities, including remediation recommendations. Collaborate with cross-functional teams to implement mitigation strategies and monitor progress towards resolution. Provide expert guidance on application security best practices to development teams. Stay up-to-date with industry trends and emerging threats to continuously improve vulnerability management processes.

Position- System security Analyst Location- Mohali Key Responsibilities: • Conduct Vulnerability Assessment and Penetration Testing (VAPT). • Perform Application Security (AppSec) reviews. • Conduct Source Code Reviews to identify and remediate security flaws. Preferred Certifications: • CEH (Certified Ethical Hacker) • OSCP (Offensive Security Certified Professional) Hands-on Experience With: • VAPT Tools: Burp Suite, Nessus, Metasploit • AppSec Tools: Acunetix, Checkmarx • Source Code Analysis Tools: Fortify, Veracode • Familiarity with scripting (Python, Bash) and DevSecOps principles is a plus.

We are seeking an experienced and highly skilled Penetration Tester with expertise in mobile application security, specifically for both Android and iOS platforms. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in mobile applications, networks, APIs, and other critical systems. Your primary responsibility will be performing thorough security assessments, including reverse engineering, malware analysis, and incident forensics, to ensure the security and resilience of mobile applications and systems. The ideal candidate should have hands-on experience with penetration testing tools, mobile application testing, and advanced exploitation techniques. You will also be expected to collaborate with various teams, including Red Teams, to develop strategic security initiatives and offer expert-level recommendations for security improvements. Key Responsibilities: Mobile Application Penetration Testing: Conduct in-depth security assessments of mobile applications for both Android and iOS platforms, identifying vulnerabilities and recommending remediation strategies. Red Team Activities: Participate in Red Team exercises to simulate real-world attacks, uncover hidden threats, and assess the effectiveness of security controls. Security Assessments: Perform penetration testing on applications, networks, mobile platforms, APIs, cloud environments, and critical systems to identify advanced threats and vulnerabilities. Custom Exploit Development: Develop custom exploit code and scripts to demonstrate potential security risks to stakeholders and stakeholders, providing hands-on demonstrations of vulnerabilities. Reverse Engineering & Malware Analysis: Use reverse engineering techniques and tools to analyze complex threats, malware, and incidents, providing detailed reports on findings. Collaboration with Leadership: Collaborate with executive leadership and senior management to develop and execute strategic security initiatives and roadmaps to mitigate security risks. Security Architecture Guidance: Provide expert-level guidance on secure coding practices, cryptography, architecture design principles, and implementation to mitigate risks effectively. Tool Development & Automation: Develop custom penetration testing tools and scripts to automate testing processes and enhance capabilities for thorough assessments. Incident Forensics: Lead efforts to analyze and investigate security incidents, determining the root causes and recommending improvements for better prevention. Required Skills and Qualifications: Mobile Pen Testing Expertise: Strong experience in mobile application penetration testing for both Android and iOS platforms. Penetration Testing Tools: Expertise in tools and frameworks such as Metasploit, Burp Suite, Nessus, NMAP, and custom/open-source tools. Red Teaming & Advanced Exploitation: Advanced proficiency in red teaming, black box testing, and using advanced exploitation techniques to identify vulnerabilities. Malware Analysis & Reverse Engineering: Experience in malware analysis and reverse engineering to assess complex threats and incidents. Cryptography & Secure Coding: In-depth knowledge of cryptography, secure coding practices, and secure architecture design principles. Custom Tools & Scripting: Hands-on experience in developing custom scripts and tools to automate testing processes and enhance the effectiveness of assessments. Penetration Testing Methodologies: Expertise in applying penetration testing methodologies, including both network and application-level security assessments. Certifications (Preferred): o OSCP (Offensive Security Certified Professional) o CRTP (Certified Red Team Professional) o eLearn Security Certified Professional Penetration Tester V2.0 o Any other relevant certifications are a plus. Required Experience: Overall Experience: 12+ years in penetration testing, security assessments, and threat analysis. Relevant Experience: 10 years of hands-on experience specifically in penetration testing for mobile applications (Android & iOS), network security, cloud environments, and APIs. Experience working in Red Team environments is a plus.

The Security Engineer is responsible for designing, implementing, and maintaining security across all products and infrastructure, with a focus on both blockchain/wallet and general application security. This role requires a strategic mindset, strong risk management skills, and the ability to communicate security concepts to both technical and non-technical stakeholders. The ideal candidate is proactive, detail-oriented, and committed to fostering a culture of security throughout the organization. Responsibilities Develop and enforce security policies, standards and best practices. Lead security architecture reviews and risk assessments. Collaborate with engineering, product, and operations teams to ensure secure design and implementation. Oversee incident response, forensics, and post-incident analysis. Conduct security awareness training and promote a security-first culture. Stay current with emerging threats, vulnerabilities, and security technologies. Ensure compliance with relevant regulations and industry standards. Coordinate with external auditors, partners, and vendors on security matters. Qualifications and Experience Bachelors degree in Computer Science, Information Security, or related field (or equivalent experience). Relevant security certifications (CISSP, CISM, CEH, OSCP, etc.). 5+ years of experience in security engineering or related roles. Demonstrated experience with both blockchain and traditional application/infrastructure security. Experience leading security initiatives and incident response. Deep understanding of security frameworks, standards, and regulations (NIST, ISO 27001, GDPR, etc.). Awareness of current threat landscape and security technologies. Familiarity with blockchain security and smart contract vulnerabilities.

Role & responsibilities - Perform Application Security Testing - Perform Network Penetration Testing - Perform Vulnerability Assessment of Servers - Verify Scan results through manual testing - Co-ordinate with the clients for Project related queries - Undertake meeting with the client teams for discussing security issues and recommendations - Create detailed security reports - Keep track of project progress & send regular updates - Research on security tools - Create Security Knowledge base for the team - Participate in quality initiatives. Location: Pune-On Site Required Knowledge Areas: Web Application Security OWASP Top 10 Mobile Application Security – Mobile OWASP Top 10 NMAP/Port Scanning Vulnerability Scanning & Verification Web Traffic Interception (For Web/Mobile apps) SSL Security Tools Experience: Working knowledge of following tools is needed: Web Proxy Editors Network Sniffers Nessus Scanner Reverse Engineering Tools Mobile Application security tools – Either Android/IOS Any one Web Application Security Scanner. Certification Requirement: The candidate must possess any one of the following certifications: CEH/ ECSA/ OSCP Other Skills: The candidate should be good in: Documentation Communication Skills. Interested candidate can share their resume on hr@synradar.com or can connect on 8655620119 Immediate joiners are preferred

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience. Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModelingAbility to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify