360 Burp Suite Jobs - Page 14

Security Testing , Burp Suite Understand the security requirements , prepare test scripts , execute and prepare reports

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

Location: Mumbai/Bangalore Experience: 5 to 8 years Responsibilities: Conduct comprehensive security assessments, including network penetration testing and vulnerability analysis, to identify security gaps in critical systems. Simulate real-world attacks to test the effectiveness of security measures and identify potential weaknesses. Develop and execute red team operations, including social engineering, network exploitation, and physical security testing. Create detailed reports documenting findings, attack vectors, and remediation strategies. Stay up-to-date with the latest security trends, tools, and techniques to ensure cutting-edge testing methodologies. Complete the projects within budgeted efforts and deliver high quality reports. Open for onsite deployments anywhere across the world as business demands Required skill set: Bachelors degree in computer science, Information Security, or a related field. Strong understanding of network protocols, operating systems, and security architectures. Proficiency in using penetration testing tools such as Nessus, Metasploit, Burp Suite, and Wireshark and similar. Flexible and creative in helping to find acceptable solutions for customers. Excellent problem-solving skills and the ability to think like an attacker. Strong verbal and written communication skills to effectively convey complex security issues to technical and non-technical stakeholders. Relevant certifications such as OSCP, OSCE, CRTP or similar. Good to have Skills: Experience with reverse engineering and exploit development. Knowledge of cloud security and containerization technologies. Familiarity with regulatory requirements and industry standards (e.g., GDPR, PCI-DSS, ISO) Ability to work on multiple complex assignments simultaneously.

Role Purpose The purpose of this role is to prepare test cases and perform testing of the product/ platform/ solution to be deployed at a client end and ensure its meet 100% quality assurance parameters. Do Instrumental in understanding the test requirements and test case design of the product Authoring test planning with appropriate knowledge on business requirements and corresponding testable requirements Implementation of Wipro's way of testing using Model based testing and achieving efficient way of test generation Ensuring the test cases are peer reviewed and achieving less rework Work with development team to identify and capture test cases, ensure version Setting the criteria, parameters, scope/out-scope of testing and involve in UAT (User Acceptance Testing) Automate the test life cycle process at the appropriate stages through vb macros, scheduling, GUI automation etc To design and execute the automation framework and reporting Develop and automate tests for software validation by setting up of test environments, designing test plans, developing test cases/scenarios/usage cases, and executing these cases Ensure the test defects raised are as per the norm defined for project / program / account with clear description and replication patterns Detect bug issues and prepare file defect reports and report test progress No instances of rejection / slippage of delivered work items and they are within the Wipro / Customer SLA's and norms Design and timely release of test status dashboard at the end of every cycle test execution to the stake holders Providing feedback on usability and serviceability, trace the result to quality risk and report it to concerned stakeholders Status Reporting and Customer Focus on an ongoing basis with respect to testing and its execution Ensure good quality of interaction with customer w.r.t. e-mail content, fault report tracking, voice calls, business etiquette etc On time deliveries - WSRs, Test execution report and relevant dashboard updates in Test management repository Updates of accurate efforts in eCube, TMS and other project related trackers Timely Response to customer requests and no instances of complaints either internally or externally Mandatory Skills: Burpsuite.Experience: 3-5 Years.

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Primary Skills : Manual Penetration Testing using OWASP checklists, Penetration Testing, Cloud Security Assessment, Cybersecurity, Security Configuration Review, Source Code Review Job Description: 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API & Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms. Notice: Immediate to 15 days Location: ENBD Bangalore or ENBD Chennai or Dubai Location: Bangalore/Chennai/Dubai Experience: 4-6 Years Thanks & Regards, Ankita Ghosh

