360 Burp Suite Jobs - Page 3

Job Description Summary As a key member of a global and matrixed design team, Sr Product Security Analyst is responsible for -Cyber security analysis of controllers, Control systems. -Lead the software and hardware penetration testing activates -Work in Collaboration with development teams to improve SDLC process, OSS/SAST/DAST scans. -Streamline SBOM generation. -Lead the cyber security testing for GE Vernova Power Conversion products and analyze the reports and suggest remediation strategy. -Identify Product vulnerabilities, rate and report to development team. Job Description Essential Responsibilities: Lead reviews, suggest architectural changes, conduct tests to ensure systems, controllers, meet Cyber security requirements. Collaborates with a team of controls and system engineers developing operational software for various subsystems. The position requires a clear understanding of OT System, and conversant with all Cyber security requirements. This role requires strong cooperation with system and subsystem teams necessary for command and control of the systems involved. The Security Analyst should be comfortable making design decisions in a sometimes-uncertain context, crafting innovative solutions, and demonstrating rigorous and decisive leadership. Work with multiple teams in dierent location to deliver Cyber secure software to meet customer requirements. Roles and Responsibilities You are a skilled Security Analyst who enjoys security work and is an expert in systems security, product / OT security and application security. In this role, you will be working with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents. In this role, you will: Be responsible for providing technical leadership and defining, developing security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure. Work with Cyber Security Leaders and SMEs to understand product requirements. Hands on experience with penetration testing for software applications, Systems, Web Application, mobile application, controllers. Work on Cybersecurity tools like Wireshark, NESSUS and Burp Suite Experienced in different phases of Software Development Life cycle (SDLC) including Design, Implementation and Testing during the development of software applications. Assist security champions in completing Threat Modelling and Architecture Risk Analysis on product features. Perform Security Code Reviews, Vulnerability Analysis and research on application code. Coach and mentor developers to implement cryptography solutions securely (PKI, Code Signing, Stored Secrets, et cetera) Provide guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project. Research new application security technologies and implement them to improve application security. Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development. Promote best practices based on OWASP Top 10, SANS Top 25, and the GE Vernova SDLC. Education/Qualification Bachelor /master's degree in IT/computer science or relevant engineering or equivalent knowledge / experience with 8-10 Years of Experience Strong understanding of fundamentals in networking, ethical hacking, cryptography, penetration testing, vulnerability analysis, risk assessment, threat modelling, cybersecurity standards like ISO 27000 and ISA/IEC 62443. Database RDBMS, MySQL NoSQL databases Software component: MS Visual Studio, MS Office, MS Visio, GitHub Linux and Windows OS Hands on experience with Enterprise Application and Web Application servers like Tomcat, and WLP. Certifications like CEH, OSCP, PNPT will be an added advantage.

Position Description: Responsibilities Direct Responsibilities Strong expertise in application security concepts and activities like Source Code Review (SAST) & Dynamic application vulnerability scanning (DAST). Good understanding of Information Security concepts and strategies. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like Apisan, WebInspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Engaging with organization wide risk and control groups, including internal audit and territory control teams. Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulate appropriate remediation strategies based on a full understanding of business exposure and compensating controls. Experience in Process Improvement, Controls Enhancement and Reporting. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Providing independent expert advice to the IT areas on application & data risk issues. Contributing Responsibilities Monitoring and oversight of existing IT risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate. Managing relationships with Business and IT teams, chairing periodic meetings and being a point of contact for escalating to wider team members. Assistance with drafting of risk acceptance statements and coordinating sign-off from business and IT stakeholders. SPOC for security architecture meetings. Technical & Behavioral Competencies - Excellent Interpersonal and presentation skills - Strong in verbal and written communication - Ability to liaise with cross-functional stakeholders globally - Clear understanding of application and data security - Must be flexible, independent, self-motivated - Good analytical skills Specific Qualifications (if required) - CEH, SSCP, OSCP certified. - Technical Graduate (Computer Science) Preferable. Skills Referential Behavioural Skills: (Please select up to four skills) Ability to collaborate Teamwork Communication skills - oral & written Critical thinking Decision Making Transversal Skills: (Please select up to five skills) Ability to understand, explain and support change Analytical Ability Ability to set up relevant performance indicators Ability to develop and adapt a process Ability to develop others & improve their skills Education Level: Bachelor Degree or equivalent Experience Level At least 5 years Other/Specific Qualifications (if required) Skills: Linux Shell Script Vulnerability Assessment(IAVA)

