27 Checkmarx Jobs

Work on a balanced product team to define, design, develop/deploy React based front-end on GCP platform. Additionally,will conduct proof-of-concepts to support new features,ensure quality,timely delivery using Agile XP practices. Required Candidate profile Good knowledge on code quality tools (42Crunch, SonarQube, CheckMarx, etc) GIT hub, Jenkins, Maven, Gradle, etc 3+ years of work experience in Agile project involvement, Software Craftsmanship

Job Description -: Experience of 4+ years • Hands-on experience of conducting security assessments of Web Applications, Mobile Applications, Web Services/APIs, Thick-clients. • Experience in tools such as burpsuite, nessus, nmap, acunetix, metasploit, checkmarx, etc. • Experience with Open Web Application Security Project (OWASP),SANS, Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. • Ability to explain technical vulnerabilities to both technical and non technical audience highlighting business risk. • Knowledge of at least one cloud technology (AWS, Azure,GCP) is desirable, preferrably AWS and Azure. • Good understanding of coding best practices and standards. • Good knowledge of at least one of the following programming/scripting languages viz. python, ruby, C#, powershell, C/C++, Java • Good communication skills. • Critical thinking and good problem-solving abilities. • Organized in planning and time management skills are preferred. • Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable. Roles & Responsibilities -: Conduct vulnerability assessment and penetration testing for application, and other infrastructure Conduct application security assessment of web applications, mobile applications, thick-client application and API. Conduct configuration reviews for Operating System, Database, Middleware, Firewall, Routers, Switches and other infrastructure. Conduct red-team assessments Conduct cloud security assessments Conduct source-code review using automated and manual approaches Ensure timely execution of projects, delivery of status updates and final reports. Stay abreast of the latest updates in technology, security trends, vulnerabilities, exploit techniques and security news. Proficient in Ms-Excel and Powerpoint.

Responsibilities Be hands-on in the design and development of robust solutions to hard problems, while considering scale, security, reliability, and cost Support other product delivery partners in the successful build, test, and release of solutions Be part of a fast-moving team, working with the latest tools and open-source technologies Work on a development team using agile methodologies. Understand the Business and the Application Architecture End to End Solve problems by crafting software solutions using maintainable and modular code. Participate in daily team standup meetings where you'll give and receive updates on the current backlog and challenges. Participate in code reviews. Ensure Code Quality and Deliverables Provide Impact analysis for new requirements or changes. In-depth knowledge of single team business domain and the ability to express or communicate technical work in business value terminology. Firm grasp on design disciplines and architectural patterns and aligning and influencing the fellow team members in following them. Engaged in fostering and improving organizational culture. Qualifications Required Skills: Strong experience in C#, SOLID Design Principles/Patterns, OOP, Data Structures, Core, ,Web API, ReactJS, xUnit, TDD, Kafka, Microservices, Event-Driven Architecture, Azure (including Terraforms and AKS). Proficiency in SQL querying and database design to interact with relational databases like SQL Server. Experience writing unit and integration tests and effectively troubleshooting application issues. Knowledge of Service Oriented Architecture, SonarQube, CheckMarx Ability to speak/write fluently in English Experience with agile methodology including SCRUM. Experience with modern delivery practices such as continuous integration, behavior/test driven development, and specification by example.

Role Overview: This role focuses on integrating security best practices into CI/CD pipelines and production system deployments, ensuring security is embedded throughout the software development lifecycle. As a DevSecOps Engineer, you will work closely with architecture, development, and operations teams to make security a shared responsibility across all stages of software development and deployment. Your primary responsibility will be implementing security best practices, testing, and automation tools into CI/CD pipelines and production environments using industry-standard tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and other security mechanisms. Key Responsibilities : Security Integration into DevOps: Collaborate with development and operations teams to integrate security practices into every stage of the software development lifecycle, from code creation to deployment. CI/CD Pipeline Security: Configure, implement, and manage security tools and automation in CI/CD pipelines to detect vulnerabilities early in the development process. Security Testing: Use SAST and DAST tools to automate security testing for code and applications. Continuously monitor security scans, report findings, and recommend remediation strategies. Automation & Process Improvement: Continuously enhance and automate security processes to deliver secure software efficiently while minimizing manual intervention. Experience Required: 3+ years of experience in DevOps or a similar role focused on integrating security into CI/CD processes. Proven experience implementing and configuring security tools such as SAST, DAST, and other automation tools. Strong hands-on experience with CI/CD tools and languages (e.g., Jenkins, Groovy, Git, Python, Bash) for pipeline automation. Proficiency in cloud-native deployments and management (e.g., Helm, Kustomize), Kubernetes objects, and cluster debugging. Familiarity with Infrastructure as Code (IaC) tools like Terraform and Ansible. Knowledge of CIS benchmark recommendations and system hardening practices. Curious? Apply now :-cognyte.70.75E@applynow.io

