360 Burp Suite Jobs - Page 2

Job Purpose The Principal QA Engineer plays a critical role in shaping and executing robust testing strategies-both manual and automated-to ensure the delivery of high-quality, next-generation trading tools that integrate real-time cross-asset data, global news, and analytics within a unified platform. This role also involves actively contributing to issue resolution, performing complex quality assurance tasks, and providing strategic recommendations to management, all while driving continuous improvement across QA processes. The QA Engineer will be an integral part of the technology team, overseeing and participating in all phases of the quality assurance process. Responsibilities Requirement Analysis & Test Planning: Review and analyze functional and non-functional requirements to evaluate their impact on applications and derive comprehensive test cases and scenarios accordingly. Project & Team Collaboration: Contribute to QA planning and execution by managing assigned tasks or QA projects, mentoring junior and senior engineers and collaborating with technical leads and product managers during product requirement evaluations. Test Documentation & Reporting: Create clear, complete and well-organized documentation including bug reports, test cases, test plans and status reports to ensure visibility and traceability of QA efforts. Environment Setup & Maintenance: Participate in the setup, deployment and ongoing maintenance of QA test environments, ensuring they are stable and representative of production systems. Test Case Reviews & Mentorship: Review test cases authored by junior QA engineers, provide constructive feedback and help develop effective testing strategies aligned with quality objectives. Test Automation Design & Strategy: Collaborate with the team to review product architecture, design and implement automation solutions that improve test efficiency, accuracy and coverage. Automation Execution & Optimization: Work closely with QA engineers to build and maintain a robust library of automated tests, reducing manual efforts while improving overall test repeatability and reliability. Process Improvement & QA Governance: Partner with QA leadership to document and refine QA processes, implement best practices and continuously improve quality standards across projects. Release & Production Support: Provide QA support during production releases, including validating deployments and assisting in identifying and resolving post-release issues. Quality Advocacy & Problem Solving: Maintain a strong quality mindset with a break-it to make-it better attitude, while also being a proactive problem solver who contributes to root cause analysis and continuous improvement. Knowledge and Experience The candidate must be well-versed in Quality Assurance concepts, practices and tools, and will rely on their extensive experience and judgment to strategize and achieve objectives. Candidates must be capable of reviewing software applications objectively, work with stakeholders to understand requirements, collaborate with Developers to understand the application architecture and nature of code changes to evaluate impact, and assist in debugging and enhancing applications. The candidate must have: 10+ years of related work experience. Strong written and verbal communication skills. Strong analytical and problem-solving skills. Ability to work on multiple projects at same time. Experience with mainstream defect tracking tools and test management tools. Proficient in any of the programming languages including Java, Python, SQL, and JavaScript/TS, with hands-on experience in building and testing backend and frontend components. Strong experience in designing, executing and maintaining automated and manual tests for REST/SOAP APIs. Experienced in UI automation for both browser and desktop applications using tools such as Selenium and Playwright (for web) and UFT and Squish (for desktop and hybrid applications). Experience in designing and executing performance and security tests using tools like JMeter, BURP suite or similar. Experience using test result reporting tools like Allure, Extent Reports or similar Well-versed in Continuous Integration/Continuous Deployment (CI/CD) pipelines using tools such as Jenkins, GitHub Actions, GitLab CI, and Azure DevOps. Also experienced in using Chocolatey for managing Windows-based dependencies and packages in CI pipelines and familiar with Coinbase CI/CD standards for secure and compliant deployment practices in financial environments. Skilled in version control systems like Git and experienced with repository management platforms such as Bitbucket, GitHub, and GitLab for collaborative development and code management. Desired Knowledge and Experience Experience in the Financial Industry (trading tools with real-time cross-asset data and fixed income is preferred). B.S. / M.S. in Computer Science, Electrical Engineering, Math or equivalent

Role : Malware Analyst EXP : 4- 6 Years Work Mode : WFO Location : Bangalore/Pune Mandatory Skills : 1-2 Years relevant experience in Android application development 3-4 Years relevant with Malware analysis. Reverse Engineering Tools : IDA PRO/ Ghidra mandatory If you qualify all of the above skills, kindly share your resume to the ID mentioned below. shri.lakshmi@cielhr.com

Meet the Team Join Dexcom's Product Security R&D department as a Senior Security Engineer specializing in penetration testing. Our team is dedicated to ensuring the security of our mobile and web applications, cloud infrastructure, APIs, and physical medical devices. You'll work closely with the Director of Cybersecurity Engineering to identify and exploit vulnerabilities across various platforms, including mobile and web applications, cloud environments, APIs, hardware, firmware, and wireless networks. If you're a skilled penetration tester eager to tackle security challenges and make a significant impact using cutting-edge technologies, we want to hear from you. Where You Come In You conduct penetration testing on mobile and web applications, cloud infrastructure, APIs, hardware, firmware, and wireless networks to identify and exploit vulnerabilities. You work closely with development teams to provide recommendations on security best practices. You develop and execute penetration test plans and reports. You research and stay current on the latest security threats and tools. You create custom tools and exploits with coding and automation. What Makes You Successful You have solid experience in penetration testing. You hold certifications such as OSCP, OSWE, OSEP, CPTS, PNPT, INE Certification, or SANS. You possess strong knowledge of OWASP Top 10 (web, mobile, API, etc.) vulnerabilities. You are experienced with penetration testing tools such as OWASP ZAP, Burp Suite, Nmap, and Kali Linux. You are proficient with API testing tools like Postman or Swagger. You have a strong understanding of web technologies such as RESTful APIs, framework-based deployments, and backend management. You have experience with cloud platforms such as GCP and Kubernetes. You are knowledgeable about cloud security best practices and common misconfigurations. You have experience with mobile, hardware, firmware, and wireless technologies such as Bluetooth Low Energy (BLE). You can write and review code in at least one of the following languages: Java, Scala, C#, or similar. Preferred Qualifications You hold a Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) certification. You have experience with security research, bug bounties, zero-day exploits, or creating custom exploits. You have experience with red teaming exercises. You are familiar with threat modeling and risk assessment methodologies. You have experience with DevOps practices and the secure software development lifecycle. You have experience or interest in Artificial Intelligence. Education and Experience Requirements: Typically requires a bachelors degree in a technical discipline, and a minimum of 5-8 years related experience or master’s degree and 2-5 years equivalent industry experience or a PhD and 0-2 years’ experience

