111 Burp Suite Jobs - Page 4

Role Profile Senior Application Security Engineer Department Information Security/ Cybersecurity Reports ToManager / Lead Security Engineer Location :Hyderabad (WFO) Role Summary: The Security Engineer will play a critical role in strengthening the security posture of applications and infrastructure by implementing secure development practices, performing vulnerability assessments, and integrating security into the SDLC. The ideal candidate will have hands-on experience with OWASP ASVS, security testing tools like ZAP, and a solid understanding of Python-based backend systems. Key Responsibilities: Implement and enforce security policies aligned with OWASP ASVS 4.0.3. Conduct Static and Dynamic Application Security Testing (SAST/DAST) using tools such as ZAP, Fortify, Burp Suite, and GitHub security. Collaborate with DevOps teams to embed security in CI/CD pipelines. Perform threat modelling and risk assessments for applications and APIs. Identify and remediate security vulnerabilities in Python-based services. Prepare and support documentation for STQC audits and other compliance processes. Create and maintain secure coding guidelines for developers. Track and manage vulnerabilities using centralized dashboards or ticketing systems. Collaborate with developers and QA teams during SDLC to ensure secure code deployment. Required Qualifications & Skills: 8–10 years of Overall experience in IT . 5–6 years of hands-on experience in Application Security. Strong knowledge of OWASP Top 10 and OWASP ASVS frameworks. Practical experience with ZAP, Fortify, Burp Suite, or similar tools. Good understanding of Python backend services and typical security flaws. Knowledge of CI/CD security integration tools and methodologies. Familiarity with STQC security processes and regulatory compliance documentation. Knowledge of SAST/DAST/IAST methodologies and modern DevSecOps practices. Bachelor’s degree in computer science, Cybersecurity, or related discipline. Soft Skills: Strong analytical and problem-solving abilities. Excellent written and verbal communication skills. Collaboration and team orientation. High attention to detail and documentation. Strong stakeholder management across development, DevOps, and compliance teams. Preferred Qualifications: Certifications such as OSCP, CISSP, CEH, or GWAPT. Exposure to cloud security (AWS/GCP/Azure). Scripting knowledge for automation using Python or Bash. Experience with container and Kubernetes security tools. Key Relationships: InternalDevelopment Teams, DevOps Teams, QA Teams, Compliance Team, Product Owners ExternalAuditors, Regulatory Authorities (e.g., for STQC), Security Vendors Role Dimensions: Team Size: Individual contributor or small security team lead Scope: Application security coverage across all internal and external apps Impact: High – directly impacts risk mitigation, compliance, and secure software delivery Success Measures (KPIs): % of vulnerabilities resolved within SLA Number of applications onboarded to security tools Security issues found in pre-production vs post-deployment Developer adoption rate of secure coding practices STQC and other audit clearance rates Mean time to detect and remediate vulnerabilities Competency Framework Alignment: Technical Expertise Deep understanding of of AppSec tools and practices Results Orientation Works cross-functionally with technical teams Problem Solving Strong in analysing and resolving security issues Communication Explains complex security concepts to non-tech teams Adaptability Takes ownership of vulnerabilities and resolutions

Perform security testing on applications using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools to identify vulnerabilities and recommend mitigations.

The Pen Testers role involves working with relevant technologies, ensuring smooth operations, and contributing to business objectives. Responsibilities include analysis, development, implementation, and troubleshooting within the Pen Testers domain.

Roles and Responsibilities Conduct vulnerability assessments using Nessus, Burp Suite, and Qualys to identify potential security risks. Develop and maintain comprehensive reports on identified vulnerabilities, including remediation recommendations. Collaborate with cross-functional teams to implement mitigation strategies and monitor progress towards resolution. Provide expert guidance on application security best practices to development teams. Stay up-to-date with industry trends and emerging threats to continuously improve vulnerability management processes.