Databuzz is Hiring for DevSecOps Engineer-4+yrs-PAN India-Hybrid Please mail your profile to haritha.jaddu@databuzzltd.com with the below details, If you are Interested. About DatabuzzLTD: Databuzz is One stop shop for data analytics specialized in Data Science, Big Data, Data Engineering, AI & ML, Cloud Infrastructure and Devops. We are an MNC based in both UK and INDIA. We are a ISO 27001 & GDPR complaint company. CTC - ECTC - Notice Period/LWD - (Candidate serving notice period will be preferred) Position: DevSecOps Engineer Location: PAN India(Hybrid) Exp -4+ yrs Mandatory skills : A security expert who can write code as needed and knows the difference between Object vs Class vs Function programming Strong passion and thorough understanding of what it takes to build and operate secure reliable systems at scale Strong passion and technical expertise to automate security functions via code Strong technical expertise with Application Cloud Data and Network Security best practices Strong technical expertise with multicloud environments including containerserverless and other microservice architectures Strong technical expertise with older technology stacks including mainframes and monolithic architectures Strong technical expertise with SDLC CICD tools and Deployment Automation Strong technical expertise with operating security for Windows Server and Linux Server systems Strong technical expertise with configuration management version control and DevOps operational support Strong experience with implementing security measures for both applications and data with an understanding of the unique security requirements of data warehouse technologies such as Snowflake Regards, Haritha Talent Acquisition specialist haritha.jaddu@databuzzltd.com

Duration: 12Months Job Type: Contract Work Type: Onsite Roles and Responsibilities: GitLab DevOps & CI/CD: Expertise in GitLab DevOps tools, CI/CD best practices, and automation. Pipeline Management: Hands-on experience in designing, implementing, and managing environment-specific pipelines. Proficiency in Shell scripting and YAML scripting for workflow automation. Experience with Terraform or ARM templates is a plus. Kubernetes: Strong expertise in Docker and Azure Kubernetes Service (AKS). Experience with Helm charts, version upgrades, monitoring, and debugging AKS workloads. Azure Experience: In-depth knowledge of Azure App Services, Function Apps, and Azure Key Vault management. Experience managing Azure Virtual Networks (VNet), Route Tables, and Network Security Groups (NSGs). Hands-on experience integrating Checkmarx (CX Scan), Snyk, SonarQube, and Unit Testing frameworks. Strong knowledge of RBAC (Role-Based Access Control), Azure AD (Entra ID), and Azure Policy. Expertise in Azure Monitoring & Alerting, including logs, metrics, and dashboard setup. Understanding of Azure Load Balancers, Application Gateway, and Traffic Manager. Experience in provisioning, scaling, and maintaining VMs on Azure. Deep knowledge of IIS, including dependency installation, configuration, and troubleshooting. Cost Optimization: Familiarity with Azure Cost Management & Optimization strategies. Release Management: Experience in release planning, Change Request (CR) preparation, and LOP (List of Pending) management. Cross-functional Coordination: Ability to coordinate with teams for deployment success and issue resolution. Mandatory Skills: Primary skills: Devops with Azure Kubernetes, GitLab, CI/CD, Shell scripting, Helm charts, Checkmarx (CX Scan), Snyk, SonarQube, and Unit Testing frameworks. Experience: Total Exp: 5-8 years Rel Exp: 7-8 years relevant with the mandate skills

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

About this role: Wells Fargo is seeking a Lead Software Engineer within CT Cloud Engineering team In this role, you will: Migrate applications from TAS (formerly PCF) to OpenShift Container Platform. Contribute towards containerizing an application, by following the standard development practices. Leverage DevOps tools to migrate applications on OpenShift Container Platform. Integrate application with other middleware, monitoring, logging products to ensure smooth operations. Follow SDLC best practices, troubleshoot migration issues & be vocal as a Consultant for application teams to ease the migration journey. Collaborate and consult with key technical experts, senior technology team, and external industry groups to resolve complex technical issues and achieve goals. Working in a globally distributed team to provide innovative and robust Cloud centric solutions. Closely working with Product Team and Vendors to develop and deploy Cloud services to meet customer expectations. Required Qualifications: 5+ years of Software Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications: Overall 5+ years of experience, 2+ years working with OCP (OpenShift Container Platform). Must have 5+ years of hands-on experience on Java .Net (C# or other) language. Must have 5+ years of exposure and knowledge on different DevOps tools - GitHub, Jenkins, Harness, Blackduck, Checkmarx. Must have exposure and knowledge on infrastructure skills on maintaining the Kubernetes clusters, workloads, services. In depth, practical experience with Cloud methodologies (IaaS, PaaS, SaaS), microservices, orchestration etc... Job Expectations: Proficient and have a thorough understanding of various Cloud service offerings Well versed with Agile methodologies, product operating model and experience working in/for big enterprises