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Penetration Testing Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Pentester, you will design and implement comprehensive testing strategies to assess the security posture of web applications, APIs, and infrastructure. Your day-to-day responsibilities will involve working closely with cross-functional teams to identify potential vulnerabilities, document findings, and ensure that robust security controls are in place. You will play a critical role in aligning pentesting activities with organizational goals, making certain that all identified risks are addressed effectively and that best practices in security testing are consistently applied. Roles & Responsibilities:Perform security testing on web applications, APIs, and infrastructure to identify vulnerabilities and weaknesses.Conduct penetration testing, vulnerability assessments, and security audits.Develop and execute test plans, scripts, and scenarios to simulate real-world attacks.Perform infrastructure pentesting, including SSH and network devices.Collaborate with development and operations teams to remediate identified vulnerabilities.Provide detailed reports on findings, including risk assessments and recommendations for mitigation.Stay up-to-date with the latest security trends, tools, and techniques.Assist in the development and implementation of security policies and procedures.Provide specialised knowledge and guidance in your area of expertise, acting as a resource for team members seeking advice or solutions to complex problems.Organise tasks, facilitate effective communication, and encourage collaboration among team members to help drive results and achieve set objectives efficiently.Take responsibility for the outcomes of decisions made by the team, ensuring transparency and learning from successes or setbacks to continuously improve future decision-making processes. Professional & Technical Skills: Qualifications:Bachelor's degree in Computer Science, Information Security, or a related field.Proven experience in security testing, penetration testing, and vulnerability assessments.Strong knowledge of web application security, API security, and infrastructure security.Familiarity with common security tools and frameworks (e.g., OWASP, Burp Suite, Metasploit, Nessus, Kali Linux, Qualys, Wireshark, Nmap, etc).Excellent problem-solving skills and attention to detail.Strong communication skills, both written and verbal.Relevant offensive security certifications (e.g., OSCP, OSCE, eJPT, CRTP) are a plus.Knowledge about scripting languages such as Python, Bash, or PowerShell for automating tasks and developing custom security tools.Preferred Skills: Experience with cloud pentesting (e.g., On-Premises, AWS, Azure, GCP).Experience with On-Premises Cloud Infrastructure Pentesting.Knowledge of secure coding practices and code review.Understanding of network security and protocols.Ability to work independently and as part of a team.Good to HaveConduct telecom risk assessments on core and access network nodes (e.g., Voice core, packet core, radio, IMS, 5G Core, fixed line).Demonstrate cybersecurity knowledge for mobile and fixed networks (2G-5G, IMS, VoLTE).Understand telecom protocolsDiameter, SIP, SS7, GTP, SCTP.Familiarity with standards:3GPP, GSMA NESAS, ISO 27001, NIST, and local regulations.Perform penetration testing on telecom infrastructure and services.Contribute to security hardening using industry best practices (3GPP, GSMA NESAS, NIST). Additional Information:The candidate should have a minimum of 7.5 years of experience in Security Penetration Testing.This position is based at our Gurugram office.A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Penetration Testing Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Pentester, you will design and implement comprehensive testing strategies to assess the security posture of web applications, APIs, and infrastructure. Your day-to-day responsibilities will involve working closely with cross-functional teams to identify potential vulnerabilities, document findings, and ensure that robust security controls are in place. You will play a critical role in aligning pentesting activities with organizational goals, making certain that all identified risks are addressed effectively and that best practices in security testing are consistently applied. Roles & Responsibilities:Perform security testing on web applications, APIs, and infrastructure to identify vulnerabilities and weaknesses.Conduct penetration testing, vulnerability assessments, and security audits.Develop and execute test plans, scripts, and scenarios to simulate real-world attacks.Perform infrastructure pentesting, including SSH and network devices.Collaborate with development and operations teams to remediate identified vulnerabilities.Provide detailed reports on findings, including risk assessments and recommendations for mitigation.Stay up-to-date with the latest security trends, tools, and techniques.Assist in the development and implementation of security policies and procedures.Provide specialised knowledge and guidance in your area of expertise, acting as a resource for team members seeking advice or solutions to complex problems.Organise tasks, facilitate effective communication, and encourage collaboration among team members to help drive results and achieve set objectives efficiently.Take responsibility for the outcomes of decisions made by the team, ensuring transparency and learning from successes or setbacks to continuously improve future decision-making processes. Professional & Technical Skills: Qualifications:Bachelor's degree in Computer Science, Information Security, or a related field.Proven experience in security testing, penetration testing, and vulnerability assessments.Strong knowledge of web application security, API security, and infrastructure security.Familiarity with common security tools and frameworks (e.g., OWASP, Burp Suite, Metasploit, Nessus, Kali Linux, Qualys, Wireshark, nmap, etc).Excellent problem-solving skills and attention to detail.Strong communication skills, both written and verbal.Relevant offensive security certifications (e.g., OSCP, OSCE, eJPT, CRTP) are a plus.Knowledge about scripting languages such as Python, Bash, or PowerShell for automating tasks and developing custom security tools.Preferred Skills: Experience with cloud pentesting (e.g., On-Premises, AWS, Azure, GCP).Experience with On-Premises Cloud Infrastructure Pentesting.Knowledge of secure coding practices and code review.Understanding of network security and protocols.Ability to work independently and as part of a team.Good to Have:Conduct telecom risk assessments on core and access network nodes (e.g., Voice core, packet core, radio, IMS, 5G Core, fixed line).Demonstrate cybersecurity knowledge for mobile and fixed networks (2G-5G, IMS, VoLTE).Understand telecom protocolsDiameter, SIP, SS7, GTP, SCTP.Familiarity with standards:3GPP, GSMA NESAS, ISO 27001, NIST, and local regulations.Perform penetration testing on telecom infrastructure and services.Contribute to security hardening using industry best practices (3GPP, GSMA NESAS, NIST). Additional Information:The candidate should have a minimum of 5 years of experience in Security Penetration Testing.This position is based at our Gurugram office.A 15 years full time education is required. Qualification 15 years full time education