Position- System security Analyst Location- Mohali Key Responsibilities: • Conduct Vulnerability Assessment and Penetration Testing (VAPT). • Perform Application Security (AppSec) reviews. • Conduct Source Code Reviews to identify and remediate security flaws. Preferred Certifications: • CEH (Certified Ethical Hacker) • OSCP (Offensive Security Certified Professional) Hands-on Experience With: • VAPT Tools: Burp Suite, Nessus, Metasploit • AppSec Tools: Acunetix, Checkmarx • Source Code Analysis Tools: Fortify, Veracode • Familiarity with scripting (Python, Bash) and DevSecOps principles is a plus.

We are seeking an experienced and highly skilled Penetration Tester with expertise in mobile application security, specifically for both Android and iOS platforms. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in mobile applications, networks, APIs, and other critical systems. Your primary responsibility will be performing thorough security assessments, including reverse engineering, malware analysis, and incident forensics, to ensure the security and resilience of mobile applications and systems. The ideal candidate should have hands-on experience with penetration testing tools, mobile application testing, and advanced exploitation techniques. You will also be expected to collaborate with various teams, including Red Teams, to develop strategic security initiatives and offer expert-level recommendations for security improvements. Key Responsibilities: Mobile Application Penetration Testing: Conduct in-depth security assessments of mobile applications for both Android and iOS platforms, identifying vulnerabilities and recommending remediation strategies. Red Team Activities: Participate in Red Team exercises to simulate real-world attacks, uncover hidden threats, and assess the effectiveness of security controls. Security Assessments: Perform penetration testing on applications, networks, mobile platforms, APIs, cloud environments, and critical systems to identify advanced threats and vulnerabilities. Custom Exploit Development: Develop custom exploit code and scripts to demonstrate potential security risks to stakeholders and stakeholders, providing hands-on demonstrations of vulnerabilities. Reverse Engineering & Malware Analysis: Use reverse engineering techniques and tools to analyze complex threats, malware, and incidents, providing detailed reports on findings. Collaboration with Leadership: Collaborate with executive leadership and senior management to develop and execute strategic security initiatives and roadmaps to mitigate security risks. Security Architecture Guidance: Provide expert-level guidance on secure coding practices, cryptography, architecture design principles, and implementation to mitigate risks effectively. Tool Development & Automation: Develop custom penetration testing tools and scripts to automate testing processes and enhance capabilities for thorough assessments. Incident Forensics: Lead efforts to analyze and investigate security incidents, determining the root causes and recommending improvements for better prevention. Required Skills and Qualifications: Mobile Pen Testing Expertise: Strong experience in mobile application penetration testing for both Android and iOS platforms. Penetration Testing Tools: Expertise in tools and frameworks such as Metasploit, Burp Suite, Nessus, NMAP, and custom/open-source tools. Red Teaming & Advanced Exploitation: Advanced proficiency in red teaming, black box testing, and using advanced exploitation techniques to identify vulnerabilities. Malware Analysis & Reverse Engineering: Experience in malware analysis and reverse engineering to assess complex threats and incidents. Cryptography & Secure Coding: In-depth knowledge of cryptography, secure coding practices, and secure architecture design principles. Custom Tools & Scripting: Hands-on experience in developing custom scripts and tools to automate testing processes and enhance the effectiveness of assessments. Penetration Testing Methodologies: Expertise in applying penetration testing methodologies, including both network and application-level security assessments. Certifications (Preferred): o OSCP (Offensive Security Certified Professional) o CRTP (Certified Red Team Professional) o eLearn Security Certified Professional Penetration Tester V2.0 o Any other relevant certifications are a plus. Required Experience: Overall Experience: 12+ years in penetration testing, security assessments, and threat analysis. Relevant Experience: 10 years of hands-on experience specifically in penetration testing for mobile applications (Android & iOS), network security, cloud environments, and APIs. Experience working in Red Team environments is a plus.