Greetings from Osource Global Private Limited!!! Osource Global is where professionalism, modernity, and industry leadership converge in the realm of IT solutions and outsourcing. We are a leading platform-enabled business process management company, specializing in delivering end-to-end outsourcing solutions with our IT-products. Were pioneers and trusted partners who've been at the forefront of innovation for over two decades. Osource has a rich legacy of 20+ years, during which we've become industry leaders, serving as trusted partners to over 850 clients worldwide, with 1000+ live projects currently. With operations spanning India, the Middle East, and Australia, Osource Global boasts a team of over 2,200 professionals dedicated to achieving our clients' success. Our portfolio of cutting-edge IT products caters to a wide array of industries, including Banking, Hospitality, Pharma, Media, Healthcare, and more. With a global presence spanning 29+ countries, Osource is your global partner in technology solutions. Our expertise lies in F&A Outsourcing, HR Outsourcing, Payroll Management & Software Development, Accounts Payable, Fixed Assets Management, Leave & Attendance System, Document Management Solution, HRMS and HR Operations. What sets us apart Our commitment to professionalism and innovation. We're agile and forward-thinking, dedicated to providing high-quality products that drive transformation in businesses worldwide. Join us on this journey where the future meets expertise. Key Responsibilities: Vulnerability Assessment and Penetration Testing (VAPT): Conduct regular vulnerability scans and penetration tests across network, applications, and systems. Analyze findings and provide actionable remediation recommendations. Security Monitoring and Incident Response: Monitor, analyze, and respond to security alerts and incidents using SIEM tools. Investigate security breaches and prepare detailed incident reports. Threat Analysis and Mitigation: Stay updated on the latest security threats, vulnerabilities, and countermeasures. Implement and manage security measures to protect systems and data. Security Tools and Products Configure, manage, and optimize security tools such as firewalls, intrusion detection systems (IDS), endpoint protection, and DLP solutions Ensure seamless integration and operation of various security products. Compliance and Reporting: Support compliance initiatives by maintaining proper documentation and conducting regular audits. Generate detailed reports for management and stakeholders. Collaboration and Training: Work closely with IT, DevOps, and business teams to ensure security best practices are followed. Provide security awareness training to staff as needed. Interested candidates may share across their updated resume to me at harshali.saindane@osourceglobal.com Awaiting your revert at the earliest to grab this opportunity!!!

About The team As a member of the Device Trust Assurance team, you will have a substantial impact on the security of millions of Cisco devices all around the world. We are looking for people who are passionate about security and eager to learn the ropes of vulnerability management (reporting, triaging and driving remediation). About The Role The Vulnerability Management Engineer plays a critical role in ensuring the security of our systems by managing and mitigating vulnerabilities. Key responsibilities include reviewing vulnerability scanning reports, assessing severity, and triaging vulnerabilities, along with efficiently managing Jira tickets to facilitate timely remediation or mitigation. This role requires utilizing tools such as Vigiles, yocto CVE scanner to conduct vulnerability scanning and analysis, and implementing a risk-based prioritization method for effective management. Leading process optimization efforts by identifying gaps in the vulnerability management workflow and enhancing program efficiency is also essential. Collaboration with international security organizations as well as engineering teams is necessary to provide guidance on mitigating and remediating vulnerabilities, identify and report automation bugs, and contribute to solutions that reduce manual workload in the vulnerability management lifecycle. The role involves investigating vulnerability alerts, assessing their impact, and calculating severity scores based on attack complexity. Additional duties include maintaining scanning tools, reviewing CVEs for potential risk exceptions, and guiding teams on security best practices and patch management standards. Flexibility to work across different time zones is crucial for effective global collaboration and system security focusing on vulnerability management across Cisco's core platforms including but not limited to IOS-XE network operating systems SD-WAN infrastructure and controllers Meraki cloud-managed devices IIoT/Industrial IoT solutions Qualifications 7+ years in vulnerability management or network security with strong focus on Cisco technologies Experiences in Cisco IOS-XE architecture, including kernel components and security mechanisms In-depth knowledge of common Security vulnerabilities (OWASP Top 10, CWE Top 25) Proficiency with vulnerability scanning tools (Semgrep, blackduck, vigiles, yocto cve scanner) and firmware analysis Experience with SBOM (Software Bill of Materials) analysis Ability to trace through Linux kernel configuration systems (KCONFIG) and interpret Makefiles Strong C programming skills and understanding of conditional code compilation Experience with scripting languages (Python, Bash) and network analysis tools (Wireshark) Proven ability to collaborate effectively across global teams and multiple time zones Consistent track record to ship in a dynamic environment Experience using Jira and other Atlassian software Bonus points Cisco security certifications (CCNA/CCNP Security) and cybersecurity credentials (CISSP, CEH) preferred Experience with industrial/OT security standards (IEC 62443, NIST Cybersecurity Framework) Bachelor's degree in Computer Science, IT, or related field