Were looking for a highly skilled UI Developer with a strong background in building native applications across Windows, macOS, iOS, and Android platforms. This role requires hands-on expertise in platform-specific development tools and languages, such as C/C++, .Net, WinAPI, Cocoa, Swift, Kotlin, and Android NDK, to deliver intuitive, high-performance user interfaces tailored to each ecosystem. The ideal candidate also brings a strong focus on security, with the ability to integrate features like hardware-backed encryption, secure boot, and multi-factor authentication into consumer-facing applications. Youll play a critical role in creating seamless, secure user experiences across desktop and mobile devices. Responsibilities As a member of the OCI Enterprise Management Systems function, you will assist in defining and developing software for tasks associated with the developing, debugging or designing of software applications or operating systems. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs. Key Responsibilities Design and develop secure, high-performancenative user interfacesfor Windows, macOS, iOS, and Android platforms. Leverage platform-specific technologies (e.g., WinAPI, Cocoa, Swift, Kotlin, Android NDK) to deliver responsive, intuitive UI experiences. Integrate hardware-backed security features includingTrusted Platform Module (TPM),Apple Secure Enclave, andAndroid Keystorefor secure boot, attestation, and encrypted storage. Implementcryptographic algorithms and secure communication protocolsto protect data at rest and in transit. Build and supportrobust authentication mechanisms, including MFA, biometrics (Face ID, Touch ID, fingerprint), and token-based access. Collaborate withsecurity architectsand engineers to define and implement secure software architecture. Conductcode reviews,threat modelling, andsecurity assessmentsto proactively identify and address vulnerabilities. Stay informed on emerging threats, CVEs, and platform security updates, ensuring applications are always a step ahead. Partner closely withproduct managers, UX designers, and backend engineersto deliver cohesive, high-quality apps on time. Mentor junior developers in secure coding practices, cryptography, and platform-specific development techniques. Requirements Bachelors degree inComputer Science,Engineering or relevant experience. Proven experience developingnative applicationsforWindowsand at least two additional platforms (macOS, iOS, Android). Proficient inC/C++, Java, .NETand platform-native development frameworks such asWinAPI,Cocoa,Swift,Kotlin, andAndroid NDK. Proven experience designing and buildingcommercial-grade endpoint softwareat scale, with a strong emphasis onreliability, performance, and maintainabilityacross diverse hardware and operating system environments Strong knowledge ofTPM,Secure Enclave, andAndroid Keystore, with experience integrating these technologies for secure storage and authentication. Hands-on experience withcryptographic librariessuch asOpenSSL,CryptoAPI, andCommonCrypto. Familiarity with authentication protocols likeOAuth2.0,OpenID Connect,FIDO, and optionallyKerberos,SAML, andLDAP. Deep understanding ofWindows and macOS internals, including system architecture, low-level APIs, and built-in security features such asBitLocker,User Account Control (UAC),Windows Defender, andmacOS System Integrity Protection (SIP), Gatekeeper, and FileVault. Experience using mobile security testing tools such asAppScan,Burp Suite, orMobile Security Framework (MobSF). Strong attention to detail with a passion for writing secure, efficient, and maintainable code. Excellent communication skills and a collaborative mindset, with the ability to mentor and inspire peers.

Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design. Key responsibilities Plan the penetration test Select, design and create appropriate tools for testing Perform the penetration test on computer systems, networks, web-based and mobile applications Document your methodologies, findings Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs. Review your findings and feedback to development teams Analyse the outcomes and make recommendations for security improvements Carry out application, network, systems and infrastructure penetration tests Review physical security and perform social engineering tests where appropriate Evaluate and select from a range of penetration testing tools Keep up to date with latest testing and ethical hacking methods Deploy the testing methodology and collect data Report on findings to a range of stakeholders Make suggestions for security improvements Enhance existing methodology material Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Experience – More than 5years in Cybersecurity Web Application Testing Basic understanding of HTTP Protocol HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc. Basic understanding of HTML/JavaScript Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities Automated Testing Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.) Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan. Assessment of scanner results and intelligently identifying false positives from the scan results. Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender. Manual Testing. Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing. Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities. Preferred Professional and Technical Expertise : Webservice Testing SOAP/REST APIs testing. Configuring cURL commands and POSTMAN tool to capture the request in automated scanner. Network Testing Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc. Basic understanding of network devices like router, switches, firewall/IDS/IPS etc.. Network scanning tools such as Nessus, Nmap, Metasploit etc. Exploitation and Post Exploitation of network vulnerabilities. Threat Model and Source code security scanning Perform/Participate in threat model creation/design or review Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools. Preferred technical and professional experience Security Certifications Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc

Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design. Key responsibilities Plan the penetration test Select, design and create appropriate tools for testing Perform the penetration test on computer systems, networks, web-based and mobile applications Document your methodologies, findings Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs. Review your findings and feedback to development teams Analyse the outcomes and make recommendations for security improvements Carry out application, network, systems and infrastructure penetration tests Review physical security and perform social engineering tests where appropriate Evaluate and select from a range of penetration testing tools Keep up to date with latest testing and ethical hacking methods Deploy the testing methodology and collect data Report on findings to a range of stakeholders Make suggestions for security improvements Enhance existing methodology material Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Experience – More than 5years in Cybersecurity Web Application Testing Basic understanding of HTTP Protocol HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc. Basic understanding of HTML/JavaScript Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities Automated Testing Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.) Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan. Assessment of scanner results and intelligently identifying false positives from the scan results. Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender. Manual Testing. Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing. Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities. Preferred Professional and Technical Expertise : Webservice Testing SOAP/REST APIs testing. Configuring cURL commands and POSTMAN tool to capture the request in automated scanner. Network Testing Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc. Basic understanding of network devices like router, switches, firewall/IDS/IPS etc.. Network scanning tools such as Nessus, Nmap, Metasploit etc. Exploitation and Post Exploitation of network vulnerabilities. Threat Model and Source code security scanning Perform/Participate in threat model creation/design or review Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools. Preferred technical and professional experience Security Certifications Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc

We are hiring for Senior Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 4.8 to 8 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2-4 Years Primary Skills : Web App, API, Mobile App ,API Responsibility: API functional testing, Mobile functional testing ,API integration Thanks and Regards, Ankita Ghosh

Lead Red, Blue & Purple Team operations, securing client assets via pentests, monitoring, incident response & compliance. Manage teams, train clients, and ensure continuous protection across Web2 & Web3 tech. Full JD here: https://bit.ly/4lxMCjo

position: Contract to Hire(C2H) Skill: Security Test Engineer Experience:5+ Location: Bangalore Notice Period: Immediate to 15 Day Job Descrption: Clear understanding of OWASP Top 10 - application security risks Tools/OS: Burp Suite, OWASP ZAP, Kali Linux Manual Security Testing & Analysis, Security Test Designing Excellent Interpersonal and presentation skills Strong in verbal and written communication Good analytical skills Strong Time Management Must be flexible, independent, self-motivated. Team Player Candidates who are Interested for above position , Please share your resume to bhargavi.maddela@kiya.ai

1. Conduct vulnerability scan using Prisma's cloud vulnerability scanning features to identify vulnerabilities in cloud resources . 2. Assess and monitor security posture of Kubernetes clusters, including network policies, pod configurations and container runtime security. 3. Leverage Prisma cloud's automated vulnerability risk scoring to evaluate severity of vulnerabilities 4. Work with teams to prioritize vulnerabilities based on severity, exploitability & potential business impact. 5. Ensure organization's cloud infrastructure complies with industry standards 6. Use Prisma cloud to scan Kubernetes clusters and container registries for known vulnerabilities and misconfigurations 7. Create vulnerability reports that detail discovered vulnerabilities, risk analysis and remediation actions.

Key Result Areas: Effectively lead and manage the application security testing team. Ensure the team meets project deadlines and objectives. Successfully plan and execute security assessments on software applications and Infrastructure devices. Identify and report vulnerabilities accurately and in a timely manner. Monitor and track the resolution of identified vulnerabilities. Stay current with evolving security threats and best practices. Effectively communicate security risks and recommendations to stakeholders. Job Description: The Application Security Testing Manager will be responsible for leading a team of security testers and ensuring the security and integrity of software applications within G&B. This role involves planning, executing, and overseeing security assessments, identifying vulnerabilities, and driving their remediation. Preferred candidate profile Essential: Proven experience (typically 5+ years) in application security testing and vulnerability assessment. Familiarity with security testing tools such as Burp Suite, OWASP ZAP, Nessus, and others. Proficiency in programming and scripting languages (e.g., Python, Java) for security testing and automation. Strong understanding of software development lifecycles and secure coding practices. Experience with security standards, frameworks, such as OWASP SPECIAL SKILLS REQUIRED Essential: Bachelor's or Master's degree in computer science, cybersecurity, or a related field. Excellent communication skills. Strong problem-solving and analytical abilities.

