52 Checkmarx Jobs

What You'll Do: Practice Leadership: Define and execute the overall strategy for the Vulnerability Management practice. Identify and develop new service offerings to meet evolving client needs. Establish and maintain strong relationships with key technology partners. Stay abreast of industry trends and emerging security threats. Solution Development & Delivery: Lead the development of comprehensive Vulnerability Management, Application Security, Penetration Testing and Red Teaming solutions tailored to client requirements. Oversee the implementation and management of security services, including Vulnerability Management, Application Security, Penetration Testing and Red Teaming solutions and security awareness training. Familiarity with compliance & security standards across the enterprise IT landscape. Knowledge of compliances (PCI DSS, SOX etc.) and IS standards (ISO 27001, BS25999, ISO 2700X, OWASP, CIS, etc). Develop and maintain comprehensive service documentation and operational procedures. RFP Response & Pre-Sales: Lead the technical response to RFPs and RFIs, crafting compelling solutions that address client security challenges. Collaborate with sales teams to develop winning proposals and presentations. Provide expert security guidance during client meetings and presentations. Client Relationship Management: Build and maintain strong relationships with clients. Conduct regular service reviews and provide proactive security recommendations. Act as a trusted advisor to clients on security matters. Expertise You'll Bring: 8+ years of experience in information security, with a focus on Red Teaming & Vulnerability Management services. Deep understanding of security technologies and methodologies that includes but not limited to Nessus, Qualys, Checkmarx, Burpsuite and Security Awareness. Experience in managing and delivering security services to enterprise clients. Proven ability to lead and mentor technical teams. Excellent communication, presentation, and interpersonal skills. Strong analytical and problem-solving abilities. Bachelors degree in computer science or a related field. Relevant industry certifications (CEH, OSCP) are highly desirable.

Organization: At CommBank, we never lose sight of the role we play in other peoples financial wellbeing. Our focus is to help people and businesses move forward to progress. To make the right financial decisions and achieve their dreams, targets, and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas, and energy all contribute to the impact that we can make with our work. Together we can achieve great things. Job Title: Staff Software Engineer Location: Manyata Tech Park, Bangalore (Hybrid) Business & Team: Our Bankwest Technology division is at the heart of our digital product strategy, and is responsible for the management and deployment of technology change across the organisation. Our tech teams work at pace, with autonomy and local decision making, to deploy world-class solutions in the pursuit of our business strategy. Youll be joining our Bankwest Tech Team, a critical supporting function that allows teams to deliver rapidly whilst still aligning to a strategic roadmap. As a team of trusted internal consultants, youll provide the expertise, guidance and technology governance to delivery teams to plot a pragmatic path between todays deliverables and our longer term enterprise objectives. Youll provide input into roadmaps, best practice, standards and methodologies to help ensure high quality outcomes, and oversee implementation to ensure business objectives are met. Since you bridge the gap between business problems and technology solutions, youll need to be equally comfortable engaging with senior stakeholders as with engineering teams, and excellent communication skills (in both directions) are a must. And often youll work across a range of different initiatives, so whilst youre never short of a challenge, the ability to work independently and manage your own time is important Impact & contribution: As a Staff Engineer you are: Empathetic and self-aware. You think and care deeply about how you might interact with your team, stakeholders and customers. A Mentor, harboring a passion to nurture, grow and influence those around you to think differently and always maintain a growth mindset. Innovative. You continually seek to improve the status quo for our customers. You inspire your team to do the same and remain resilient through change. Promoting quality and delivering at pace through the maximization of automation is one of the key focus areas of the role. Ownership, you take responsibility for the software design, engineering processes and quality standards of yours as well as your team members as you work in a collaborative environment. Roles & responsibilities: As a Staff Software Engineer, you - All aspects of the SDLC which includes Analysis, Estimation, Design, Development, Quality Assurance, Support, Maintenance and Optimization tasks. Should be a quick learner and be flexible and open to learn modern technology and frameworks and write code. Drive pragmatic and fit for purpose solutions of high technical quality. Maintaining software design, engineering processes and quality standards including maintaining privacy of customer information and following secure code practice. Provide tools, expertise, and knowledge to help squad gain a shared understanding of outcome and shared ownership of quality. Should be aligned to Full spectrum engineering squad. Maintains awareness of changes in the external environment and continuously advances the capability. Pro-actively look for ways to provide faster feedback, including uplift in test automation maturity in the squad. Work collaboratively with engineers within and across squads. Support the team in delivering quality outcomes within committed time frames. Follow secure code practices. Essential Skills:- Minimum 12 years of experience with expert level knowledge, working with the following languages. Java and J2EE Angular or equivalent Frontend technology REST and API Development Spring Framework Front End Web Development (Angular preferred only for Full stack. Experience working with the following Tools and Frameworks: Experience in DevSecOps tools and frameworks SRE Awareness Experience working in AWS (preferred) IDEs (Visual Studio Code & IntelliJ) NodeJS and NPM (only for Full stack) Automated Testing frameworks such as JUnit, Playwright and DevTest Source Control systems such as GitHub Build & Deployment tools such as TeamCity, Octopus Deploy Monitoring tools such as Splunk, AppDynamics, Checkmarx Database such as Oracle, MySQL etc. Educational Qualification: Bachelors degree or Masters degree in engineering in Information Technology. If you&aposre already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you&aposll need to apply through Sidekick to submit a valid application. Were keen to support you with the next step in your career. We&aposre aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696. Advertising End Date: 13/08/2025 Show more Show less