The Security Engineer is responsible for designing, implementing, and maintaining security across all products and infrastructure, with a focus on both blockchain/wallet and general application security. This role requires a strategic mindset, strong risk management skills, and the ability to communicate security concepts to both technical and non-technical stakeholders. The ideal candidate is proactive, detail-oriented, and committed to fostering a culture of security throughout the organization. Responsibilities Develop and enforce security policies, standards and best practices. Lead security architecture reviews and risk assessments. Collaborate with engineering, product, and operations teams to ensure secure design and implementation. Oversee incident response, forensics, and post-incident analysis. Conduct security awareness training and promote a security-first culture. Stay current with emerging threats, vulnerabilities, and security technologies. Ensure compliance with relevant regulations and industry standards. Coordinate with external auditors, partners, and vendors on security matters. Qualifications and Experience Bachelors degree in Computer Science, Information Security, or related field (or equivalent experience). Relevant security certifications (CISSP, CISM, CEH, OSCP, etc.). 5+ years of experience in security engineering or related roles. Demonstrated experience with both blockchain and traditional application/infrastructure security. Experience leading security initiatives and incident response. Deep understanding of security frameworks, standards, and regulations (NIST, ISO 27001, GDPR, etc.). Awareness of current threat landscape and security technologies. Familiarity with blockchain security and smart contract vulnerabilities.

Role & responsibilities - Perform Application Security Testing - Perform Network Penetration Testing - Perform Vulnerability Assessment of Servers - Verify Scan results through manual testing - Co-ordinate with the clients for Project related queries - Undertake meeting with the client teams for discussing security issues and recommendations - Create detailed security reports - Keep track of project progress & send regular updates - Research on security tools - Create Security Knowledge base for the team - Participate in quality initiatives. Location: Pune-On Site Required Knowledge Areas: Web Application Security OWASP Top 10 Mobile Application Security – Mobile OWASP Top 10 NMAP/Port Scanning Vulnerability Scanning & Verification Web Traffic Interception (For Web/Mobile apps) SSL Security Tools Experience: Working knowledge of following tools is needed: Web Proxy Editors Network Sniffers Nessus Scanner Reverse Engineering Tools Mobile Application security tools – Either Android/IOS Any one Web Application Security Scanner. Certification Requirement: The candidate must possess any one of the following certifications: CEH/ ECSA/ OSCP Other Skills: The candidate should be good in: Documentation Communication Skills. Interested candidate can share their resume on hr@synradar.com or can connect on 8655620119 Immediate joiners are preferred

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience. Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModelingAbility to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify

BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing. A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. Roles and Responsibilities: Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. Provide expert guidance on application security best practices. Research and develop new penetration testing methodologies, tools, and techniques. Qualifications & Skills: 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. Penetration testing experience is essential; prior participation in bug bounty programs is a plus. Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. Ability to think creatively and analytically to identify and exploit vulnerabilities. Strong problem-solving skills when encountering unexpected challenges during testing. Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. Meticulous attention to detail in documenting findings and creating reports. Effective time management skills to meet project deadlines and testing schedules. High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. Preferred Skills: Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks.

Implement security-as-code principles and automate security controls in CI/CD pipelines. Conduct secure code reviews and assist developers in adopting secure coding practices. Deploy and manage security tools such as SAST, DAST, SCA, IAST, and container security solutions.

