360 Burp Suite Jobs - Page 15

We are seeking an experienced Application Security Manager to lead our security initiatives and ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial in safeguarding our digital assets and maintaining compliance with industry for - 1. To Integratesecuritytools,standards,andprocessesintothe productlifecycle(PLC). 2. EnsurethatdevelopersandQApersonnelaretrainedwiththeappropriatele velofsecurityknowledgetoperformtheir dailyactivities. 3. Improveandsupportapplicationsecuritytooldeploymentsincludingstaticanal ysisandruntimetestingtools and securedevelopmentstandards. 4. Conduct and manage periodic penetration testing exercises through expert consulting, internal technology team, and managed services to identify the gaps and fulfill audit/ regulator requirements. 5. Create, Integrate and manage threat modelling process/ practices, following SSDLC and application framework. 6. Manage the secure configuration/ hardening guidelines and compliance. 7. Should create and manage application security KPIs. KRIs compliance reports and dashboards. 8. Should have strong hand-on experience of different tools, processes related to SAST, DAST, API Security and Threat Modelling. 9. Should take care of Infosec functions by coordinating with various stakeholders (App Team, Vendors, Auditors, Regulators). 10. Should have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST. 11. Should have a good espouser to cloud environment (AWS) and WAF (Imperva, Akamai) 12. Knowledge of Network and Data Security is a plus. Qualifications and Experience: 1. 8-10 years of hands-on experience in application security. 2. Strong understanding of application security best practices, frameworks, and security technologies, like Checkmarx, Fortify, Burp Suite, OWASP ZAP, Acunetix etc. 3. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes. 4. Familiarity with regulatory requirements and compliance standards (e.g., RBI, SEBI). 5. Excellent communication, interpersonal, analytical and problem-solving skills. 6. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Masters degree or relevant certifications preferred.

Key Responsibilities: Perform in-depth penetration testing, vulnerability assessments, and security reviews of applications, infrastructure, and networks. Identify, exploit, and document security vulnerabilities across systems and provide remediation recommendations. Simulate sophisticated attacks to test the strength of security controls and identify potential areas of compromise. Collaborate with development, infra, and DevOps teams to integrate security into the development lifecycle and Infrastructure-as-Code (IaC) security. Develop comprehensive security test plans, methodologies, and tools to ensure effective assessment of systems. Create detailed reports that outline vulnerabilities, risks, and recommended mitigations. Perform threat modeling and risk assessments to prioritize testing efforts. Monitor network traffic for threats and respond to security incidents. Ensure security best practices in Cloud environments, security controls for cloud workloads, IAM policies, and network security. Monitor and respond to cloud security incidents using SIEM and cloud-native security tools. Integrate and automate security testing and compliance checks into CI/CD pipelines using tools like SAST, DAST, and IAST . Educational Qualifications: -B.Tech/B.E in Computers , -B.Tech/B.E in IT Job Responsibilities: Required Skills & Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or related field . 2-3 years of experience in cybersecurity with a focus on Penetration testing or Ethical Hacking , Application Security, Cloud Security, and DevSecOps . Experience with security tools such as Burp Suite, Metasploit, Nessus, Wireshark, SonarQube, AWS WAF, Google WAF, Kali Linux, and other vulnerability scanning tools, etc. Knowledge of SIEM , EDR , NIST, CIS, and OWASP security frameworks. Proficiency in scripting (Python, Bash, PowerShell) for security automation. Industry certifications like CEH, Security+, AWS/GCP Security, or any DevSecOps-related certification (preferred but not mandatory). Excellent written and verbal communication skills to effectively report vulnerabilities and collaborate with stakeholders.Qualifications: Bachelors degree in computer science . Skills Required: DevOps , Linux , PHP , Python