About the Company Softcell Global Technologies Pvt. Ltd. is a leading IT services provider with over 30 years of experience in infrastructure solutions, cybersecurity, cloud, and engineering. Trusted by top banks, enterprises, and government institutions, Softcell is a CERT-In empaneled organization at the forefront of cybersecurity service delivery. About the Role Softcell Global Technologies Pvt. Ltd. is looking for a passionate and skilled Security Analyst with at least 2-3 years of experience in vulnerability assessment, penetration testing and code review. The ideal candidate should have a foundational understanding of cybersecurity, good hands-on skills with security tools, and hold certifications such as OSCP, CRTP, eJPT, CPENT, CEH or equivalents. The role involves supporting offensive security operations, assisting in analysis and reporting, and collaborating with senior analysts during engagements. Responsibilities Conduct in-depth penetration tests on web apps, APIs, networks, cloud, AD and OT environments. Conduct comprehensive manual reviews to identify security flaws, insecure patterns, and logical vulnerabilities SAST and DAST. Chain vulnerabilities to simulate end-to-end real-world attack scenarios and provide POCs. Act as a collaborator for VAPT projects, ensuring timely delivery and quality assurance. Interface directly with clients to present findings and suggest remediation strategies. Collaborate to manage testing schedules, reporting timelines, and workflows to ensure on-time delivery. Draft detailed vulnerability reports with actionable remediation. Qualifications Bachelors degree in Computer Science, Cybersecurity, or related field. Required Skills Minimum 2-3 years of experience in vulnerability assessment and penetration testing support. Strong grasp of OWASP Top 10, MITRE ATT&CK, and real-world threat simulation. Scripting proficiency in Python, PowerShell, or Bash. Exposure to tools like Nmap, Wireshark, Burp Suite, Metasploit, BloodHound, SonarQube, Checkmarx, etc. Excellent communication, documentation, and collaboration skills. Preferred Skills Preferred Certifications: OSCP Offensive Security Certified Professional OSWE Offensive Security Web Expert CRTP Certified Red Team Professional CRTE Certified Red Team Expert CPENT Certified Penetration Testing Professional CEH Certified Ethical Hacker eJPT, eCPTX, CBBH, PNPT or equivalent certifications in advanced adversarial simulation. Immediate Joiners Preferred. Practical Skills are a Must. Location: Delhi and Bangalore (Onsite Only). Equal Opportunity Statement We must fill this position urgently. Can you start immediately Ideal answer: Yes. Why Join Softcell Be part of a CERT-In empaneled cybersecurity team delivering critical security services. Get exposure to real-world attack simulations, internal security assessments, and VAPT projects. Learn and grow under certified red teamers and penetration testers. Access lab environments, tools, and mentoring to grow your skills. Regards HR Team Show more Show less

