8 Burpsuite Jobs

Job Description -: Experience of 4+ years • Hands-on experience of conducting security assessments of Web Applications, Mobile Applications, Web Services/APIs, Thick-clients. • Experience in tools such as burpsuite, nessus, nmap, acunetix, metasploit, checkmarx, etc. • Experience with Open Web Application Security Project (OWASP),SANS, Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. • Ability to explain technical vulnerabilities to both technical and non technical audience highlighting business risk. • Knowledge of at least one cloud technology (AWS, Azure,GCP) is desirable, preferrably AWS and Azure. • Good understanding of coding best practices and standards. • Good knowledge of at least one of the following programming/scripting languages viz. python, ruby, C#, powershell, C/C++, Java • Good communication skills. • Critical thinking and good problem-solving abilities. • Organized in planning and time management skills are preferred. • Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable. Roles & Responsibilities -: Conduct vulnerability assessment and penetration testing for application, and other infrastructure Conduct application security assessment of web applications, mobile applications, thick-client application and API. Conduct configuration reviews for Operating System, Database, Middleware, Firewall, Routers, Switches and other infrastructure. Conduct red-team assessments Conduct cloud security assessments Conduct source-code review using automated and manual approaches Ensure timely execution of projects, delivery of status updates and final reports. Stay abreast of the latest updates in technology, security trends, vulnerabilities, exploit techniques and security news. Proficient in Ms-Excel and Powerpoint.

Essential Services: Role & Location fungibility To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service. The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the role At ICICI Bank, Information Security Group believes in providing services to its customers in the safest and most secure manner keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. Our support application team performs application vulnerability assessments and document vulnerabilities which were found and provides recommendations for remediation according to BFSI guidelines and industry best practices. As an Application Security Manager, you will provide guidance to the application team on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. You will work along with cross functional business teams to get closure of identified gaps and utilize escalation matrix effectively wherever necessary. You will conduct application security assessment results review and mitigation approval. You will keep abreast of new technologies to ensure that the organization remains at the forefront of security. Key Responsibilities Support and Testing: Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets with security tools like BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc. Analysis: Perform in-depth analysis of VAPT results, Review assessment reports to provide risk mitigation & recommendations on that basis. Collaborate: Collaborate with the application team and provide them guidance on application security best practices, support remediation effort and track open issues and follow up to ensure remediation Key Qualifications & Skills Education Qualifications: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent Certifications: OSCP Compliance: Knowledge of cyber security trends & hacking techniques, MITRE ATT&CK framework with hacker mindset. Network Security: Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Key Technologies: Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance, Knowledge of Networking concepts & Good understanding of latest Network /security technologies such as Cloud security and recent trends.

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Position 1: Consultant - MAST Vanguard Requirements: Mandatory technical & functional skills •Strong knowledge on manual secure code review against common programming languages (Java, C#) •Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. •Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs •Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. •Preferred one year of experience in development of web applications and/or APIs. •should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. •One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following a plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

*ONLY IMMEDIATE JOINERS PREFERRED* Job Title: Consultant - MAST Vanguard Experience: 4-7 Years Location: Bangalore (WFO 5 days) Work timings 12PM to 9PM Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages ( Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and leading remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

We are seeking a Cybersecurity professional to join our Information Technology t eam at Vadodara . The candidate Should have a strong understanding of information security principles , and common security technologies such as firewalls, IDS/IPS, and antivirus . Additionally, candidate should have hands-on experience with networking protocols , operating systems , and vulnerability assessment tools like Nessus , Qualys , Kali , BurpSuite , and Zap. Key Responsibilities: Assist in the implementation and maintenance of security measures to protect the organization's computer systems, networks, and data. Monitor security systems and tools for suspicious activity, unauthorized access attempts, and other security incidents. Conduct vulnerability assessments and penetration tests to identify and address security weaknesses. Analyze security logs and reports to identify trends, anomalies, and potential security threats. Participate in incident response activities, including containment, investigation, and remediation of security incidents. Assist in the development and enforcement of information security policies , standards, and procedures. Conduct security awareness training and educational programs for employees to promote a culture of security. Preferred Qualifications: Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related field. Familiarity with common security frameworks and standards (e .g., NIST Cybersecurity Framework, ISO/IEC 27001, CIS Controls, OWASP). Knowledge of networking protocols, operating systems, and common security technologies (firewalls, intrusion detection/prevention systems, antivirus). Interested candidates can share there profile at "Itcv@alembic.co.in" with the subject line "Cybersecurity- Executive "

1. Good understanding of OWASP top10 vulnerabilities 2. Burp scanning procedures. 3. Penetration testing skills, 4. In-depth understanding between risk severity and probability 5. Describe specific steps or methodology for identified risk remediation. 6. Vulnerability identification and remediation , 7. Risk frameworks, 8. Mitigation and remediation strategies, 9. Concepts of SAST, DAST, DEVSECOPS. optional Responsibilities and Day-to-Day View • Execute vulnerability assessment of applications via automated and manual techniques to understand the risk and security posture of the applications in pre-prod and prod envs. • Perform security analysis and identify new engineering standards for cloud, on-prem, and/or mobile applications based on modern HTTP based web applications and microservices that improves security posture. Analyze HTTP request/response data and collaborate knowledge with technology teams to find root cause and hardening opportunities. • Conduct, lead and handoff incident response activities (triage, communications, containment, root cause analysis, remediation) • Assess, triage and prioritize security detections from logs and monitoring alerts for suspicious or anomalous activity including bot traffic • Review application design, architecture and configuration from security standpoint and provide recommendations based on security best practices • Research, design, and develop solutions meeting internal and external compliance, security requirements and standards for Site Security & Reliability Engineering • Drives defense-in-depth security for the organization to protect critical IT assets and data • Understands cryptography and encryption of data stored and transmitted. • Logging, monitoring, and responding to detected incidents. • Serving as the voice of the customer to the development and system support teams in implementing new features or resolving security issues that exist in technology implementations. Required Qualifications • Ability to conduct creative and in-depth manual security testing (ethical hacking). • Identifies critical security gaps and drives them to resolution within required timelines. • Ability to write and develop security and infrastructure Security standards and requirements • Ability to use automated scans to identify security vulnerabilities and configuration gaps • Exceptional ability to communicate and drive progress on compliance by influencing action owners and tracking progress with reports, dashboards and other tracking mechanisms. • Ability to program and automate communications and notifications to action owners • At least 2-4 years experience in working in Azure cloud, information security, PCI and SOC compliance • Perform security analysis of cloud configurations • Experience in Application Security Testing, using automated SAST Scanners (Veracode Preferred), DAST Scanners (AppScan Enterprise Preferred) and Pen Testing tools, like BurpSuite. • Familiarity with investigative technologies such as log analysis, HTTP debugging tools • Familiarity with tools such as Splunk, EFK, Dynatrace, QuantumMetric, and any Web Application Firewall (WAF) Mandatory Skill - Must Have - Application security & testing Good to have - SAST + DAST.