We are seeking a highly skilled and motivated Technical Security Professional specializing in Vulnerability Assessment and Penetration Testing (VAPT), Source Code Review, API Security, and Web Application Security. As a member of our team, you will be responsible for ensuring the security and integrity of our systems, applications, and networks. Responsibilities Conduct comprehensive Vulnerability Assessments and Penetration Tests (VAPT) on various systems, networks, and applications to identify security weaknesses and potential vulnerabilities. Perform thorough Source Code Reviews to identify security flaws, coding errors, and vulnerabilities in web applications and software products. Assess and enhance API security by evaluating API designs, configurations, and implementations for potential security risks and vulnerabilities. Evaluate and enhance the security posture of web applications by conducting thorough security assessments and implementing appropriate security controls. Develop and implement security testing methodologies, tools, and procedures to improve the efficiency and effectiveness of security testing activities. Provide technical expertise and guidance to development teams, system administrators, and other stakeholders on security best practices and mitigation strategies. Collaborate with cross-functional teams to remediate identified security vulnerabilities and implement security controls to mitigate risks. Stay updated on the latest security trends, vulnerabilities, and best practices to continuously improve the security posture of our systems and applications. Requirements: Bachelor's degree in Computer Science, Information Security, or a related field. (Master degree preferred) 5 to 7 years of experience in conducting Vulnerability Assessments and Penetration Tests (VAPT) on enterprise systems, networks, and applications. 4 to 7 years of experience in performing Source Code Reviews for web applications and software products. Proficiency in using industry-standard security testing tools such as Nessus, Metasploit, Burp Suite, etc. Strong understanding of web application security principles, common vulnerabilities (e.g., OWASP Top 10), and mitigation techniques. Experience in assessing and enhancing API security, including authentication, authorization, encryption, and access control mechanisms. Knowledge of secure coding practices and common programming languages (e.g., Java, Python, C/C++, etc.). Knowledge of cloud security and DevSecOps processes. Excellent analytical and problem-solving skills with the ability to identify and mitigate complex security risks and vulnerabilities. Strong communication and interpersonal skills with the ability to effectively collaborate with cross-functional teams and stakeholders. Relevant security certifications such as CISSP, CEH, OSCP, etc., are preferred.

What you’ll do Typical daily work will consist of planning and performing penetration tests on cloud-based and on-premises infra & applications to identify security weaknesses and loopholes Support the penetration testing lifecycle—from information gathering and vulnerability scanning to manual exploitation and documentation Collaborate closely with the vulnerability management team to validate exploitable vulnerabilities and help prioritize remediation Collaborate with infra owners, developers, business teams to understand applications and infrastructure and provide practical, remediation-focused security advice Help create clear, actionable penetration testing reports including proof-of-concept, risk ratings, and remediation guidance Developing and testing custom exploits to demonstrate vulnerabilities and assess the potential impact on systems Conduct comprehensive cloud penetration tests targeting AWS, Azure, GCP to identify and exploit misconfigurations, insecure interfaces, and vulnerabilities in cloud services and applications Regularly review and enhance penetration testing methodologies and practices to adapt to evolving threats and technologies Participate in internal security knowledge-sharing sessions and team meetings to learn from senior testers and share discoveries What you’ll bring Strong foundational understanding of information security principles Familiarity with tools such as Nmap, Burp Suite, OWASP ZAP, Nikto (Web/App Testing) Nessus, OpenVAS, Kali Linux (Infrastructure Scanning), and Metasploit (for controlled exploit validation) Basic Knowledge of OWASP Top 10 web application vulnerabilities Common infrastructure weaknesses (e.g., SMB, RDP, DNS, FTP, SMTP issues) Authentication and access control issues A deep interest in Cyber Security and a drive to learn about penetration testing skills through hands-on practice, research, and community engagement Comfort working in command-line environments (Linux shells, Windows CMD/PowerShell) for reconnaissance and exploitation. Strong analytical and problem-solving mindset , with the ability to break down complex problems and think creatively Eagerness to learn from real-world engagements and senior team members, with a growth mindset and a proactive approach to developing technical depth and practical experience Familiarity with secure communication protocols (e.g., HTTPS, SSH, VPNs) and how insecure configurations can be exploited Good verbal and written communication skills to clearly explain technical concepts and document findings Passion for cybersecurity, demonstrated through CTF participation, cybersecurity clubs, academic projects , personal labs, or platforms like Hack the Box, TryHackMe, or OverTheWire Good to have skills and abilities Completion of relevant cybersecurity coursework or certifications Basic scripting in Python, Bash, or PowerShell for automating tasks or building internal tools Understanding of web application architecture (client-server model, HTTP protocol, APIs) Awareness of vulnerability disclosure platforms (e.g., CVE database) and responsible reporting practices Basic Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System used for scoring vulnerabilities Academic Qualifications Bachelor’s degree in computer science/management of computer information/Cybersecurity 0-2 years of Penetration Testing / Red-Teaming / Offensive Security Must have Security CertificationsOSCP / CREST / GPEN / HTB-CPTS Security CertificationsCRTP/CARTP, CRTE, CRTO (I & II), OSEP, OSED, GRTP Cloud CertificationsAWS CLP, AWS Security Specialty