Educational Requirements Bachelor of Engineering,Master Of Engineering Service Line Cyber Security Responsibilities Approx 5 years' experience as a Security Architect Bachelor's degree in information technology, security, or similar Experience in providing security architecture support to a large development organization Information security credentials such as IGP, CISSP or similar Well versed in cloud security on a generic level as well as AWSSecondary Skills:SAST and DASTSolid diplomatic and communication skills in EnglishThe candidate will primary work with security assessments and as part of that also be able to provide guidance on how to close security gaps The candidate will also be part of "shift left" for assessments to automate and minimize the manyal work involved It is also expected that the candidate will assist in creating an assessment " factory" with a streamlined process for approaching assessments Preferred Skills: Technology->Enterprise Architecture->Data / Information Architecture

4-9 years of experience in Application Security assessments Manual & Automated DAST for Web, API & Thick Clients (OWASP Top 10) Manual Code Review expertise Mobile VAPT (Static & Dynamic) Infra VAPT / VA / Configuration Review knowledge Bonus: Container/Docker Security & Cloud Audit experience Preferred Certifications: CEH, CRTP, OSCP Strong communication skills to explain vulnerabilities to business users Mandate Skills: Web App, Mobile App, API/Thick Clients, Source/Secure Code Review, Network/Infra PT.

Position: VAPT Engineer Reporting to: Platform Lead Infrastructure Security Employment Type: Employee - Full Time Work Location: Guwahati Key Focus area: Infrastructure Penetration Tester Key Responsibilities: Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility. Identifying and maintaining Key metrics and SLA on Infrastructure Security. Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems. Thorough experience in configurations reviews against CIS benchmarks and security standards. Ensure all Hardening and Patching activities are conducted and tracked as per defined policies. Create/Update hardening documents and build audit file for automated testing. Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people. Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations. Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings. Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments. Safeguarding information, infrastructures, applications, and business processes against cyber threats. Proactively create, share, and read reports as part of the penetration testing activities. Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation. Qualification and Work Experience Qualification: BE / BTech (Similar Education Background) Work experience: 7-15 Years 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems. Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion. Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required. Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans. Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc. The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng. Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications) Preferred: Script writing skills (Python/Ruby/bash/PowerShell). Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS. Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms. Expertise in performing grey box/Black box testing. Experience devising methods to automate testing activities and streamline testing processes. Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises. Competencies / Expertise Required (Functional & Behavioral) Systematic strong analytical thinking and problem-solving skills. Excellent in analytical thinking for translating data into informative visuals and reports. Adaptable to change. Quick Learner Open learn and work on new technologies and products. If you're interested, please share below mention details for the same. Location Preferred location Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Regards, Ashwini Chakor