Happiest Minds Technologies is a Mindful IT Company that focuses on enabling digital transformation for enterprises and technology providers by leveraging disruptive technologies. With a 'Born Digital . Born Agile' approach, we offer digital solutions, infrastructure, product engineering, and security services across various industry sectors. Headquartered in Bangalore, India, Happiest Minds has a global presence in the U.S., UK, Canada, Australia, and the Middle East. Interested professionals can reach out to me ankita.patari@happiestminds.com Experience Details : 7 to 10 Years Location : Bangalore,Pune,Noida,Bhubneswar,Madurai,Coimabatore S kills: Burp suite, Vulnerability Assessment, Static/dynamic testing of mobile applications Job Description: Good written and verbal communication skills Hands on experience in Application security testing: Manual code walkthroughs, using Burp tool, NMap, Radioshark, Checkmarx etc., - Experience in both DAST and SAST - Preparation of detailed testing reports with vulnerabilities with CVSS scoring and remediations - Guiding developers in fixing the vulnerabilities - Knowledge of writing the test cases aligning with OWAP / NIST standards - Knowledge of External PT - Team management - Client management - Tracking and reporting of vulnerabilities - Understanding of Cybersecurity domain Thanks And Regards, Ankita Ghosh

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment ..Interested candidate can share resume to ankita.patari@happiestminds.com Work Location: Belapur, Navi Mumbai Experience: 11-15 Years General Shift who can join with 30 days notice period Skills: Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10,OWASP ZAP, Ethical Hacking, Static/dynamic testing of mobile applications, Vulnerability Mitigation Job Description: Project Management - Lead and manage the AppSec team consisting of L1 and L2 resources. Serve as the primary point of contact between the Bank and the team for all project-related activities. Monitor daily operations, ensure resource optimization, and address any issues that arise during the engagement. Application & Security Review - Oversee the review of application security including web, mobile, API, and other banking applications. Perform comprehensive reviews of Network Architecture, Source Code, VAPT reports, and configuration audits. Review deliverables from L1 and L2 resources, ensuring completeness and quality. Compliance and Risk Management Reporting Stakeholder Management B.Sc (IT/CS) / B.Tech in Computer Science, Information Technology, or related field. CISSP, CISA, CISM, CRISC 11-15 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. Thanks And Regards, Ankita Ghosh ankita.patari@happiestminds.com

Overview of the Role We are seeking an experienced and detail-oriented QA professional to lead, guide, and monitor the analysis, design, implementation, and execution of test cases, procedures, and test suites. The candidate should ensure proper configuration management of the product and maintain traceability of tests on a test basis. Strong communication in both Hindi and English and a sound understanding of IT and application software are essential. Roles & Responsibility Lead and manage end-to-end testing activities, including functional (system, regression, smoke) and non-functional (performance, security, automation) testing. Liaise with technical teams to ensure testing comprehensively covers requirements and specifications. Create and execute test strategies, plans, test case designs, test data, and test cases. Perform test case execution, logging defects, and generating test reports and traceability matrices. Conduct REST-based API testing and develop automation for API validations. Execute performance testing using JMeter and other load testing tools. Perform database testing with PostgreSQL, MySQL, DB2, Oracle, etc. Perform automation testing using Selenium. Conduct security testing using tools like Burp Suite. Utilize bug tracking tools like JIRA for defect management and reporting. Desired Skills/Background Strong hands-on experience with both functional and non-functional testing methodologies. Proficiency in tools such as JMeter, Selenium, Burp Suite, and JIRA. Knowledge and experience in database testing (PostgreSQL, MySQL, DB2, Oracle). Ability to create and maintain detailed documentation, including test strategies, plans, and reports. Strong analytical and problem-solving skills with attention to detail. Excellent verbal and written communication skills in both Hindi and English. Educational Qualification: BE/B.Tech/MCA/M.Tech Minimum 7 years of relevant experience. OEM Certification in a leading testing tool is a must.