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to: SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to: Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to: OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to: Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to: API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

Job Purpose The Principal QA Engineer plays a critical role in shaping and executing robust testing strategiesboth manual and automatedto ensure the delivery of high-quality, next-generation trading tools that integrate real-time cross-asset data, global news, and analytics within a unified platform. This role also involves actively contributing to issue resolution, performing complex quality assurance tasks, and providing strategic recommendations to management, all while driving continuous improvement across QA processes. The QA Engineer will be an integral part of the technology team, overseeing and participating in all phases of the quality assurance process. Responsibilities Requirement Analysis & Test Planning: Review and analyze functional and non-functional requirements to evaluate their impact on applications and derive comprehensive test cases and scenarios accordingly. Project & Team Collaboration: Contribute to QA planning and execution by managing assigned tasks or QA projects, mentoring junior and senior engineers and collaborating with technical leads and product managers during product requirement evaluations. Test Documentation & Reporting: Create clear, complete and well-organized documentation including bug reports, test cases, test plans and status reports to ensure visibility and traceability of QA efforts. Environment Setup & Maintenance: Participate in the setup, deployment and ongoing maintenance of QA test environments, ensuring they are stable and representative of production systems. Test Case Reviews & Mentorship: Review test cases authored by junior QA engineers, provide constructive feedback and help develop effective testing strategies aligned with quality objectives. Test Automation Design & Strategy: Collaborate with the team to review product architecture, design and implement automation solutions that improve test efficiency, accuracy and coverage. Automation Execution & Optimization: Work closely with QA engineers to build and maintain a robust library of automated tests, reducing manual efforts while improving overall test repeatability and reliability. Process Improvement & QA Governance: Partner with QA leadership to document and refine QA processes, implement best practices and continuously improve quality standards across projects. Release & Production Support: Provide QA support during production releases, including validating deployments and assisting in identifying and resolving post-release issues. Quality Advocacy & Problem Solving: Maintain a strong quality mindset with a break-it to make-it better attitude, while also being a proactive problem solver who contributes to root cause analysis and continuous improvement. Knowledge and Experience The candidate must be well-versed in Quality Assurance concepts, practices and tools, and will rely on their extensive experience and judgment to strategize and achieve objectives. Candidates must be capable of reviewing software applications objectively, work with stakeholders to understand requirements, collaborate with Developers to understand the application architecture and nature of code changes to evaluate impact, and assist in debugging and enhancing applications. The candidate must have: 10+ years of related work experience. Strong written and verbal communication skills. Strong analytical and problem-solving skills. Ability to work on multiple projects at same time. Experience with mainstream defect tracking tools and test management tools. Proficient in any of the programming languages including Java, Python, SQL, and JavaScript/TS, with hands-on experience in building and testing backend and frontend components. Strong experience in designing, executing and maintaining automated and manual tests for REST/SOAP APIs. Experienced in UI automation for both browser and desktop applications using tools such as Selenium and Playwright (for web) and UFT and Squish (for desktop and hybrid applications). Experience in designing and executing performance and security tests using tools like JMeter, BURP suite or similar. Experience using test result reporting tools like Allure, Extent Reports or similar Well-versed in Continuous Integration/Continuous Deployment (CI/CD) pipelines using tools such as Jenkins, GitHub Actions, GitLab CI, and Azure DevOps. Also experienced in using Chocolatey for managing Windows-based dependencies and packages in CI pipelines and familiar with Coinbase CI/CD standards for secure and compliant deployment practices in financial environments. Skilled in version control systems like Git and experienced with repository management platforms such as Bitbucket, GitHub, and GitLab for collaborative development and code management. Desired Knowledge and Experience Experience in the Financial Industry (trading tools with real-time cross-asset data and fixed income is preferred). B.S. / M.S. in Computer Science, Electrical Engineering, Math or equivalent