Breach & Attack Simulation, Cloud Security Assessment & Red Teaming

Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure youre set up for success, you will bring the following skillset & experience: 5+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

Were looking for a hands-on architect to design, deploy, and manage Kubernetes clusters, ensuring high availability and performance. Youll lead the full lifecycle management of databasesautomating installs, upgrades, backups, and decommissionswhile actively contributing to open-source communities. This role involves driving security excellence by analyzing and remediating vulnerabilities (CVEs), conducting in-depth assessments using tools like Burp Suite and Anchore, and ensuring compliance with industry standards. Youll optimize workloads for resilience, troubleshoot complex issues across OS, containers, and databases, and deliver production-ready solutions. Strong debugging, observability, and collaboration skills are essential. You have: Bachelor's or Master's Engineering degree or equivalent with Over 12 years of experience in databases and Kubernetes with deep expertise in architecture, automation, and secure deployments; expert in MariaDB, Cassandra, and Redis, including tuning and troubleshooting in production. Strong programming skills in Python for automation and tooling, with hands-on experience in containerized environments using Docker, Kubernetes, Helm charts, and custom Operators. Proven track record in Microservices architecture, container orchestration, virtualization, and DevOps practices, including CI/CD pipeline development and deployment automation. Advanced knowledge of security protocols (TLS, SSH), encryption standards, and secure design principles, with experience in threat modeling, system hardening, and security-by-design methodologies. Skilled in security assessments and tooling, including vulnerability scanning, penetration testing, and robustness/DoS analysis using tools such as Anchore, Tenable, Netsparker, Codenomicon, and Nmap; familiarity with SBOM generation and integration in CI/CD workflows. It would be nice if you also had: Working knowledge of Infrastructure as Code tools like Terraform or Pulumi, along with GitOps workflows Familiarity with Prometheus, Grafana, ELK/EFK stacks, or OpenTelemetry for end-to-end observability, especially for performance tuning and incident response in distributed systems Design, deploy, and manage scalable, highly available MariaDB, Cassandra, and Redis databases within Kubernetes clusters, while continuously optimizing performance and reliability. Automate end-to-end lifecycle management workflowsincluding install, upgrade, backup, recovery, and decommissionwhile contributing technical improvements to open-source communities. Lead the response to security vulnerabilities across database stacks, collaborating with security and engineering teams to analyze, prioritize, and remediate CVEs. Conduct in-depth security assessments using tools like Burp Suite, Anchore, and Codenomicon, and map findings to risk levels to ensure compliance with security standards. Collaborate with cross-functional teams and customers to deliver secure, production-ready database solutions, troubleshoot complex issues across the stack, and stay current with trends in Kubernetes, OSS, and cloud security.