Position 1: Consultant - MAST Vanguard Requirements: Mandatory technical & functional skills •Strong knowledge on manual secure code review against common programming languages (Java, C#) •Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. •Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs •Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. •Preferred one year of experience in development of web applications and/or APIs. •should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. •One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following a plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

*ONLY IMMEDIATE JOINERS PREFERRED* Job Title: Consultant - MAST Vanguard Experience: 4-7 Years Location: Bangalore (WFO 5 days) Work timings 12PM to 9PM Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages ( Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and leading remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Job Title: Security Engineer Location: Chennai (5 Days Onsite) Employment Type: Contract Role Overview We are seeking a skilled and detail-oriented Security Engineer to join our team in Chennai on a contract basis. The ideal candidate will have hands-on experience in application security testing, static code analysis, and vulnerability assessments for web and mobile applications. Key Responsibilities Perform Application Security Testing using tools such as Burp Suite, ZAP , and Postman . Conduct OWASP Top 10 assessments and ensure adherence to secure coding practices. Implement and manage Static Application Security Testing (SAST) using tools like SonarQube, Fortify, Checkmarx , and Semgrep . Execute Vulnerability Assessment and Penetration Testing (VAPT) for web and mobile applications. Collaborate with development and DevOps teams to identify and remediate security vulnerabilities. Provide detailed reports and recommendations for security improvements. Required Skills Strong experience in OWASP-based security testing . Proficiency with Burp Suite, ZAP , and API testing tools like Postman . Hands-on experience with SAST tools : SonarQube, Fortify, Checkmarx, Semgrep . Experience in VAPT for web and mobile applications . Good understanding of secure software development lifecycle (SSDLC).

Seeking a skilled OSS Lead with strong DevOps expertise. Must have hands-on experience in build tools, package managers, scanning tools, GitHub Actions, and BASH scripting. Public cloud exposure is a plus. Required Candidate profile 6+ yrs of exp in DevOps Strong expertise in Build tools and Package Manager Exp-Scanning tools like CheckMarx and SCA 4+ yr exp-GitHub Actions BASH scripting Public cloud exposure is good to have

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of four (4) years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 4+ years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

Position Overview: The job profile for this position is Software Engineering Associate Advisor, which is a Band 4 Contributor Career Track Role. Our people make all the difference in our success. We are looking for engineer to develop, optimize and fine-tune AI models for performance, scalability, and accuracy. In this role you will support the full software lifecycle of design, development, testing, and support for technical delivery. This role requires working with both onsite and offshore team members in properly defining testable scenarios based on requirements/acceptance criteria. Responsibilities: Be hands-on in the design and development of robust solutions to hard problems, while considering scale, security, reliability, and cost Support other product delivery partners in the successful build, test, and release of solutions Be part of a fast-moving team, working with the latest tools and open-source technologies Work on a development team using agile methodologies. Understand the Business and the Application Architecture End to End Solve problems by crafting software solutions using maintainable and modular code. Participate in daily team standup meetings where you'll give and receive updates on the current backlog and challenges. Participate in code reviews. Ensure Code Quality and Deliverables Provide Impact analysis for new requirements or changes. Strong understanding of available technology In-depth knowledge of single team business domain and the ability to express or communicate technical work in business value terminology. Represent Engineering during discussions with-in technology org. Ability to recommend and lead solution with a firm grasp on design disciplines and architectural patterns and aligning and influencing the team in following them. Actively engaged and contributing to the software development community (COPs, Meet Ups, etc.) internally or externally. Engaged in fostering and improving organizational culture. Qualifications Required Skills: Strong experience in C#, SOLID Design Principles/Patterns, OOP, Data Structures, Core, Web API, ReactJS, xUnit, TDD, Kafka, Microservices, Event-Driven Architecture, Azure (including Terraforms and AKS), Cosmos DB Knowledge of Service Oriented Architecture, SonarQube, CheckMarx Ability to speak/write fluently in English Experience with agile methodology including SCRUM team leadership. Experience with modern delivery practices such as continuous integration, behavior/test driven development, and specification by example. Required Experience & Education: Software engineer with 8+yrs of overall experience with at-least 5 yrs in each of the technical skills listed above. Bachelors degree equivalent in Information Technology, Business Information Systems, Technology Management, or related field of study.