Job Purpose The Principal QA Engineer plays a critical role in shaping and executing robust testing strategiesboth manual and automatedto ensure the delivery of high-quality, next-generation trading tools that integrate real-time cross-asset data, global news, and analytics within a unified platform. This role also involves actively contributing to issue resolution, performing complex quality assurance tasks, and providing strategic recommendations to management, all while driving continuous improvement across QA processes. The QA Engineer will be an integral part of the technology team, overseeing and participating in all phases of the quality assurance process. Responsibilities Requirement Analysis & Test Planning: Review and analyze functional and non-functional requirements to evaluate their impact on applications and derive comprehensive test cases and scenarios accordingly. Project & Team Collaboration: Contribute to QA planning and execution by managing assigned tasks or QA projects, mentoring junior and senior engineers and collaborating with technical leads and product managers during product requirement evaluations. Test Documentation & Reporting: Create clear, complete and well-organized documentation including bug reports, test cases, test plans and status reports to ensure visibility and traceability of QA efforts. Environment Setup & Maintenance: Participate in the setup, deployment and ongoing maintenance of QA test environments, ensuring they are stable and representative of production systems. Test Case Reviews & Mentorship: Review test cases authored by junior QA engineers, provide constructive feedback and help develop effective testing strategies aligned with quality objectives. Test Automation Design & Strategy: Collaborate with the team to review product architecture, design and implement automation solutions that improve test efficiency, accuracy and coverage. Automation Execution & Optimization: Work closely with QA engineers to build and maintain a robust library of automated tests, reducing manual efforts while improving overall test repeatability and reliability. Process Improvement & QA Governance: Partner with QA leadership to document and refine QA processes, implement best practices and continuously improve quality standards across projects. Release & Production Support: Provide QA support during production releases, including validating deployments and assisting in identifying and resolving post-release issues. Quality Advocacy & Problem Solving: Maintain a strong quality mindset with a break-it to make-it better attitude, while also being a proactive problem solver who contributes to root cause analysis and continuous improvement. Knowledge and Experience The candidate must be well-versed in Quality Assurance concepts, practices and tools, and will rely on their extensive experience and judgment to strategize and achieve objectives. Candidates must be capable of reviewing software applications objectively, work with stakeholders to understand requirements, collaborate with Developers to understand the application architecture and nature of code changes to evaluate impact, and assist in debugging and enhancing applications. The candidate must have: 10+ years of related work experience. Strong written and verbal communication skills. Strong analytical and problem-solving skills. Ability to work on multiple projects at same time. Experience with mainstream defect tracking tools and test management tools. Proficient in any of the programming languages including Java, Python, SQL, and JavaScript/TS, with hands-on experience in building and testing backend and frontend components. Strong experience in designing, executing and maintaining automated and manual tests for REST/SOAP APIs. Experienced in UI automation for both browser and desktop applications using tools such as Selenium and Playwright (for web) and UFT and Squish (for desktop and hybrid applications). Experience in designing and executing performance and security tests using tools like JMeter, BURP suite or similar. Experience using test result reporting tools like Allure, Extent Reports or similar Well-versed in Continuous Integration/Continuous Deployment (CI/CD) pipelines using tools such as Jenkins, GitHub Actions, GitLab CI, and Azure DevOps. Also experienced in using Chocolatey for managing Windows-based dependencies and packages in CI pipelines and familiar with Coinbase CI/CD standards for secure and compliant deployment practices in financial environments. Skilled in version control systems like Git and experienced with repository management platforms such as Bitbucket, GitHub, and GitLab for collaborative development and code management. Desired Knowledge and Experience Experience in the Financial Industry (trading tools with real-time cross-asset data and fixed income is preferred). B.S. / M.S. in Computer Science, Electrical Engineering, Math or equivalent