The Team: S&P Global is a leader in credit ratings, benchmarks and analytics for the global capital and commodity markets. Reporting to the Audit Director, you will be part of a global and diverse Audit team with coverage for enterprise-wide Applications. The S&P Global Internal Audit function is a global team with auditors located in the U.S., London, India, Tokyo, & Taiwan. The Divisional Technology Audit team is a critical unit of the global audit function and performs audits focusing on S&P Global Technologies (IT Applications and Information Security). The Impact: This role will be part of the IT Application audit team, focusing on audit plan management and execution of Technology audits globally. This role will provide you with a companywide perspective of the state of the internal technology environment and act in a trusted advisory capacity. Whats in it for you: This role provides extraordinary learning opportunities and interacts with senior management across the Company. If youre right for this role, you will interact, meet and work with several key stakeholders in interesting and meaningful engagements. Youll love this job because it provides new opportunities for professional growth daily. You will leverage cutting edge digital next generation capabilities, including AI and data analytics practices to improve the audit activities. This role will be primarily accountable for S&P Global annual audit plan development and internal audits execution (planning, fieldwork and reporting phases). You will be responsible for performing annual and on-going risk assessment activities focused on Applications, Information and Cyber Security and the associated risks for S&P Global worldwide. The incumbent will be expected to conduct an independent audit and work effectively with members of the Audit Leadership team. Responsibilities: Lead application security audits, ensuring the efficient and timely execution of the approved Audit Plan. Conduct comprehensive security audits, including penetration testing, to identify vulnerabilities across applications, infrastructure, databases, operating systems, and cloud environments. Execute end-to-end audits in alignment with the annual audit plan, ensuring timely completion. Review audit outcomes and results, collaborating with key auditees to agree on remedial action plans and facilitate smooth audit processes. Leverage data analytics and automation to enhance the efficiency and quality of audit execution. Collaborate with key stakeholders within the divisional technology functions to enhance audit effectiveness. Stay informed about best practices in information security audits to ensure continuous improvement. Keep abreast of emerging security threats, trends, and technologies to enhance security posture and refine internal audit processes. What Were Looking For: 5+ years of experience handling several technology audits including web applications. Experience with a Big 4 firm would be an advantage. Experience in conducting penetration testing using tools such as Burp suite, Metasploit, NMAP, Nessus, etc. Exposure to Python programming and awareness of generative AI technologies. Knowledge of risk management frameworks and proficient in carrying out in-depth Applications security including configurations. Strong knowledge of cloud security and best practices for cloud penetration testing. Familiarity with data analytics tools such as Alteryx, Power BI, and Tableau is an advantage. Excellent report writing skills Strong written and oral communication, approachable style, and well-developed negotiation and listening skills Demonstrated experience in strong work ethic, initiative, teamwork, and flexibility in meeting department goals. Excellent team collaboration skills to deliver results, innovate and strive for excellence. Basic Qualifications: A Bachelor masters degree in information technology or computer science or related major Preferred Qualifications: Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional CISSP, CEH, Red Team, or Equivalent.