Required skillset: Ability to handle security testing projects: Customer Interactions, Team monitoring. Able to derive security requirements Threat Model, TARA, SCA, SAST Able to drive the security standards in the applications like OWASP, SANS, CVSS, CWE, STRIDE, DREAD Good Technical Presentation skills, Team collaboration skills, training and mentoring must be preferred. Expertise in Tools like : Appscan, Fortify, Burpsuite, Kali Linux, Postman Expertise in REST API Penetration testing Handson experience in Embedded Device Security Testing with expertise in Secure Boot, Firmware Analysis, CAN/UDS/USB/JTAG interface security testing Expertise in implementing and executing the Cyber Security Solutions and Penetration Testing for Network and Embedded devices. Hands-on Experience in AWS/Azure Good Technical Presentation skills and Team collaboration skills must be preferred. Security Certifications like CEH, ECSA or equivalent. Role & responsibilities Preferred candidate profile

Greetings from Peoplefy Infosolutions !!! We are hiring for one of our reputed MNC client based in Pune . We are looking for candidates with 3 + years of experience in below skills - Primary skills : Ethical Hacking Penetration Testing Software development Cyber forensics or threat hunting Application security Secure coding Burp suite Interested candidates for above position kindly share your CVs on chitralekha.so@peoplefy.com with below details - Experience : CTC : Expected CTC : Notice Period : Location :

Greetings from Peoplefy Infosolutions !!! We are hiring for one of our reputed MNC client based in Pune . We are looking for candidates with 3 + years of experience in below skills - Primary skills : Ethical Hacking Penetration Testing Software development Cyber forensics or threat hunting Application security Secure coding Burp suite Interested candidates for above position kindly share your CVs on vaishnavi.pi@peoplefy.com with below details - Experience : CTC : Expected CTC : Notice Period : Location :

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModelingAbility to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools. Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify

Job Title: Application Security Engineer SAST & DAST Experience Required: 3 to 8 Years Location: Hyderabad / Bangalore / Chennai / Mumbai / Pune / Kolkata / Gurgaon Mode of Interview: MS Teams (12 rounds) Notice Period: 0 to 30 Days Job Overview: We are looking for an experienced Application Security Engineer specializing in SAST & DAST to join our growing team. The ideal candidate will be responsible for integrating security throughout the software development lifecycle (SDLC), implementing and managing security tools, and driving security best practices across the organization. Key Responsibilities: Implement and manage application security testing activities throughout the development, deployment, and maintenance phases. Perform Static Application Security Testing (SAST) using tools like Checkmarx and Fortify . Execute and manage Dynamic Application Security Testing (DAST) tools such as AppScan and WebInspect . Conduct secure code reviews in languages including Java, .NET, Swift, Objective-C . Integrate security tools in DevOps pipelines and CI/CD environments (e.g., Jenkins, TeamCity, Bamboo, Chef, Puppet). Apply OWASP Top 10 , SANS Secure Coding Practices , and Security Engineering Principles during development and assessment. Analyze, triage, and report vulnerabilities using CVSS scoring and determine business impact. Perform penetration testing for web, mobile, and desktop applications. Implement mobile security testing techniques, including bypassing SSL pinning , root detection , reverse engineering , and manifest analysis . Work with containerized environments such as Docker and Kubernetes . Utilize at least one scripting language (e.g., Python, Bash, PowerShell) for automation or security tooling. Required Skills & Experience: Strong experience with SAST and DAST tools (Checkmarx, Fortify, AppScan, WebInspect) Familiarity with OWASP Top 10 , secure coding practices, and vulnerability remediation Proficient in secure code review for Java, .NET, Swift, Objective-C Solid understanding of DevSecOps practices and security toolchain integration Hands-on experience with CI/CD tools (Jenkins, TeamCity, Bamboo, etc.) Experience with container security in Docker/Kubernetes environments Knowledge of CVSS scoring and vulnerability risk assessment Understanding of mobile application security techniques and concepts Experience with scripting in Python, Bash, or equivalent Preferred Qualifications: Security certifications (e.g., CEH, OSCP, GWEB, GWAPT, Security+ ) Exposure to cloud environments (AWS, Azure, GCP) from a security standpoint Familiarity with automated testing tools like Selenium Experience working in Agile and DevOps environments Interested Candidates can share your updated resume to subashini.gopalan@kiya.ai