We are looking for an experienced Penetration Tester / Offensive Security Analyst for a 6-month full-time onsite role in Hyderabad. The ideal candidate will have 5-7 years of experience in offensive security, with a strong background in application and network penetration testing, red teaming, threat modeling, source code review, and vulnerability assessments. This role involves performing and leading advanced security assessments on web, mobile, APIs, cloud, and infrastructure environments. The candidate should be capable of working across general and UK shifts and possess excellent communication skills for both technical and non-technical audiences. Certification like OSCP/OSCE/CEH is desirable.

Were hiring on the Blackbaud Application Security team! As a member of the Cyber Security organization at Blackbaud, the Application Security Engineer is a specialized position that plays a key role in securing software built and/or used by Blackbaud.You can expect to work closely with software development teams as well as third-party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications at Blackbaud. In addition to securing software, you will be expected to stay up to date on whats happening in the Cyber Security industry to optimize and align our application security processes and systems throughout the Software Development Life Cycle (SDLC) at Blackbaud. The Application Security Engineering team focuses on building automation for security self-service and vulnerability management to reduce unnecessary toil. What you will be doing: Identifying solutions for difficult security problems while participating in a broader agile Application Security team. Building comprehensive solutions to conduct consolidation, aggregation, andnotification of security findings to respective stakeholders. Conducting threat modeling, secure design reviews, and providing direct guidance to development teams. Promoting, designing, and evaluating application security in all phases of theSDLC and constantly looking for innovative ways to improve processes. Influencing, building, and assisting with information security challenges within applications. What we'll want you to have: You are either a security-minded software engineer who has been building modern services using a microservice architecture in an agile development environment or a development-interested security practitioner who understands security best practices but wants to get closer to development and engineering. 5+ plus years of experience with application security and relevant testing tools for: DAST: Burp Suite, OWASP Zap, Invicti, AppScan SAST/SCA: Fortify, Checkmarx, Coverity, Semgrep, OWASP Dependency Check, Mend, Blackduck Attack Surface Management: OWASP Amass, Spiderfoot, CyCognito 3+ years of experience with Python, Bash, and/or PowerShell. 3+ years of experience in DevSecOps integrating security solutions into CI-CD pipelines and automated tooling orchestration. Relevant certifications include CompTIA Security+ or CASP+, EC Council CEH, ISC2 CSSLP are a plus. Experience partnering with development and systems engineers on impactful securityinitiatives. Understanding of software development; how applications and systems are designed, built, and break is critical. UnderstandDevSecOpscultural mindsets, and an engineering-focused approach to solvingcomplexsecurity problems. Strong verbal and written communication skills to translate security objectives and requirements to specific engineering outcomes. The Application Security team at Blackbaud is committed to ensuring security issues are prevented, discovered, and remediated in collaboration with our engineering partners across the business.

Designation: IT Risk Manager Experience: 2+ Years Location: Navi Mumbai - WFO Roles & Responsibilities : Proficient in VAPT tools for applications and infrastructure (e.g., Burp Suite, OWASP ZAP, Nessus, Nmap, Postman). Strong grasp of OWASP Top 10, API Security best practices, and secure coding principles. Experience in secure configuration reviews for firewalls, servers, endpoints, and API gateways. Familiar with DevSecOps, including integrating security. Understanding of API security frameworks: OAuth 2.0, JWT, API key management, rate limiting. Hands-on with incident response workflows (e.g., Splunk, CrowdStrike). Skilled in writing and maintaining security documentation, including SOPs and incident response plans. Awareness of regulatory standards: RBI Cybersecurity Framework, PCI DSS, NIST. Exposure to risk assessments, security audits, and third-party security evaluations. Ability to collaborate with Dev, Infra, and Compliance teams to ensure secure deployments. Interested can share resume at chandni@thepremierconsultants.com