JD: https://www.pinnacle.in/career/qa-automation-engineer Skills: * Automation Tester * Non Functional Testing * Penetration, Performance Testing * Knowledge of Security Tools, OWASP, Burp Suite Min 3 yrs experience must in Automation.

Happiest Minds Technologies hiring for Security Engineer for Mumbai Location, please share resume to ankita.patari@happiestminds.com Skills and Job description: Location: Mumbai(BKC) Working days: 5 days from Office. Experience:2.5 years above+ For a Network VAPT (Vulnerability Assessment and Penetration Testing) Assessor, the required skillset spans across technical expertise, analytical thinking, and knowledge of security frameworks. Here's a breakdown of the key skills. Networking Fundamentals TCP/IP, DNS, DHCP, NAT, VLANs Routing and switching concepts Network architecture and protocols Vulnerability Assessment Tools Nessus, Algosec Nmap for port scanning and service enumeration Nikto, Burp Suite (for web-based assessments) Penetration Testing Tools Metasploit Framework Kali Linux tools Wireshark for packet analysis Thanks and Regards, Ankita Ghosh

This is a full-time on-site role for a Penetration Tester located in Faridabad. The Penetration Tester will be responsible for identifying and exploiting vulnerabilities in application security, as well as performing red teaming exercises. Role & responsibilities Plan and perform external penetration tests and vulnerability scans against clients websites, APIs, and network edge, employing manual research techniques and industry-standard tools (e.g., Burp Suite, Nessus). Validate and triage findings, assign severity ratings (e.g., CVSS), and produce professional audit reports that translate technical risks into actionable business recommendations. Engage with client stakeholders - present interim findings, advise on mitigation strategies, and retest remediated issues to verify closure. Preferred candidate profile Deep understanding of VAPT methodologies (OSSTMM, PTES) and research approaches. Proficiency with web-app testing tools (Burp Suite, OWASP ZAP) and network scanners (Nmap). Strong knowledge of OWASP Top 10, CVSS scoring, and network attack vectors. Excellent written and verbal communication skills for client reporting and technical presentations. Scripting ability (Python, Bash, PowerShell) for automation of scans and proof-of-concept research. Hands-on cybersecurity experience such as accepted bug bounties, CTF rankings, disclosable VAPT reports, CVE contributions, or practical certifications like OSCP, eJPT. Familiarity with compliance frameworks (PCI-DSS, ISO 27001, GDPR) and translating audit results into compliance guidance.

Date: 7 Aug 2025 Location: Bangalore, KA, IN At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling, and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, 80,000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars. Could you be the full-time Cybersecurity Engineer in Bangalore were looking for? Your future role Take on a new challenge and apply your cybersecurity expertise in a cutting-edge field. Youll work alongside a highly motivated and dynamic team of cybersecurity professionals. You'll play a pivotal role in safeguarding Alstoms products and solutions by leading vulnerability assessments, performing scans, penetration testing, and monitoring global threats. Day-to-day, youll collaborate with various teams across the businessincluding Program Managers, Product Development Teams, and Regional Cybersecurity Managerswhile driving the implementation of robust security practices and much more. Youll specifically take care of conducting security assessments, including vulnerability scans and penetration tests, but also contribute to incident response workflows and provide training on cybersecurity tools and processes. Well look to you for: Performing vulnerability assessments, penetration tests, and policy compliance scans using industry-standard tools. Monitoring published vulnerabilities and security advisories, and communicating potential risks to internal teams. Providing analysis on vulnerabilities in operating systems, applications, and configurations, and recommending remediation actions. Supporting incident response activities as part of the PSIRT team, including first-level analysis and vulnerability remediation workflows. Identifying and deploying cybersecurity tools, offering training and guidance to ensure effective use. Delivering internal training on cybersecurity processes, tools, and best practices. All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Bachelors or Masters degree in Computer Science, Information Technology, or equivalent. Mandatory CEH or equivalent Pen Test certification. Preferred certifications: ISA 62443, OSCP, or others like GICSP, CISSP, GSEC, ECSA, CISM, Comptia Pen Test+. Experience with security tools such as Qualys, Nessus, Kali Linux, Metasploit, Burp Suite, and more. Strong knowledge of networking (TCP/IP, OSI model), operating systems (Windows, Linux), and security technologies (firewalls, IDS/IPS). Understanding of programming/scripting languages such as Python, Java, or C. Familiarity with security standards and regulations like ISO 2700X, ISA 62443, and NIST. Experience in configuration reviews using CIS Benchmarks. Knowledge of CVE, CPE, and CWE frameworks. Strong analytical, problem-solving, and communication skills. Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges, and a long-term career free from monotonous daily routines. Work with new security standards for rail signalling. Collaborate with cross-functional teams and supportive colleagues. Contribute to innovative and impactful projects. Utilise our flexible and inclusive working environment. Steer your career in whatever direction you choose across functions and countries. Benefit from our investment in your development, through award-winning learning programs. Progress towards leadership roles in cybersecurity or related fields. Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension).