About The Role We are looking for a skilled Application Security Engineer to strengthen our security posture by proactively identifying and mitigating vulnerabilities across our web applications, APIs, and mobile apps. The ideal candidate will have a strong background in penetration testing, secure code review, and security automation. Roles & Responsibilities(What will you do): -Perform penetration testing of web applications, APIs, and mobile apps, providing in-depth vulnerability analysis and remediation guidance. -Conduct manual and automated secure code reviews, primarily in Java, Python, and JavaScript. -Develop security automation solutions using Python to streamline testing, improve coverage, and reduce manual effort. -Work closely with development teams to ensure timely resolution of security issues within fast-paced release cycles. -Create and maintain threat models, applying threat modeling techniques to proactively identify and mitigate design-level security risks. -Foster a security-first mindset by educating developers on secure coding practices, common vulnerabilities, and attack vectors while effectively communicating security findings to stakeholders. What Makes You a Great Fit -1-5 years of experience in application security, penetration testing, or related fields. -Strong penetration testing expertise with tools like Burp Suite, OWASP ZAP, semgrep, MobSF, Jadx-GUI and other mobile security testing frameworks. -Experience integrating security into SDLC and familiarity with DevSecOps tools. -Proficiency in secure coding principles, OWASP Top 10, CWE, and exploit techniques. -Strong scripting skills (Python preferred) for security automation. -Excellent communication and stakeholder management abilities. -Passion for continuous learning and staying updated on security trends. -Certifications like OSCP, OSWE, CRTP, or a proven Bug Bounty track record and/or CTF partipation are a plus PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles) Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy

About us: Astra is a cyber security SaaS company that makes otherwise chaotic pentests a breeze with its one-of-a-kind Pentest Platform Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 8300+ security tests CTOs & CISOs love Astra because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra's CI/CD integrations, Astra is loved by 650+ companies across the globe In 2024 Astra uncovered 2 5 million+ vulnerabilities for its customers, saving customers $110M+ in potential losses due to security vulnerabilities, We've been awarded by the President of France Mr Fran?ois Hollande at the La French Tech program and Prime Minister of India Shri Narendra Modi at the Global Conference on Cyber Security Loom, MamaEarth, Muthoot Finance, Canara Robeco, ScripBox etc are a few of Astras customers, Role Overview Are you a motivated and technically curious Software Development Engineer (Python/JavaScript) with a growing interest in cybersecurityDo you enjoy building robust and scalable systems and are you intrigued by the challenge of automating pentesting Your primary focus will be on identifying new attack techniques and developing high-fidelity detection rules to enhance our offensive security engine and Attack AI You will work closely with security researchers, engineers, and product teams to ensure our platform remains ahead of evolving threats, If you're passionate about offensive security, love breaking things to make them more secure, and want to shape the future of automated vulnerability detection, wed love to have you on board, Roles & Responsibilities: Work within our dynamic Attack AI team to design, develop, and maintain software components for vulnerability detection in web applications, cloud environments, and APIs, Collaborate with security researchers to understand their findings and translate them into robust and efficient detection logic and automated processes, Develop and maintain Python and/or JavaScript-based detection logic, leveraging your strong programming skills to automate security analysis and exploit identification, Design and implement APIs and automation frameworks that facilitate the integration of new detection modules and enhance the scalability of our security engine, Work in an agile development environment, actively contributing to the architecture, design, and implementation of Astra's scanning engine, Research, design, develop, and troubleshoot?you will be instrumental in building and owning the core components you work on, Write secure, modular, testable, and well-documented code to maintain high-quality engineering standards across our detection engine, Adhere to strict code review and security best practices, ensuring high-quality and maintainable code within the security context, Ensure timely delivery of features and components, maintaining transparency with technical managers regarding development progress, Basic Qualifications Strong analytical mindset with a passion for security research and offensive security, ~1 year experience involving security & development experience in JavaScript (preferred) or Python, A foundational understanding of security principles and a strong desire to learn how they apply to Web, API, and Cloud environments, Excellent problem-solving and debugging skills with a keen eye for detail in developing reliable software solutions, Strong communication and collaboration skills, with the ability to work effectively in a remote team environment and interact with both engineering and research team members, A strong eagerness to learn and apply new technologies and development methodologies, particularly within the context of security engineering using Python and JavaScript, Familiarity with Git for version control and collaboration is essential, Good to have Experience using security tools such as Burp Suite, OWASP ZAP, or similar vulnerability assessment tools, Understanding of HTTP request lifecycle, HTTP methods, REST APIs etc Experience with bash scripting Prior experience working in a remote role, with strong self-management and collaboration skills, We Offer: Adrenaline rush of being a part of a fast-growing company and working on hard problems that matter, Fully remote, agile working environment, Good engineering culture with full ownership in design, development, and release lifecycle, A wholesome opportunity where you get to build things from scratch, improve, and ship code to production in hours, not weeks, Holistic understanding of the SaaS and security industry, Annual trips to beaches or mountains (last one was to Wayanad!), Open and supportive culture, Health insurance & other benefits for you and your spouse (maternity benefits included),