Are you ready to make an impact at DTCC Do you want to work on innovative projects, collaborate with a dynamic and supportive team, and receive investment in your professional development At DTCC, we are at the forefront of innovation in the financial markets. We are committed to helping our employees grow and succeed. We believe that you have the skills and drive to make a real impact. We foster a thriving internal community and are committed to creating a workplace that looks like the world that we serve. Pay And Benefits Competitive compensation, including base pay and annual incentive Comprehensive health and life insurance and well-being benefits, based on location Pension / Retirement benefits Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being. DTCC offers a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee). The Impact You Will Have In This Role Technology Risk Management (TRM) is responsible for setting strategic direction in the areas of IT Risk and Information Security. Maintains corporate security policies and control standards, acts as a second line of defense via a robust collection of risk and control assessments, reports to leadership and the Board on the status of the IT Risk and Information Security Programs, acts as an operational arm for monitoring threat intelligence, understanding when threats are being targeted against the firm, and responding to potential incidents, and serves as the main interface for Regulatory and Client reviews that focus on IT Risk and Information Security. The Application Security Assurance program implements a variety of AppSec (Application Security) technologies, controls, tools and processes to ensure delivery teams are able to adhere and align with the Secure System Development Lifecycle to protect DTCC applications from exisiting and emerging security risks & improve application risk posture. Your Primary Responsibilities Set up, customize, and maintain SAST tools (e.g., SonarQube, Fortify, Checkmarx, Veracode) to align with project-specific requirements. Perform manual and automated code reviews to identify and advise on secure coding issues. Integrate SAST tools into CI/CD pipelines (Jenkins, GitHub Actions, GitLab CI, etc.) to support shift-left security. Work with development teams to fine-tune SAST rules, reduce false positives, and ensure meaningful results. Assist developers in understanding and fixing security issues by providing actionable feedback. Implement basic security checks for Infrastructure as Code (IaC) and secrets detection in repositories. Collaborate with DevOps teams to ensure security tooling is seamlessly embedded into build and deployment workflows. Qualifications Minimum of 4 years of related experience Bachelor&aposs degree preferred or equivalent experience Talents Needed For Success Fosters a culture where honesty and transparency are expected. Stays current on changes in his/her own specialist area and seeks out learning opportunities to ensure knowledge is up-to-date. Collaborates well within and across teams. Communicates openly with team members and others. Resolves disagreements between colleagues effectively, minimizing the impact on the wider team. Actual salary is determined based on the role, location, individual experience, skills, and other considerations. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Show more Show less

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute to achieving the teams goal. Responsibilities Direct Responsibilities Strong expertise in application security concepts and activities like Source Code Review (SAST) & Dynamic application vulnerability scanning (DAST). Good understanding of Information Security concepts and strategies. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like Apisan, WebInspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Experience in Process Improvement, Controls Enhancement and Reporting. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Providing independent expert advice to the IT areas on application & data risk issues. Engaging with organization wide risk and control groups, including internal audit and territory control teams. Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulate appropriate remediation strategies based on a full understanding of business exposure and compensating controls. Contributing Responsibilities Monitoring and oversight of existing IT risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate. Managing relationships with Business and IT teams, chairing periodic meetings and being a point of contact for escalating to wider team members. Assistance with drafting of risk acceptance statements and coordinating sign-off from business and IT stakeholders. SPOC for security architecture meetings. Technical & Behavioral Competencies Excellent Interpersonal and presentation skills Strong in verbal and written communication Ability to liaise with cross-functional stakeholders globally Clear understanding of application and data security Must be flexible, independent, self-motivated Good analytical skills. Specific Qualifications (if required) CEH, SSCP, OSCP certified. Technical Graduate (Computer Science) Preferable.