As a Penetration Tester, you will be instrumental in safeguarding our AI platforms by identifying vulnerabilities and simulating real-world attacks. Your expertise will help fortify our systems, ensuring the integrity and trustworthiness of our AI solutions. Role & responsibilities Conduct Penetration Tests: Perform comprehensive penetration testing on AI models, APIs, cloud infrastructures, and associated systems to uncover security weaknesses. AI-Specific Threat Analysis: Identify and assess vulnerabilities unique to AI systems, including model inversion, data poisoning, and adversarial attacks. Tool Development: Create and maintain custom scripts and tools to automate testing processes and improve efficiency. Reporting: Document findings in detailed reports, providing actionable recommendations to mitigate identified risks. Collaboration: Work closely with development, data science, and DevOps teams to integrate security best practices throughout the AI product lifecycle. Stay Updated: Keep abreast of the latest cybersecurity threats, penetration testing techniques, and AI security research. Job Penetration Testing Tools: Proficiency with tools like Kali Linux, Burp Suite, Metasploit, Nmap, and Wireshark. Programming and Scripting: Strong skills in Python, Bash, or PowerShell for automating tasks and developing custom testing tools. Networking and Protocols: In-depth understanding of TCP/IP, DNS, HTTP/HTTPS, and other networking protocols. Operating Systems: Experience with Windows, Linux, and macOS environments. Cloud Security: Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and their security configurations. AI and Machine Learning: Basic understanding of machine learning frameworks (e.g., TensorFlow, PyTorch) and AI model architectures Preferred candidate profile Advanced Threat Analysis: Experience in identifying and mitigating sophisticated cyber threats. Social Engineering: Knowledge of social engineering tactics and their application in penetration testing. Security Frameworks: Familiarity with OWASP, NIST, and ISO/IEC 27001 standards. Secure Coding Practices: Understanding of secure coding standards and the ability to perform code reviews.

4-6 years of experience in web, network and embedded/IoT applications penetration testing ands-on experience with penetration testing tools including open-source tools, such as