Job Description: We are looking for a skilled Penetration Tester with 2-3 years of experience in application security. The ideal candidate will have hands-on experience in conducting security assessments and penetration testing for web applications, APIs, and mobile applications. The role also involves code reviews, participation in risk assessments, and collaborating with development teams to ensure secure software development practices. Key Responsibilities: Conduct penetration testing for web applications, APIs, and mobile applications. Perform source code reviews to identify vulnerabilities. Collaborate with development teams to implement security controls and best practices. Assist in the development and maintenance of security policies, procedures, and guidelines. Monitor security incidents and provide timely responses to security threats. Perform threat modeling and risk assessments on applications. Stay updated on the latest security trends, vulnerabilities, and regulatory requirements. Provide training and awareness programs for development teams on secure coding practices. Required Skills and Qualifications: 2-3 years of experience in application security, penetration testing, or a related field. Proficiency in web, API, and mobile penetration testing. Strong understanding of OWASP Top 10 vulnerabilities. Experience with security testing tools such as Burp Suite, static and dynamic analysis tools. Familiarity with programming languages such as Java, C#, Python, or JavaScript. Solid understanding of encryption techniques and secure coding practices. Experience with security frameworks and standards such as NIST, ISO 27001. Strong analytical and problem-solving skills. Excellent communication, teamwork, and collaboration abilities. Preferred Qualifications: Certifications such as OSCP, CEH, or equivalent.

Job Requirements Penetration Test Engineer – Product Cyber Security - We are looking for an experienced and certified Embedded and Application Penetration Tester to join our Product Cybersecurity team. In this role, you will be responsible for conducting comprehensive security assessments of our products including embedded devices, web applications, thick-client applications, and mobile applications. ESSENTIAL DUTIES AND RESPONSIBILITIES Conduct comprehensive security assessments of Wabtec products, including embedded devices, IoT devices, thick client applications, mobile and web applications, Use penetration testing and Red Team techniques to discover and exploit vulnerabilities Create findings reports and communicate to stakeholders Perform compliance testing of embedded systems with respect to IEC-62443-4-2 standards Explore new ways to exploit devices by dumping and analyzing firmware (incl reverse engineering) Interact with and test JTAG, UART, and other hardware debug interfaces Provide guidance on vulnerability remediation to engineering teams Manage the penetration testing request process and backlog/pipeline Recommend and implement improvements to testing processes and methodologies Support PSIRT and Vulnerability Disclosure processes and activities Promote security awareness through hacking demonstrations, CTF events .. Proactively perform threat hunting for any new vulnerabilities/risk associated with products and applications. Be up to date with cybersecurity trends and share information on new exploits, vulnerabilities to the appropriate stakeholders. Collaborate with cross-functional teams and stakeholders to identify and mitigate security risks. Work Experience QUALIFICATIONS & SKILLS: Bachelor's degree in computer science, cybersecurity, or a related field 4-6 years of experience in web, network and embedded/IoT applications penetration testing Strong expertise in various penetration testing techniques and attack frameworks such as MITRE ATTCK, PTES standards, fuzz testing, brute force attacks, OWASP top 10 tests, and more Hands-on experience with penetration testing tools including open-source tools, such as Metasploit and the Kali Linux tool set, Nessus, Qualys guard, nmap, Wireshark and Burp Suite etc. Demonstrate strong manual penetration testing skills and techniques that are required besides automated tools and frameworks Good understanding of embedded systems security testing including firmware security, secure configuration analysis, secure boot, physical port testing (USB, serial, CAN, wireless, etc.,) Knowledge of the secure SDLC and vulnerability/risk lifecycle Knowledge of common vulnerability frameworks such as CVSS, and OWASP top 10 Experience with hardware debug tools and test equipment Solid understanding of network security and penetration testing methodologies Strong problem-solving and critical thinking skills Excellent communication and report writing abilities Certification in a relevant area such as OSCP, OSWP, GPEN, CPTC, or CPTE is highly desired Excellent communication and presentation skills Ability to collaborate effectively as part of a global cross functional team, working independently with minimal supervision.

Performed web application penetration testing using Burp Suite. Conducted secure code analysis with SonarQube. Used Kali Linux tools for vulnerability assessment. Reported and documented security issues with mitigation steps. Supported the team in maintaining secure SDLC practices.