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Penetration Testing Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will design and implement comprehensive testing strategies to assess the security posture of web applications, APIs, and infrastructure. Your day-to-day responsibilities will involve working closely with cross-functional teams to identify potential vulnerabilities, document findings, and ensure that robust security controls are in place. You will play a critical role in aligning penetration testing activities with organizational goals, making certain that all identified risks are addressed effectively and that best practices in security testing are consistently applied.Roles & Responsibilities:Perform security testing on web applications, APIs, and infrastructure to identify vulnerabilities and weaknesses.Conduct penetration testing, vulnerability assessments, and security audits.Develop and execute test plans, scripts, and scenarios to simulate real-world attacks.Perform infrastructure penetration testing, including SSH and network devices.Collaborate with development and operations teams to remediate identified vulnerabilities.Provide detailed reports on findings, including risk assessments and recommendations for mitigation.Stay up to date with the latest security trends, tools, and techniques.Assist in the development and implementation of security policies and procedures.Professional & Technical Skills: Qualifications:Bachelor's degree in Computer Science, Information Security, or a related field.Proven experience in security testing, penetration testing, and vulnerability assessments.Strong knowledge of web application security, API security, and infrastructure security.Familiarity with common security tools and frameworks (e.g., OWASP, Burp Suite, Metasploit, Nessus, Kali Linux, Qualys, Wireshark, Nmap, etc).Excellent problem-solving skills and attention to detail.Strong communication skills, both written and verbal.Relevant offensive security certifications (e.g., OSCP, OSCE, eJPT, CRTP) are a plus.Knowledge about scripting languages such as Python, Bash, or PowerShell for automating tasks and developing custom security tools.Preferred Skills: Experience with cloud pentesting (e.g., On-Premises, AWS, Azure, GCP).Experience with On-Premises Cloud Infrastructure Pentesting.Knowledge of secure coding practices and code review.Understanding of network security and protocols.Ability to work independently and as part of a team. Additional Information:- The candidate should have minimum 3 years of experience in Security Penetration Testing.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Penetration Testing Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will design and implement comprehensive testing strategies to assess the security posture of web applications, APIs, and infrastructure. Your day-to-day responsibilities will involve working closely with cross-functional teams to identify potential vulnerabilities, document findings, and ensure that robust security controls are in place. You will play a critical role in aligning penetration testing activities with organizational goals, making certain that all identified risks are addressed effectively and that best practices in security testing are consistently applied.Roles & Responsibilities:Perform security testing on web applications, APIs, and infrastructure to identify vulnerabilities and weaknesses.Conduct penetration testing, vulnerability assessments, and security audits.Develop and execute test plans, scripts, and scenarios to simulate real-world attacks.Perform infrastructure penetration testing, including SSH and network devices.Collaborate with development and operations teams to remediate identified vulnerabilities.Provide detailed reports on findings, including risk assessments and recommendations for mitigation.Stay up to date with the latest security trends, tools, and techniques.Assist in the development and implementation of security policies and procedures.Professional & Technical Skills: Qualifications:Bachelor's degree in Computer Science, Information Security, or a related field.Proven experience in security testing, penetration testing, and vulnerability assessments.Strong knowledge of web application security, API security, and infrastructure security.Familiarity with common security tools and frameworks (e.g., OWASP, Burp Suite, Metasploit, Nessus, Kali Linux, Qualys, Wireshark, Nmap, etc).Excellent problem-solving skills and attention to detail.Strong communication skills, both written and verbal.Relevant offensive security certifications (e.g., OSCP, OSCE, eJPT, CRTP) are a plus.Knowledge about scripting languages such as Python, Bash, or PowerShell for automating tasks and developing custom security tools.Preferred Skills: Experience with cloud pentesting (e.g., On-Premises, AWS, Azure, GCP).Experience with On-Premises Cloud Infrastructure Pentesting.Knowledge of secure coding practices and code review.Understanding of network security and protocols.Ability to work independently and as part of a team. Additional Information:- The candidate should have minimum 5 years of experience in Security Penetration Testing.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Delivery Practitioner Project Role Description : Assist in defining requirements, designing and building security components, and testing efforts. Must have skills : Mobile Security Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Practitioner, you will assist in defining requirements, designing and building security components, and testing efforts. A typical day involves collaborating with various teams to ensure that security measures are effectively integrated into projects, conducting assessments to identify potential vulnerabilities, and providing guidance on best practices to enhance overall security posture. You will also engage in discussions to refine security strategies and contribute to the continuous improvement of security processes within the organization. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge on security practices.- Monitor and evaluate the effectiveness of security measures implemented across projects. Professional & Technical Skills: - Must To Have Skills: Proficiency in Mobile Security.- Strong understanding of threat modeling and risk assessment methodologies.- Experience with mobile application security testing tools and techniques.- Knowledge of secure coding practices for mobile platforms.- Familiarity with compliance standards related to mobile security. Additional Information:- The candidate should have minimum 5 years of experience in Mobile Security.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Delivery Practitioner Project Role Description : Assist in defining requirements, designing and building security components, and testing efforts. Must have skills : Mobile Security Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Practitioner, you will assist in defining requirements, designing and building security components, and testing efforts. A typical day may involve collaborating with cross-functional teams to ensure that security measures are integrated into the development process, conducting assessments to identify potential vulnerabilities, and providing guidance on best practices for mobile security. You will also engage in discussions to refine security strategies and contribute to the continuous improvement of security protocols within the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct thorough assessments of security components to identify vulnerabilities and recommend improvements.- Collaborate with development teams to ensure security requirements are integrated into the design and implementation phases. Professional & Technical Skills: - Must To Have Skills: Proficiency in Mobile Security.- Strong understanding of secure coding practices and mobile application vulnerabilities.- Experience with security testing tools and methodologies.- Knowledge of mobile operating systems and their security features.- Familiarity with compliance standards and regulations related to mobile security. Additional Information:- The candidate should have minimum 3 years of experience in Mobile Security.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Delivery Practitioner Project Role Description : Assist in defining requirements, designing and building security components, and testing efforts. Must have skills : Mobile Security Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Practitioner, you will assist in defining requirements, designing and building security components, and testing efforts. A typical day involves collaborating with cross-functional teams to ensure that security measures are effectively integrated into the development process, conducting assessments to identify potential vulnerabilities, and providing recommendations for enhancements. You will also engage in discussions to align security strategies with organizational goals, ensuring that all security components meet compliance standards and best practices. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct thorough assessments of security components to identify vulnerabilities and recommend improvements.- Collaborate with development teams to ensure security is integrated into the software development lifecycle. Professional & Technical Skills: - Must To Have Skills: Proficiency in Mobile Security.- Good To Have Skills: Experience with application security testing tools.- Strong understanding of secure coding practices and methodologies.- Familiarity with threat modeling and risk assessment techniques.- Knowledge of compliance standards related to security, such as ISO 27001 or NIST. Additional Information:- The candidate should have minimum 3 years of experience in Mobile Security.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Application Security Architecture and Design Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a Technical Lead with strong expertise in Application and Infrastructure Security to lead a suite of security services including vulnerability management, application security testing (SAST/DAST), and penetration testing. This role is ideal for someone who can not only execute and review security assessments but also manage tools, provide technical direction to a delivery team, and act as a trusted advisor to the client on security best practices Roles & Responsibilities:- Service Delivery & Technical Leadership Lead the delivery of application and infrastructure security services including:Dynamic Application Security Testing (DAST)Static Application Security Testing (SAST/SCA)Web & API Penetration TestingMobile Application Security TestingInfrastructure Vulnerability Management (IVM)Oversee scan scheduling, execution, validation, and reporting.Drive the reduction of false positives and enhance detection accuracy.Ensure timely delivery of security testing activities aligned with client SLAs.- Security Testing & AnalysisPerform automated and manual security scans for applications and infrastructure.Validate findings, analyze root causes, and prioritize remediation based on risk.Provide technical recommendations to development, DevOps, and infrastructure teams.Align findings with recognized standards (e.g., OWASP Top 10, CVSS, CWE).- Tool Ownership & OptimizationAdminister and optimize usage of security tools including but not limited to:WebInspect, Veracode, Burp Suite, Custom Scripting ToolsGitLab, ServiceNow Security ModulesDatadog Security Explorer, OpenShift ACSTune and maintain tool configurations, scan profiles, and dashboards.- Governance & ReportingTrack scan volumes, issue lifecycle, and performance KPIs.Deliver dashboards and executive-level reports on security posture.Support audit, compliance, and client reporting needs.- Team Collaboration & Stakeholder ManagementProvide technical direction and mentorship to the delivery team.Liaise with client teams, application owners, and platform SMEs.Ensure effective communication across stakeholders for testing, issue triage, and remediation. Professional & Technical Skills: - 8+ years of experience in Cybersecurity, with specialization in Application Security and Vulnerability Management.- Strong technical knowledge of SAST/DAST tools (e.g., Veracode, WebInspect).- Hands-on experience in penetration testing of web, mobile, and API-based applications.- Familiarity with infrastructure scanning and vulnerability remediation practices.- Strong understanding of secure SDLC, OWASP Top 10, SANS Top 25, and risk classification models (CVSS, CWE).- Experience working in global delivery teams, preferably in a client-facing role- CEH / OSCP / GWAPT / CISSP / CSSLP- Veracode Certified Specialist or equivalent- Vendor certifications on WebInspect, Burp Suite, GitLab Security Additional Information:- The candidate should have minimum 7.5 years of experience in Application Security Architecture and Design.- This position is based at our Gurugram office.- A 15 years full time education is required.- Knowledge of cloud security principles (Azure/AWS/GCP)- Familiarity with container security and DevSecOps tooling- Exposure to automated CI/CD security integrations- Strong communication and documentation skills- Proactive problem-solving and analytical thinking- Ability to balance security risk with operational practicality Qualification 15 years full time education