Job Title : Security Analyst Application & Cloud Security Experience Level : 3 to 5 Years Location : Pune Department : Information Security Reporting To : Security Manager / CISO Job Summary We are seeking a motivated and detail-oriented Security Analyst with foundational to intermediate experience in application and cloud security. The ideal candidate will support our security initiatives including application vulnerability assessments, cloud infrastructure security reviews, DevSecOps practices, and compliance activities such as ISO 27001 and SOC 2. This role also involves cross-functional coordination with development, infrastructure, audit, and vendor teams to ensure end-to-end security posture and risk mitigation. Key Responsibilities 1. Application Security Perform application vulnerability scans using automated tools (e.g., SAST, DAST). Review scan results, prioritize findings based on criticality, and coordinate with developers for remediation. Educate and guide development teams on secure coding practices and vulnerability remediation steps. Maintain and update vulnerability management trackers and ensure timely closure of findings. Coordinate with external vendors and internal stakeholders for periodic VAPT exercises. Support load testing and performance testing activities from a security perspective. 2. Cloud & Infrastructure Security Conduct infrastructure vulnerability scanning across cloud and on-premise environments. Work closely with internal teams (server, cloud, infra) to ensure timely remediation of findings. Recommend and enforce security best practices in CI/CD pipelines, servers, and cloud infrastructure. Validate security control implementations and conduct periodic audits to ensure compliance. Assist in hardening initiatives and continuous improvement of cloud security posture (AWS preferred). 3. Security Governance, Risk & Compliance Assist in the implementation and ongoing maintenance of ISO 27001 and SOC 2 frameworks. Support internal and external audits by providing relevant evidence and documentation. Maintain up-to-date security documentation including policies, procedures, and audit records. Track and report compliance status and identify any gaps requiring corrective actions. 4. Vendor Risk Management Conduct security assessments for third-party vendors based on internal policies and standards. Coordinate with procurement, business, and vendor teams to complete security due diligence. Maintain a vendor risk register and follow up on any open security gaps or mitigations. Requirements Must-Have Skills Foundational to moderate experience in application security and vulnerability management. Exposure to tools such as OWASP ZAP, Burp Suite, Nessus, Qualys, or similar. Basic to intermediate understanding of cloud infrastructure, preferably AWS. Familiarity with CI/CD pipelines and DevSecOps practices. Understanding of ISO 27001, SOC 2 compliance frameworks and internal audit process. Experience in documentation, tracking, and reporting compliance status. Good to Have Basic scripting or automation knowledge for security tasks. Hands-on experience with infrastructure-as-code (e.g., Terraform, CloudFormation). Exposure to GRC platforms or ticketing tools (e.g., ServiceNow, Jira). Understanding of performance and load testing tools and their relevance to security. Soft Skills Strong communication skills to work with developers, auditors, and vendors. Ability to multitask and handle multiple priorities in a dynamic environment. Analytical mindset with attention to detail. Team player with a proactive and learning attitude. Education & Certifications Bachelor's degree in Computer Science, IT, EC, Cyber Security, Information Security, or a related field. Certifications preferred but not mandatory: CompTIA Security+, AWS Certified Cloud Practitioner, ISO 27001 LA/IA, or equivalent. Role & responsibilities Preferred candidate profile

Education Qualification: Bachelor's degree in Computer Science or related field or higher with minimum 3 years of relevant experience. Your future duties and responsibilities: 3+ years of penetration testing experience, preferably in highly regulated industries and for global clients Proficiency with scripting and programming languages, mainly Python Perform Penetration Testing for networks (internal & external), applications, APIs & cloud assessments Vulnerability identification and analysis Collaborate with team members and stakeholders to define project scopes, review test results, and determine remediation steps Advanced problem-solving skills Any security certifications are a plus Strong written and verbal communication skills Ability to work autonomously with little directional oversight Ability to lead a project and multiple testers Commitment to quality and on-schedule delivery; and a proven ability to establish and meet milestones and deadlines Customer-focused mentality to understand and appropriately respond to customers business needs Draft reports and communicate complex security concepts and test findings to clients and stakeholders Make expert recommendations to help clients improve their information security program Work on researching & developing utilities, toolkits, processes, tactics, and techniques Required qualifications to be successful in this role: Must to have skills-Penetration testing, DAST Testing, SAST Testing, OWASP top 10 The candidate should be having experience on various industry based security standards and the relevant tests. The candidate should possess comprehensive experience with various industry-recognized security standards (apart from OWASP, NIST, ISO 27001, and PCI-DSS) and demonstrate proficiency in conducting relevant security assessments and compliance-driven testing based on these frameworks. Good to have Skills- Python Skills: Vulnerability Assessment(IAVA) Vulnerability Testing (IAVT) Artificial Intelligence Python

We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure youre set up for success, you will bring the following skillset & experience: 3+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