Roles and Responsibility Provide technical support to customers via phone, email, or chat. Troubleshoot and resolve complex technical issues efficiently. Collaborate with internal teams to resolve customer complaints and concerns. Develop and maintain technical documentation and knowledge base articles. Analyze and report on customer feedback and suggest process improvements. Participate in training and development programs to enhance technical skills. Job Requirements Strong technical skills and knowledge of IT services and consulting. Excellent communication and problem-solving skills. Ability to work in a fast-paced environment and meet deadlines. Strong analytical and troubleshooting skills. Experience with technical support tools and software. Ability to collaborate effectively with cross-functional teams. Mandatory skills include technical support and title analyst. Mandatory Skills: Threat Modeling . Experience: 3-5 Years .

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to: SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to: Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to: OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to: Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to: API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design. Key responsibilities Plan the penetration test Select, design and create appropriate tools for testing Perform the penetration test on computer systems, networks, web-based and mobile applications Document your methodologies, findings Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs. Review your findings and feedback to development teams Analyse the outcomes and make recommendations for security improvements Carry out application, network, systems and infrastructure penetration tests Review physical security and perform social engineering tests where appropriate Evaluate and select from a range of penetration testing tools Keep up to date with latest testing and ethical hacking methods Deploy the testing methodology and collect data Report on findings to a range of stakeholders Make suggestions for security improvements Enhance existing methodology material Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Experience – More than 5years in Cybersecurity Web Application Testing Basic understanding of HTTP Protocol HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc. Basic understanding of HTML/JavaScript Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities Automated Testing Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.) Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan. Assessment of scanner results and intelligently identifying false positives from the scan results. Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender. Manual Testing. Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing. Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities. Preferred Professional and Technical Expertise : Webservice Testing SOAP/REST APIs testing. Configuring cURL commands and POSTMAN tool to capture the request in automated scanner. Network Testing Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc. Basic understanding of network devices like router, switches, firewall/IDS/IPS etc.. Network scanning tools such as Nessus, Nmap, Metasploit etc. Exploitation and Post Exploitation of network vulnerabilities. Threat Model and Source code security scanning Perform/Participate in threat model creation/design or review Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools. . Preferred technical and professional experience Security Certifications Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

About The Role Job Title: Penetration Tester (Web Applications and REST APIs) Location: Bengaluru Job Type: Full-time About Us: Kotak Mahindra Bank is seeking an experienced Penetration Tester to join our Platform Engineering team. As a Penetration Tester, you will be responsible for identifying vulnerabilities in web applications and REST APIs, providing recommendations for remediation, and ensuring the security posture of our clients' systems. Job Summary: The successful candidate will have a strong background in penetration testing, including experience with various tools and techniques used to identify vulnerabilities in web applications and APIs. The ideal candidate will be able to analyze complex systems, identify potential security risks, and provide actionable recommendations for remediation. Key Responsibilities: Conduct thorough penetration testing of web applications and REST APIs using a variety of tools and techniques Identify vulnerabilities in web applications, including but not limited to: SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Authentication and authorization weaknesses Session management issues Test REST APIs for security vulnerabilities, including but not limited to: Input validation and sanitization Error handling and logging Authentication and authorization mechanisms Data encryption and transmission Analyze results and provide detailed reports outlining findings, recommendations for remediation, and estimated timeframes for implementation Collaborate with development teams to ensure identified vulnerabilities are addressed and remediated in a timely manner Stay up-to-date with the latest security threats, tools, and techniques through ongoing training and professional development Requirements: 3+ years of experience in penetration testing, with a focus on web applications and REST APIs Strong understanding of web application security concepts, including but not limited to: OWASP Top 10 Web Application Security Risks (WASR) Secure Coding Practices Experience with various penetration testing tools, including but not limited to: Burp Suite ZAP Nmap AJP SQL injection tools (e.g. sqlmap) Strong understanding of REST API security concepts, including but not limited to: API Security Frameworks (e.g. OAuth 2.0) Data encryption and transmission protocols (e.g. HTTPS) Authentication and authorization mechanisms (e.g. JWT) Experience with scripting languages (e.g. Python, Ruby) is a plus Strong analytical and problem-solving skills Excellent communication and reporting skills Nice to Have: CISSP or equivalent security certification CEH or equivalent penetration testing certification Experience with cloud-based services (e.g. AWS, Azure) Familiarity with Agile development methodologies Experience with DevOps tools (e.g. Docker, Jenkins) What We Offer: Competitive salary and benefits package Opportunities for professional growth and development Collaborative and dynamic work environment Flexible working hours and remote work options