About The Role Skill required: Tech for Operations - Security Governance Designation: Security Delivery Associate Manager Qualifications: BE/Master of Engineering Years of Experience: 10 to 14 years About Accenture Accenture is a global professional services company with leading capabilities in digital, cloud and security.Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities.Visit us at www.accenture.com What would you do? You will be part of the Technology for Operations team that acts as a trusted advisor and partner to Accenture Operations. The team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. We work closely with the sales, offering and delivery teams to identify and build innovative solutions.The Tech For Operations (TFO) team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. Works closely with the sales, offering and delivery teams to identify and build innovative solutions. Major sub deals include AHO(Application Hosting Operations), ISMT (Infrastructure Management), Intelligent AutomationA process of establishing and maintaining a security governance framework. Support management structure and processes to provide assurance that information security strategies are aligned with and support business objectives are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, metrics, reporting all in an effort to manage the risk and compliance requirements. What are we looking for? Commitment to qualityExperience in research and developmentNegotiation skillsProblem-solving skillsRisk managementThe role demands Indepth knowledge in application security area. Candidate should have hands on experience in SAST, DAST, Penetration testing. DevSecOps and Software composition analysis are other areas where the candidate should have experience in.The role also demands capability of scripting using Python and other related required knowledge of database and networking.Certifications like CISSP, CCSP, CISM, CEH, ECSA etc. will be added advantage. Roles and Responsibilities: In this role you are required to do analysis and solving of moderately complex problems Typically creates new solutions, leveraging and, where needed, adapting existing methods and procedures The person requires understanding of the strategic direction set by senior management as it relates to team goals Primary upward interaction is with direct supervisor or team leads Generally interacts with peers and/or management levels at a client and/or within Accenture The person should require minimal guidance when determining methods and procedures on new assignments Decisions often impact the team in which they reside and occasionally impact other teams Individual would manage medium-small sized teams and/or work efforts (if in an individual contributor role) at a client or within Accenture Please note that this role may require you to work in rotational shifts Qualification BE,Master of Engineering

Job Title: Cybersecurity & Ethical Hacking Specialist Experience: 3-5 Years Location: Hyderabad Employment Type: Full-time Job Summary: We are seeking a skilled Cybersecurity & Ethical Hacking Specialist with 35 years of experience in securing systems, applications, and cloud environments. The ideal candidate will have strong expertise in ethical hacking, penetration testing, and familiarity with cloud security practices across platforms like AWS, Azure, or GCP. Key Responsibilities: Perform penetration testing and ethical hacking across on-premise and cloud infrastructure Identify, analyze, and report security vulnerabilities and risks Conduct security assessments and compliance audits Collaborate with DevOps and engineering teams to remediate issues and implement secure solutions Monitor for threats, support incident response, and improve security monitoring Ensure security best practices across public cloud platforms (AWS, Azure, GCP) Maintain technical documentation and present findings to stakeholders Requirements: 3–5 years of experience in cybersecurity and ethical hacking. Hands-on experience with penetration testing tools (Burp Suite, Metasploit, Nmap, Nessus, etc.) Good understanding of cloud security principles (IAM, encryption, VPCs, security groups, etc.) Familiarity with AWS, Azure, or GCP cloud environments Knowledge of OWASP Top 10, network protocols, and secure application development Scripting skills in Python, Bash, or PowerShell Excellent problem-solving, analytical, and communication skills Bachelor’s degree in Computer Science, Cybersecurity, or related field