Your Tasks Test Planning and Design: Develop comprehensive test plans and test cases based on project requirements and specifications Design and implement automated and manual testing procedures tailored to web applications in the wind energy sector, Testing Execution: Execute test cases and report defects Perform various types of testing, including: Functional Testing: Ensure that the application works as expected and meets all requirements, API Testing: Validate the functionality, reliability, and performance of API endpoints, Integration Testing: Verify that different modules or services work together as intended, Regression Testing: Ensure that new code changes do not adversely affect existing functionalities, Performance Testing: Assess the application's performance under various conditions to ensure it meets performance criteria, Security Testing: Identify and address security vulnerabilities within the application, Usability Testing: Evaluate the application's user interface and user experience, Environment Setup: Set up and maintain test environments in Azure Kubernetes Service (AKS) Collaborate with DevOps teams to ensure smooth deployment and testing processes, Defect Management: Identify, document, and track defects using issue tracking tools Work closely with development teams to resolve issues and ensure timely fixes, Collaboration and Communication: Collaborate with developers, product managers, and other stakeholders to understand requirements and provide feedback Communicate test results and provide recommendations for improvements, Documentation: Create and maintain detailed documentation for test plans, test cases, and test results Provide training and support to team members on testing best practices and tools, Your Profile Qualification: Bachelor's degree in Computer Science, Information Technology, or a related field, Experience Proven experience as a QA Tester or similar role, Experience with web application testing and API testing, Familiarity with Azure Kubernetes Service (AKS) and cloud-based testing environments Experience in the wind energy sector or similar industries is a plus, Skills Strong understanding of software testing methodologies and tools, Proficiency in automated testing tools (e-g , Selenium, JUnit), Knowledge of scripting languages (e-g , Python, JavaScript), Excellent problem-solving skills and attention to detail, Strong communication and collaboration skills, Certifications ISTQB Certified Tester or equivalent certification is preferred, Tools And Frameworks Automated Testing Tools: Selenium, JUnit, TestNG, API Testing Tools: Postman, SoapUI, REST Assured, Performance Testing Tools: JMeter, LoadRunner, Security Testing Tools: OWASP ZAP, Burp Suite, Issue Tracking Tools: JIRA, Bugzilla, CI/CD Tools: Jenkins, Azure DevOps, Nordex adheres to a policy of equal employment opportunity All employment decisions are made without regard to protected characteristics and in full compliance with all laws and legislations,