Educational Requirements Master Of Engineering,Bachelor of Engineering Service Line Cyber Security Responsibilities Approx 5 years' experience as a Security Architect Bachelor's degree in information technology, security, or similar Experience in providing security architecture support to a large development organization Information security credentials such as IGP, CISSP or similar Well versed in cloud security on a generic level as well as AWSSecondary Skills: SAST and DASTSolid diplomatic and communication skills in EnglishThe candidate will primary work with security assessments and as part of that also be able to provide guidance on how to close security gaps The candidate will also be part of "shift left" for assessments to automate and minimize the manyal work involved It is also expected that the candidate will assist in creating an assessment " factory" with a streamlined process for approaching assessments Preferred Skills: Technology-Enterprise Architecture-Data / Information Architecture

The role supports full end to end software development cycle, from initial client engagement, through assessments and road-mapping, to longer term engagement in an advisory capacity. As an Application Security Consultants, the person should leverage the technical expertise of the security competencies, varied product and delivery capabilities. Hands on experience in Secure SDLC, DAST, SAST, HP Fortify and Burp Suite Provide strategic advice and insights to clients based on deep domain knowledge and industry best practices. Identify potential risks and develop mitigation strategies to ensure project success and client satisfaction. Lead and coordinate incident response activities, including investigation, containment, and remediation of security incidents. Provide security training and awareness programs to developers on security policies, procedures, and best practices. Ensure applications team adhere to relevant security standards, regulatory requirements, and industry best practices (e.g., OWASP, NIST, PCI DSS). Provide support for regulatory and internal audits, diligently tracking reported observations through to closure. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Education Qualification - BE/Btech/MCA/M.Tech. 5-7 yrs hands on experience. Hands on experience in Secure SDLC, DAST, SAST, HP Fortify and Burp Suite Ensure applications team adhere to relevant security standards, regulatory requirements, and industry best practices (e.g., OWASP, NIST, PCI DSS). Preferred technical and professional experience OEM certification from one of the following HP Fortify and Burp Suite

Meet the Team Join Dexcom's Product Security R&D department as a Senior Security Engineer specializing in penetration testing. Our team is dedicated to ensuring the security of our mobile and web applications, cloud infrastructure, APIs, and physical medical devices. You'll work closely with the Director of Cybersecurity Engineering to identify and exploit vulnerabilities across various platforms, including mobile and web applications, cloud environments, APIs, hardware, firmware, and wireless networks. If you're a skilled penetration tester eager to tackle security challenges and make a significant impact using cutting-edge technologies, we want to hear from you. Where You Come In You conduct penetration testing on mobile and web applications, cloud infrastructure, APIs, hardware, firmware, and wireless networks to identify and exploit vulnerabilities. You work closely with development teams to provide recommendations on security best practices. You develop and execute penetration test plans and reports. You research and stay current on the latest security threats and tools. You create custom tools and exploits with coding and automation. What Makes You Successful You have solid experience in penetration testing. You hold certifications such as OSCP, OSWE, OSEP, CPTS, PNPT, INE Certification, or SANS. You possess strong knowledge of OWASP Top 10 (web, mobile, API, etc.) vulnerabilities. You are experienced with penetration testing tools such as OWASP ZAP, Burp Suite, Nmap, and Kali Linux. You are proficient with API testing tools like Postman or Swagger. You have a strong understanding of web technologies such as RESTful APIs, framework-based deployments, and backend management. You have experience with cloud platforms such as GCP and Kubernetes. You are knowledgeable about cloud security best practices and common misconfigurations. You have experience with mobile, hardware, firmware, and wireless technologies such as Bluetooth Low Energy (BLE). You can write and review code in at least one of the following languages: Java, Scala, C#, or similar. Preferred Qualifications You hold a Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) certification. You have experience with security research, bug bounties, zero-day exploits, or creating custom exploits. You have experience with red teaming exercises. You are familiar with threat modeling and risk assessment methodologies. You have experience with DevOps practices and the secure software development lifecycle. You have experience or interest in Artificial Intelligence. Education and Experience Requirements: Typically requires a bachelors degree in a technical discipline, and a minimum of 5-8 years related experience or master’s degree and 2-5 years equivalent industry experience or a PhD and 0-2 years’ experience