Position: VAPT Engineer Reporting to: Platform Lead Infrastructure Security Employment Type: Employee - Full Time Work Location: Guwahati Key Focus area: Infrastructure Penetration Tester Key Responsibilities: Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility. Identifying and maintaining Key metrics and SLA on Infrastructure Security. Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems. Thorough experience in configurations reviews against CIS benchmarks and security standards. Ensure all Hardening and Patching activities are conducted and tracked as per defined policies. Create/Update hardening documents and build audit file for automated testing. Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people. Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations. Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings. Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments. Safeguarding information, infrastructures, applications, and business processes against cyber threats. Proactively create, share, and read reports as part of the penetration testing activities. Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation. Qualification and Work Experience Qualification: BE / BTech (Similar Education Background) Work experience: 7-15 Years 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems. Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion. Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required. Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans. Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc. The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng. Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications) Preferred: Script writing skills (Python/Ruby/bash/PowerShell). Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS. Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms. Expertise in performing grey box/Black box testing. Experience devising methods to automate testing activities and streamline testing processes. Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises. Competencies / Expertise Required (Functional & Behavioral) Systematic strong analytical thinking and problem-solving skills. Excellent in analytical thinking for translating data into informative visuals and reports. Adaptable to change. Quick Learner Open learn and work on new technologies and products. If you're interested, please share below mention details for the same. Location Preferred location Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Regards, Ashwini Chakor

As a member of the Cyber Security organization at Blackbaud, the Application Security Engineer is a specialized position that plays a key role in securing software built and/or used by Blackbaud.You can expect to work closely with software development teams as well as third-party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications at Blackbaud. In addition to securing software, you will be expected to stay up to date on whats happening in the Cyber Security industry to optimize and align our application security processes and systems throughout the Software Development Life Cycle (SDLC) at Blackbaud. The Application Security Engineering team focuses on building automation for security self-service and vulnerability management to reduce unnecessary toil. What you will be doing: Identifying solutions for difficult security problems while participating in a broader agile Application Security team. Building comprehensive solutions to conduct consolidation, aggregation, andnotification of security findings to respective stakeholders. Conducting threat modeling, secure design reviews, and providing direct guidance to development teams. Promoting, designing, and evaluating application security in all phases of theSDLC and constantly looking for innovative ways to improve processes. Influencing, building, and assisting with information security challenges within applications. What we'll want you to have: You are either a security-minded software engineer who has been building modern services using a microservice architecture in an agile development environment or a development-interested security practitioner who understands security best practices but wants to get closer to development and engineering. 5+ plus years of experience with application security and relevant testing tools for: DAST: Burp Suite, OWASP Zap, Invicti, AppScan SAST/SCA: Fortify, Checkmarx, Coverity, Semgrep, OWASP Dependency Check, Mend, Blackduck Attack Surface Management: OWASP Amass, Spiderfoot, CyCognito 3+ years of experience with Python, Bash, and/or PowerShell. 3+ years of experience in DevSecOps integrating security solutions into CI-CD pipelines and automated tooling orchestration. Relevant certifications include CompTIA Security+ or CASP+, EC Council CEH, ISC2 CSSLP are a plus. Experience partnering with development and systems engineers on impactful securityinitiatives. Understanding of software development; how applications and systems are designed, built, and break is critical. UnderstandDevSecOpscultural mindsets, and an engineering-focused approach to solvingcomplexsecurity problems. Strong verbal and written communication skills to translate security objectives and requirements to specific engineering outcomes.

Position: VAPT Engineer Reporting to: Platform Lead Infrastructure Security Employment Type : Employee - Full Time Work Location: Guwahati Key Focus area : Infrastructure Penetration Tester Employment Type : Employee - Full Time Work Location: Guwahati Key Responsibilities : Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility. Identifying and maintaining Key metrics and SLA on Infrastructure Security. Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems. Thorough experience in configurations reviews against CIS benchmarks and security standards. Ensure all Hardening and Patching activities are conducted and tracked as per defined policies. Create/Update hardening documents and build audit file for automated testing. Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people. Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations. Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings. Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments. Safeguarding information, infrastructures, applications, and business processes against cyber threats. Proactively create, share, and read reports as part of the penetration testing activities. Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation. Qualification and Work Experience Qualification : BE / BTech (Similar Education Background) Work experience : 7-15 Years 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems. Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required. Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans. Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc. The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng. Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications) Preferred: Script writing skills (Python/Ruby/bash/PowerShell). Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS. Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms. Expertise in performing grey box/Black box testing. Experience devising methods to automate testing activities and streamline testing processes. Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises. Competencies /Expertise Required (Functional & Behavioral) Systematic strong analytical thinking and problem-solving skills. Excellent in analytical thinking for translating data into informative visuals and reports. Adaptable to change. Quick Learner Open learn and work on new technologies and products If you're interested, please share below mention details for the same. Location Preferred location Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Regards, Ashwini Chakor