Must Have: 4+ years of experience in software quality assurance. Strong understanding of software development lifecycle (SDLC). Proficiency in manual and automated testing techniques. Experience with various testing tools and technologies (e.g., Selenium, JMeter & BURP). Experience in Agile and DevOps methodologies. Determine root cause of issues and work with the Development teams to resolve them Conduct manual and automated testing to identify defects and ensure software quality. Experience in Software Development Testing (API testing, Performance Testing, Penetration Testing) Experience in any one of the Automation Testing (UI Web Automation, API Automation, Performance Automation, Penetration Automation) Knowledge on Computer System Validation. Nice to Have: Develop and execute comprehensive test plans and test cases based on project requirements. Handson experience on Azure DevOPs. Design and implement test strategies and methodologies appropriate for different projects. Identify, document, and track software defects, ensuring their resolution in a timely manner. Collaborate with development teams to resolve identified defects and ensure code quality. Analyse test results and provide feedback to development teams to improve software quality. Experience setting up Testing Frameworks from scratch with the ability to determine and analyse various tools and concepts. Exposure to working in the healthcare industry.

Educational Requirements Bachelor of Engineering Service Line Global Delivery Responsibilities Key Responsibilities: Conduct secure code reviews, static (SAST) and dynamic (DAST) application security testing. Develop and maintain Python scripts and tools for security automation. Work closely with development teams to integrate security into the SDLC and CI/CD pipelines. Perform vulnerability assessments using tools like Qualys WAS and ArmorCode. Analyze and remediate security issues in web applications and APIs. Maintain and enhance security dashboards and reporting mechanisms. Stay updated with the latest application security threats, trends, and best practices.Mandatory Skills: Python Programming for automation and tool development. SQL for data analysis and security testing of database interactions. Web Development understanding of web technologies, frameworks, and architecture. Additional Responsibilities: Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability Good knowledge on software configuration management systems Awareness of latest technologies and Industry trends Logical thinking and problem solving skills along with an ability to collaborate Understanding of the financial processes for various types of projects and the various pricing models available Ability to assess the current processes, identify improvement areas and suggest the technology solutions One or two industry domain knowledge Client Interfacing skills Project and Team management Technical and Professional Requirements: Primary skills:Technology->Application Security->Application Security - ALL,Technology->Application Security->Vulnerability Management,Technology->Finacle-Core-Payments->Electronic Clearing System->Advance,Technology->Mobile Testing->Mobile Security Testing,Technology->OpenSystem->Python - OpenSystem Preferred Skills: Technology->Application Security->Application Security - ALL->Checkmarx Technology->Application Security->Vulnerability Management->Qualys Technology->Mobile Testing->Mobile Security Testing->Burp Suite Technology->OpenSystem->Python - OpenSystem Technology->Cloud Security->GCP - Infrastructure Security->Google Cloud Armor

Ethical Hacker (Fresher) Job Summary: We are hiring an Ethical Hacker to help identify and fix security vulnerabilities in our systems. This role suits individuals passionate about cybersecurity and ethical hacking. Key Responsibilities: Perform penetration testing and vulnerability assessments. Document findings and suggest remediation strategies. Assist in developing secure coding practices and policies. Stay updated with the latest security threats and tools. Requirements: Bachelors degree in Cybersecurity, IT, or related field. Basic knowledge of ethical hacking tools (Nmap, Metasploit, Burp Suite). Understanding of OWASP Top 10 and network security principles. Interest in certifications like CEH, OSCP (not mandatory for fresher). Preferred Skills: Scripting knowledge (Python, Bash). Analytical thinking and attention to detail. Strong ethics and commitment to responsible disclosure.