As a Java Lead/Developer with 5+ years of experience, you will be responsible for developing and leading projects using Java Springboot, API development, and microservices. Your primary skills should include: - Proficiency in Java Spring Boot and Spring WebFlux for programming - Strong experience in API-Driven Development, particularly in RESTful and Microservices - Deep understanding of Data Structures and Algorithms - Hands-on experience with concurrency frameworks like Mono, Flux, and Akka - Familiarity with ORM frameworks such as Entity, Hibernate, and Dapper - Expertise in relational databases like Oracle, MS SQL, or Postgres - Good knowledge of queuing or streaming engines like Kafka - Experience in Unit Testing / TDD and working with CI/CD tools like NUnit, Junit - Proficiency with Docker, GIT, SonarQube, Checkmarx, OpenShift, and other deployment tools - Ability to use tools like Jira, GitLab, Swagger, Postman, SOAP UI, and Service Now - Basic understanding of JavaScript, HTML, and CSS If you have 5-8 years of development experience or 8+ years of lead experience in Java and possess the mentioned skills, this role could be an excellent fit for you. Join us and contribute to cutting-edge projects in a dynamic work environment.,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. We are looking for an expert in Android application development with solid foundation in enterprise and commercial applications, interested in building highly performant mobile apps with Jetpack and Kotlin. Your primary focus will be on leading a team, proposing reference architectures, creating estimates, and giving inputs to client proposals. You will also lead the development of user interface and reusable components. You will ensure that these components and the overall application are robust and easy to maintain. A commitment to collaborative problem solving, sophisticated expandable design, and quality product is important. **Responsibilities:** - Developing new user interface using Jetpack compose - Networking Libraries and integration with third-party frameworks - Building reusable components and libraries for future use - Translating designs and wireframes into high quality code - Ability to optimize the code through the use of instruments or various techniques of memory profiling - Guiding the team to follow best industry practices to deliver clean code while keeping performance in check - Fostering teamwork and leading by example - People and Stakeholder management by close interaction with clients and internal stakeholders **Experience:** - 6+ years experience in Android native application development with Jetpack compose and Kotlin - Excellent UI/UX and architecture skills - Ability to transform the design into code quickly - Experience in unit testing and ensuring the developed code passes the quality gate from Sonar - Experience in identifying code quality issues during code reviews - JSON, REST and Web Services, low energy peripheral devices integration - Experience in setting up continuous integration processes and automated unit/UI testing - Jira, git or other tools **Must have skills:** - In-depth knowledge in Kotlin and Jetpack compose - Expertise in Retrofit, Volley, RoomDB, SharedPreferences, Hilt, Dagger, Co-routines - Understanding and implementing accessibility - Ability to Perform concurrency and performance testing - Ability to organize large-scale front-end mobile application codebases using common mobile design patterns such as MVVM, MVC or Viper - Understanding and working in Snapshot testing - In-depth understanding of layouts - Understanding of interactive application development paradigms, GUI, memory management, file I/O, network & socket programming, concurrency, and multi-threading - Developing cutting-edge functional modules that will be integrated across our application - Experience in code versioning tools such as Git or SVN - Understanding and Implementation of SOLID principles in an Android Application - Staying abreast of latest Android platform features and proposing the evolution of the application to take advantage of the same - Experience with two-way data synchronization between client and server database for applications that support offline capability - Unit-testing code for robustness, including edge cases, usability, and general reliability - Continuously discovering, evaluating, and implementing new technologies to maximize development efficiency - Experience in implementing security policies - Experience in automation, CI/CD, and Unit testing frameworks - Ability to analyze crash logs and provide fixes - Ability to write code that passes multiple quality gates from Checkmarx, MobSF, Sonar, etc., - Good knowledge of fixing quality issues from Checkmarx and fixing issues from Penetration Testing **Nice to have skills:** - AWS/Azure or any cloud exposure - SSO, LDAP, OAuth, SSL integration - Experience in emerging technologies such as IoT, AI/ML, etc. - Awareness of enterprise Mobile Application Management (MAM)/Mobile Device Management (MDM) frameworks such as Microsoft Intune, Citrix Endpoint Management will be a plus - More advanced data handlers such as WebSockets and Offline mobile applications - Awareness of Enterprise mobile applications and data protection policies and methods would be a plus EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

As a Staff Application Security Engineer at Zscaler, you will be an integral part of the Product Security team. You will report to the Director of Vulnerability Management and play a vital role in conducting comprehensive static and dynamic analysis of applications to detect and address security vulnerabilities at an early stage of the development process. Your responsibilities will include implementing Software Composition Analysis (SCA) tools to manage open-source components, ensuring their security and up-to-date status. Additionally, you will be responsible for assessing and securing containerized environments and Infrastructure as Code (IAC) deployments, emphasizing the adherence to security best practices to safeguard the infrastructure against potential threats. To be successful in this role, you should possess expertise in DevSecOps, with a minimum of 4 years of hands-on experience in deploying and managing security protocols such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), or Infrastructure as Code (IaC). Proficiency in application security tools like Snyk, Semgrep, Coverity, and knowledge of dependency management tools is essential. You should have a strong understanding of secure coding practices, vulnerability management, remediation techniques, and expertise in source control and CI pipelines. Preferred qualifications include experience as a software developer or in a DevSecOps position, proficiency in programming languages like Java, Python, JavaScript, C/C++, and Golang. Extensive experience in Cloud Security is desirable, with the ability to secure cloud environments in AWS, Azure, and Google Cloud, along with knowledge of cloud-native security tools and methodologies. Joining Zscaler means becoming part of a diverse and inclusive team that values collaboration and belonging. Our comprehensive Benefits program supports employees and their families at various life stages, offering health plans, vacation and sick time off, parental leave options, retirement plans, education reimbursement, in-office perks, and more. By applying for this role, you agree to comply with applicable laws, regulations, and Zscaler policies related to security, privacy standards, and guidelines. Zscaler is committed to providing reasonable support and accommodations in recruiting processes for candidates with different abilities, long-term conditions, mental health conditions, religious beliefs, neurodiversity, or pregnancy-related support.,