About the Role: Grade Level (for internal use): 10 The Team Security Testing Team in the Quality Engineering space plays a crucial role in safeguarding business operations by identifying vulnerabilities and ensuring robust protection against cyber threats. Through meticulous testing practices, we enhance the security posture of applications, thereby reducing the risk of data breaches and financial loss. By integrating security measures early in the development lifecycle, the team helps streamline processes, minimize disruptions, and ultimately contribute to greater business efficiency and resilience. S&P Global Ratings is the worlds leading provider of independent credit ratings. Our ratings are essential to driving growth, providing transparency, and helping educate market participants so they can make decisions with confidence. We have more than one million credit ratings outstanding on government, corporate, financial sector and structured finance entities and securities. We offer an independent view of the market built on a unique combination of broad perspective and local insight. We provide our opinions and research about relative credit risk; market participants gain independent information to help support the growth of transparent, liquid debt markets worldwide. What is in it for you Serve as a highly technical security expert to bring security transformation to both new and legacy applications in quality engineering space. Using a wide range of cutting-edge technology to innovate while testing. An ever-challenging environment to hone your existing skills in Security Testing, Automation, Python Programming, Bash scripting etc. Being a part of an organization which values Culture of Urgency and Shift Left approaches. Gain the opportunity to apply your strategic thinking alongside technical skills to safeguard our systems defending against emerging cyber threats. A plenty of skill building, knowledge sharing, and innovation opportunities. Building a fulfilling career with a global financial technology company. Responsibilities This role will involve designing and executing security tests, identify vulnerabilities, and drive remediation strategies while collaborating with cross-functional teams in an Agile environment. Understand the applications security requirements and identify & document the scope of the test. Develop and maintain security testing automation using tools like Burp Suite, ZAP, or similar tools. Integrate security testing into CI/CD pipelines. Automate processes and workflows using Python to minimize manual work. Collaborate with development, QE, and DevOps teams to investigate security incidents, perform root cause analysis, and validate security fixes. Oversee results and logs to analyze, prioritize, and initiate remediation for findings identified by security tools during SAST, DAST, SCA, artifact scanning, container scanning, etc... Prepare detailed reports summarizing test results, logs, findings, and recommendations for strengthening overall security of an application. Create and track security metrics, KPIs, and KRIs to measure operational effectiveness. Prepare comprehensive reports for senior management on security performance and strategic initiatives. Work independently, providing recommendations, and leading the accomplishments of the tasks from inception to completion. Demonstrate outstanding flexibility and leadership with proper communication of security testing result interpretation and explanation to audience. Participate in Daily Stand-up Calls, works closely with the Agile Manager to know the deliverables and commitments of each release. Actively taking part in resolving critical security issues and coming up with solutions to mitigate the same. Basic Qualifications Bachelor's or masters degree in Electronics and Communication, Computer Science, Cybersecurity, or related fields. 6 to 9 years of IT experience with relevant professional experience of Minimum 4 years in the field of Cyber Security Testing. Should have strong hands-on experience in security testing, penetration testing, and vulnerability assessment. Strong experience in web, API, and cloud security testing. Clear understanding of security vulnerabilities, exploits, and mitigation techniques Strong grasp of the OWASP Top 10 vulnerabilities and effective mitigation strategies. Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Wireshark, Nessus, OpenSSL and Crypto validation tools. Proficiency in SAST/DAST tools and security frameworks like OWASP Top 10, CIS Benchmarks, and CVSS. Hands-on experience with Selenium, Pytest, and RestAssured API Testing using Python. Strong hands-on experience with scripting and programming languages including Python, PowerShell, Bash for security tasks. Familiarity with RESTful APIs, webhooks, and integration of third-party security tools and services via automation. Knowledge of DevSecOps practices and integrating security in CI/CD pipelines. Self-motivated and driven to stay updated with the latest security trends, technologies, and best practices, maintain high level of accuracy in security assessments. Ability to analyze and communicate complex cybersecurity and technical challenges to technical and non-technical users, leaders, and stakeholders. Experience collaborating with cross functional global and remote teams with diverse backgrounds. Should be able to work under a competitive time frame and deliver. Should be a very fast learner and have the excellent problem-solving ability. Should have excellent written and verbal communication skills. Nice to have Skills: Security Certifications like CISSP, CEH, CISM, OSCP or CompTIA Security+ shall be having the preference. Hands-On experience in building AI-powered security tools, chatbots, and agent-driven automation pipelines. Knowledge on Agentic AI frameworks, LLMs, and orchestration libraries like LangChain, crewAI or RAG-based architectures. Grade10 LocationHyderabad Shift time11am to 8pm / 12pm to 9pm IST Hybrid Modeltwice a week work from office About S&P Global Ratings At S&P Global Ratings, our analyst-driven credit ratings, research, and sustainable finance opinions provide critical insights that are essential to translating complexity into clarity so market participants can uncover opportunities and make decisions with conviction. By bringing transparency to the market through high-quality independent opinions on creditworthiness, we enable growth across a wide variety of organizations, including businesses, governments, and institutions. S&P Global Ratings is a division of S&P Global (NYSESPGI). S&P Global is the worlds foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. With every one of our offerings, we help many of the worlds leading organizations navigate the economic landscape so they can plan for tomorrow, today.For more information, visit www.spglobal.com/ratings Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. S&P Global has a Securities Disclosure and Trading Policy (the Policy) that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policys requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----

Role & responsibilities Assist in monitoring and analyzing network traffic for suspicious activity. Support in identifying, investigating, and responding to security incidents. Learn and contribute to vulnerability assessment and penetration testing activities. Support the implementation and management of firewalls, antivirus, SIEM, and other security tools. Assist in developing and updating security policies, procedures, and documentation. Stay updated with the latest cyber threats, attack techniques, and security trends. Work with IT teams to ensure secure system configurations and patch management.