Role Overview : The Application Security Senior Engineer will play a crucial role in safeguarding our applications and digital assets against security threats. With a primary focus on Vulnerability Assessment and Penetration Testing (VAPT), the role involves identifying, assessing, and mitigating security vulnerabilities across our application portfolio. This position requires a proactive mindset, strong technical skills, and the ability to collaborate effectively with cross-functional teams and support the security projects. Youll be Responsible for? I. Vulnerability Assessment and Penetration Testing (VAPT): Conduct comprehensive security assessments of applications using industry-standard tools and techniques. Perform manual testing and automated scans to identify vulnerabilities such as OWASP Top 10, SQL injection, XSS, CSRF, etc. Analyze and interpret assessment findings, providing clear and actionable recommendations to development teams. Support the security gating process with timely security assessment and reporting. Provide guidance and assistance on secure software development life cycle. Track identified vulnerabilities through to resolution, collaborating closely with development teams to ensure timely mitigation. Provide detailed vulnerability reports and metrics to stakeholders, including risk assessments and remediation progress. II. Support for Security Projects: Actively participate in security projects and initiatives, providing expertise and guidance on application security best practices. Perform Security Architecture review for existing and new security projects and guide on security best practices. Collaborate with architects and developers to integrate security into the SDLC (Secure Development Life Cycle) and CI/CD pipelines. III. Incident Response and Support: Assist in incident response activities related to application security incidents. Contribute to root cause analysis and lessons learned sessions to improve incident handling and prevention strategies. IV. Security Awareness and Training: Develop and deliver training sessions on secure coding practices and application security awareness. Promote a culture of security within the organization, advocating for continuous improvement and adherence to security policies. What we’ll look in you? Bachelor’s degree in computer science/information technology, or a related field. Minimum of 5 years of experience in application security, with a focus on VAPT and secure development practices. Proven experience with security assessment tools such as Burp Suite, Qualys, Nessus, etc. Strong understanding of web application architecture, including front-end, back-end, and APIs. Solid knowledge of OWASP guidelines and best practices for secure coding. Certifications such as CISSP, CEH, OSCP, or similar are preferred. Excellent communication skills with the ability to articulate technical concepts to non-technical stakeholders. Strong analytical and problem-solving skills, with attention to detail. Why join us? Impactful Work : Play a pivotal role in safeguarding Tanla's assets, data, and reputation in the industry. Tremendous Growth Opportunities : Be part of a rapidly growing company in the telecom and CPaaS space, with opportunities for professional development. Innovative Environment: Work alongside a world-class team in a challenging and fun environment, where innovation is celebrated. Tanla is an equal opportunity employer. We champion diversity and are committed to creating an inclusive environment for all employees. www.tanla.com

Job Title: Security Engineer Location: Chennai (5 Days Onsite) Employment Type: Contract Role Overview We are seeking a skilled and detail-oriented Security Engineer to join our team in Chennai on a contract basis. The ideal candidate will have hands-on experience in application security testing, static code analysis, and vulnerability assessments for web and mobile applications. Key Responsibilities Perform Application Security Testing using tools such as Burp Suite, ZAP , and Postman . Conduct OWASP Top 10 assessments and ensure adherence to secure coding practices. Implement and manage Static Application Security Testing (SAST) using tools like SonarQube, Fortify, Checkmarx , and Semgrep . Execute Vulnerability Assessment and Penetration Testing (VAPT) for web and mobile applications. Collaborate with development and DevOps teams to identify and remediate security vulnerabilities. Provide detailed reports and recommendations for security improvements. Required Skills Strong experience in OWASP-based security testing . Proficiency with Burp Suite, ZAP , and API testing tools like Postman . Hands-on experience with SAST tools : SonarQube, Fortify, Checkmarx, Semgrep . Experience in VAPT for web and mobile applications . Good understanding of secure software development lifecycle (SSDLC).

We are hiring for Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 2 to 5 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2 to 4 Years Primary Skills : SAST, Penetration testing , Vulnerability Assessment Responsibility: Static Code analysis, Static/dynamic testing of mobile applications,Vulnerability Assessment,Penetration Testing Thanks And Regards, Ankita P Ghosh ankita.patari@happiestminds.com