We are looking for a highly skilled and motivated Cyber Security Engineer with over 5 years of experience. If you are passionate about coding, problem-solving, and innovation, we would be thrilled to have you join our team! Responsibilities Lead and manage cybersecurity testing projects for telecom and networking equipment including Routers, Switches, Firewalls, Access points, etc. Drive the ITSAR (Indian Telecom Security Assurance Requirements) testing initiatives and capability development. Develop testing capability for FIPS 140-3 (Level 1/2) cryptographic module validations and Common Criteria (CC) EAL evaluations. Conduct and oversee penetration testing, source code reviews, and vulnerability assessments for firmware and applications. Build and maintain internal labs, tools, and automation frameworks for product security evaluations. Interpret and implement national/international security standards, translating them into test cases and validation protocols. Interface with OEMs, consultants, and certification bodies to support product compliance and documentation requirements. Manage technical teams, plan resource allocation, track project delivery timelines, and mentor junior engineers. Stay updated with evolving cybersecurity threats, standards, and industry best practices, contributing to relevant international forums by attending meetings, commenting on standards, test specifications, and publishing white papers. Requirements Bachelor's or Master's degree in Electronics and Communication, Computer Science, Cybersecurity, or related fields. 5+ years of experience in product-level cybersecurity testing, preferably in telecom or networking domains. Proven track record in Cybersecurity testing, and experience working with FIPS (NIST CMVP) and/or Common Criteria program. Familiarity with test tools such as Wireshark, Nessus, Burp Suite, OpenSSL, JTAG/UART tools, and Crypto validation tools. Solid knowledge of Linux environments, scripting, and security configuration of embedded systems. Join us at CodeVyasa and be a part of our dynamic team led by Taranpreet Kaur.,

Responsibilities Perform manual penetration testing on networks, web-based and mobile applications Run scheduled Nessus Scan and other network scans Produce high-quality technical reports and presentations and suggest remediation for the vulnerabilities Work closely with the development teams and support in fixing security vulnerabilities Engage with prospective clients to understand in scope applications and plan out the assessment of their applications or infrastructure Work as a single point of contact for existing and potential clients and manage internal and external VAPT assignments Drive information security awareness and training to promote a secure environment and an effective security culture Support and guide the VAPT team for internal and third-party VAPT assignments for web and mobile applications Provide guidance to Junior security experts on complex projects that require your experience and expertise. Support pre-sales and sales team with security-related RFP questionnaires and provide ad-hoc support to business units on security-related matters Requirements Strong fundamentals in network security, application security, and cloud security concepts and controls Understanding of the Secure Software Development Life Cycle and DevSecOps principles Must be updated with the latest security vulnerabilities Good experience with mobile and web VAPT assignments and knowledge of OWASP top 10, WASC, SANS 25 Hands-on experience with BurpSuite, SqlMap, Nmap, Nessus, Kali Linux, and various paid open-source tools Certifications such as CEH, OSCP, or any similar certification would be an added advantage Self-directed technical lead, willing to take ownership and drive results, propose technical directions, make decisions and resolve issues Excellent interpersonal skills, ability to navigate through challenging situations, and good analytical skills Excellent verbal and written communication skills and the ability to interact with senior managers, subject matter experts, regulatory authorities, and client's Information Security Offices

Responsibilities: * Conduct vulnerability assessments using Burp Suite & Nessus. * Execute penetration tests on networks, web apps & mobile devices. * Identify security risks through VAPT, PEN testing & scanning tools. Annual bonus

Detailed JD : - At least 5+ years of hands-on experience on various Security automation tools Should have managed automation implementation using various frameworks &tools like Burp suite, OWASP, Fortify etc. Good Experience in security vulnerabilities, validation of remediation etc Experience in Gitlab, CI/CD and testing experience in Devops pipeline. Experience in Cyber security domain. Good communication, presentation, and reporting skills

TOP IT CONSULTING FIRM HIRING IN LARGE NUMBERS : PLEASE CALL ON Call : 7208835287 Mail : zeba@contactxndia.com Role & responsibilities Mandatory technical & functional skills : Toolset knowledge: Burp Suite, Nessus, Nmap, Kali OS. Vulnerability assessment and web application, API, network pentesting. Perform manual penetration testing against web applications, APIs (REST/SOAP) and network devices. Ability to demonstrate application testing experience in real time via demos to both internal and external audiences. Knowledge and experience of OWASP guidelines and methodologies. Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and support junior team members on tools and techniques in performing pentests. Excellent technical report writing skills and ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations. Preferred technical & functional skills Knowledge of mobile application pentesting, application security, vulnerability management, configuration reviews, security operations and monitoring or security architecture design would be an added advantage. Preferred candidate profile