Responsibilities Work on projects with clearly defined guidelines as team member with responsibility for project delivery To understand end-to end application architecture and business logics. Conduct manual penetration testing of web applications, mobile applications, APIs, networks, and other systems to identify security vulnerabilities. Utilize penetration testing tools and frameworks to simulate real-world attack scenarios and identify vulnerabilities. Performs cyber security assessments which includes vulnerability assessment & penetration testing, network security architecture review, secure configuration / code review, manually etc. Understands basic business and information technology management processes. Demonstrates knowledge of firm's methodologies, frameworks, and tools. Participate in practice development. The Key Skills Understanding of basic business and information technology management processes Good knowledge of protocols, security measures and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Must have in-depth business logic vulnerabilities, XSS, SQLi, Broken Access Control, SSRF, and other OWASP TOP 10 best practices and cyber security guidelines. Experience in Infrastructure Penetration Testing and Application Security Testing Experience in secure code review and expertise in tools like Checkmarx and SonarQube are required. Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Must have Hand-on-Experience of tools like Burp-Suite, Nmap, Metasploit as well as open-source tools. Should possess knowledge of vulnerability exploitation and exploit development. Experience in basic scripting such as: Shell, Python, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, etc. Additional Skills Strong analytical and communication skills (written, verbal and presentation) Open to learn new tools and technologies as per the project requirement. Any other professional certificated will be an added advantage. Requirement: CEH (Required) and OSCP (Preferred)

A security analyst role within the Global Technology Transversal Application Services (TAS) function, supporting the provision of a robust and consistent security scanning, remediation and guidance service within the TAS Application Operations team. The team provides a global, centralized Operations, Governance, Audit, Risk & Security service across Application Delivery. DISCOVER your opportunity What will your essential responsibilities include? Support the Application Operations (Security) team in all security related activities, forums and discussions Perform application scanning across the Application Delivery estate using tools such as SonarQube, Checkmarx, JFrog Xray, CAST Highlight, Defender and Qualys Assist in setting up Jenkins pipeline integration to CI/CD lifecycle Perform Static Application Security Testing (SAST) and Software Composition Analysis (SCA), including analysis of components in applications to detect vulnerabilities and compliance issues Work with Application Delivery teams to communicate the outcome of scanning and analysis, and agree remediation actions including target dates for completion, in alignment with Information Security Policy requirements Assist in Risk Assessments, evaluating the severity of identified vulnerabilities and prioritizing remediation efforts based on potential impact to the organization Assist in Policy development, contributing to the development and implementation of vulnerability management policies and procedures Manage the production of reporting and metrics to both internal and external stakeholders You will report to the Operations Lead (under Head of Application Operations) SHARE your talent Were looking for someone who has these abilities and skills: Required Skills and Abilities: Security First mindset Understanding of vulnerability analysis, scanning and remediation processes Understanding of CVEs, CVSS Understanding of security industry compliancy benchmarks and standards i.e. CIS Understanding of security best practices/standards i.e. OWASP, NIST Preferable experience with at least 2 coding languages i.e. Java, .NET, C++, Python etc. Strong analytical, critical thinking and organizational skills, ability to multitask and work to deadlines Proficiency in Power BI, MS Work and MS Excel: We maintain and continually develop a number of Power BI Dashboards to support provision of critical data and use Excel to support our data capture and analysis and reporting Excellent communication, interpersonal and relationship building skills (verbal and written)

Number of Roles: 1 Key Responsibilities: Develop and maintain re-usable CI/CD pipelines using tools like Jenkins, GitHub Actions, and ArgoCD. Integrate security scanning and code quality tools such as SonarQube, Checkov, and Snyk into deployment pipelines. Automate compliance checks and ensure security policies are enforced throughout the deployment lifecycle. Collaborate with infrastructure and application teams to align deployment practices with platform engineering standards. Monitor pipeline performance, identify bottlenecks, and optimize workflows. Ensure deployment workflows are automated, efficient, and compliant with security best practices. Required Skills: Strong experience with CI/CD tools (Jenkins, GitHub Actions, ArgoCD, Azure DevOps ). Hands-on expertise in security scanning and quality tools like SonarQube, Checkmarx, Xray, and Snyk . Proficiency in scripting languages ( Python, Bash, PowerShell ) and automation. Solid understanding of cloud services ( Azure , AWS, GCP ) and their deployment models. Knowledge of containerization and orchestration tools like Docker and Kubernetes . Strong troubleshooting skills and ability to work collaboratively in cross-functional teams. Familiarity with monitoring and observability tools (Prometheus, Grafana, Datadog). Relevant security certifications (CISSP, CKA, or cloud security certs)

Design, develop, test, and maintain robust Java-based applications. Write clean, maintainable, and efficient code. Collaborate with architects to design scalable and secure system architectures. Implement microservices architecture and RESTful API