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to: SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to: Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to: OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to: Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to: API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

Key Responsibilities Conduct penetration tests on web and mobile applications , networks , thick clients , and systems to identify vulnerabilities. Perform manual and automated testing to simulate cyberattacks and exploit potential security flaws. Create detailed reports of vulnerabilities including descriptions, proof of concepts, business impact , and actionable remediation steps . Perform retesting to validate fixes and confirm mitigations. Analyze security issues related to web apps, network protocols, OSs , and cloud platforms . Stay updated with the latest cybersecurity threats , vulnerabilities , and attack techniques . Coordinate with application and infrastructure teams during the assessment lifecycle and deliver clear, comprehensive reports. Requirements Proven experience as a Penetration Tester or in a cybersecurity role. Strong understanding of: OWASP Mobile Top 10 OWASP Web Top 10 MITRE ATT&CK framework Proficiency in tools such as: Burp Suite , Frida , MobSF , Nmap , Wireshark , Metasploit Hands-on experience with: SSL pinning bypass Jailbreak/root detection bypass Certificate validation flaws Mobile app reverse engineering Familiarity with operating systems like Windows , Kali Linux , and macOS Exposure to cloud platforms such as AWS , Azure , or GCP Knowledge of scripting/programming languages such as Python , Bash , or PowerShell (preferred) Relevant certifications are a strong advantage: CEH , OSCP , or similar Preferred Skills Prior experience in mobile application penetration testing Ability to work independently and manage time effectively Excellent communication skills , especially in conveying technical findings to non-technical stakeholders Skills Information Security,Data Analysis,Penetration Testing

Role & responsibilities Penetration Testing & Red Teaming Lead and execute: Mobile Application Penetration Testing (static & dynamic analysis, jailbreak/root bypass). API Vulnerability & Penetration Testing (BOLA, mass assignment, parameter tampering). Web Application Vulnerability Assessments & Exploitation (OWASP Top 10, custom attacks). Network Penetration Testing (internal & external infrastructure). Simulate real-world attack chains across mobile API cloud infra, including privilege escalation and data exfiltration. Perform reverse engineering of mobile binaries (IPA/APK), patch protections, and bypass anti-debugging. Team Leadership & Management Lead and mentor the CTR team members on mobile, API, and web security assessments. Review and validate penetration testing reports prepared by team members. Review and triage reports from external researchers submitted through bug bounty platforms and vulnerability disclosure programs. Provide strategic guidance and advisory to stakeholders on security risks, design improvements, and remediation strategies. Security Tools & Frameworks Proficiency with reverse engineering tools: Ghidra, IDA Pro, Hopper, Radare2 . Skilled in OWASP ZAP and aligned with OWASP MSTG/MASVS frameworks. Ability to create custom tools/scripts for automation and exploit development. Programming & Scripting Skills Hands-on experience with: C/C++, Objective-C, Swift, Java, Kotlin, Python . Ability to build custom security testing tools and automation frameworks. API & Cloud Security Deep knowledge of OAuth2.0, JWT, OpenID Connect, SAML . Familiarity with securing cloud-native APIs and identifying misconfigurations. Required Certifications: OffSec Experienced Penetration Tester (OSEP) Offensive Security Certified Professional (OSCP) Red Team Operator (CRTO or equivalent) eLearnSecurity Certified Penetration Tester eXtreme (eCPTX) eLearnSecurity Web Application Penetration Tester eXtreme (eWPTX) eLearnSecurity Certified Professional Penetration Tester (eCPPT) Preferred candidate profile 10+ years of experience in penetration testing, red teaming, and application security . Demonstrated ability to evade EDR/MDM detections in red team scenarios. Experience in bug bounty, vulnerability disclosure, or external researcher report validation . Strong communication and stakeholder advisory skills.

You will be responsible for conducting advanced security assessments of client Web Applications, APIs, mobile applications, and thick client applications. This includes performing Static Application Security Testing (SAST) using industry-leading tools and utilizing OWASP methodologies to identify and mitigate vulnerabilities. Your role will involve developing and maintaining security testing plans, procedures, and tools while staying updated with the latest security trends, vulnerabilities, and threats relevant to application security. To be successful in this position, you should hold a Bachelor's degree in Computer Science, Information Security, or a related field with at least 3 years of experience in application security. You must possess strong expertise in Web Application, API security, mobile security (iOS and Android), and thick client application security. Proficiency in Static Application Security Testing (SAST) tools such as Fortify or Checkmarx is required, along with in-depth knowledge of OWASP Top Ten and other relevant standards. Experience with security tools like Burp Suite, ZAP, and mobile application security tools is essential. Additionally, excellent problem-solving skills, attention to detail, and relevant certifications such as OSCP, CEH, or equivalent are a plus. Your skills should include Web Application Security, API Security, Mobile Security (iOS and Android), Thick Client Application Security, Static Application Security Testing (SAST), OWASP Methodologies, Burp Suite, ZAP, and Secure Coding Practices.,