DevSecOps Engineer Experience: 5 to 9 Years Budget: Up to 36 LPA Location: Hyderabad, Bangalore, Pune, Gurgaon, Chennai Notice Period: Immediate Joiners Only About the Role: Were seeking a skilled DevSecOps Engineer with a strong security mindset and hands-on experience in secure cloud deployments. This role demands practical knowledge of cloud platforms, Infrastructure as Code (IaC), CI/CD pipelines, and modern security tooling. You will be at the forefront of embedding security in every stage of the software development lifecycle. Key Skills & Responsibilities: Cloud: Experience with Azure or AWS IaC Tools: Expertise in Terraform Containerization: Working knowledge of Kubernetes CI/CD: Hands-on with any modern CI/CD tools (e.g., Jenkins, GitHub Actions, GitLab CI, etc.) Security Tools (any): WiZ, Snyk, Qualys, Mend, Checkmarx, Dependabot Secret Management: Experience with HashiCorp Vault or Akeyless DevSecOps: Strong experience in integrating security into DevOps pipelines Mandatory Requirement: Security experience is mandatory DevSecOps exposure is highly preferred

Position: Java Cloud Developer Location: Jaipur (WFO) Experience: 7+ Years Location: Jaipur , BLR , Hyderabad and Pune Quick Reach Appy directly on Form Link : https://forms.gle/2ZkjYhAcMztSnuH87 Required Parameters: 7+ years of hands-on experience in Java development and cloud-native application architecture Strong expertise in Java (8/11/17+) , with solid understanding of OOP, design patterns, and multithreading Proficiency with Spring Framework (Spring Boot, Spring MVC, Spring Cloud) and Hibernate/JPA Extensive experience with cloud platforms : AWS, Azure, or Google Cloud Platform Deep understanding of microservices architecture , API design (REST/GraphQL), and service orchestration Experience with CI/CD pipelines (Jenkins, GitLab CI/CD, GitHub Actions, or Azure DevOps) Strong exposure to Docker , Kubernetes , and containerized deployments Experience with Infrastructure as Code (Terraform, CloudFormation, or Pulumi) Familiarity with NoSQL & SQL databases : MongoDB, PostgreSQL, MySQL, DynamoDB Proficient in API integration, cloud security best practices, and modern deployment strategies Excellent troubleshooting, debugging, and performance optimization skills Key Responsibilities Cloud-Native Application Development Design and develop scalable microservices using Java (Spring Boot) deployed on AWS/Azure/GCP Build RESTful APIs and integrate third-party services to support complex business workflows Implement secure, high-performance back-end systems for web/mobile applications Cloud Engineering & Infrastructure Deploy and manage cloud resources using IaC tools like Terraform or CloudFormation Configure and monitor compute, storage, and networking services (EC2, S3, Lambda, Azure Functions, etc.) Apply cloud security best practices and ensure resiliency and high availability of applications DevOps & CI/CD Integrate code repositories with CI/CD pipelines for seamless build, test, and deploy cycles Automate unit/integration testing and container deployment using Docker and Kubernetes Monitor cloud applications using tools like Prometheus , Grafana , CloudWatch , or ELK Collaboration & Agile Delivery Collaborate with cross-functional teams including frontend, QA, DevOps, and Product Managers Participate in sprint planning, code reviews, and architectural discussions Write clean, maintainable, and well-documented code following industry best practices Monitoring & Optimization Implement logging, alerting, and application performance monitoring Continuously optimize existing services for cost, performance, and reliability Conduct root cause analysis and troubleshoot production issues with minimal downtime Nice to Have / Bonus Skills Experience with Serverless Architectures (AWS Lambda, Azure Functions) Exposure to message brokers (Kafka, RabbitMQ, SQS) Knowledge of OAuth2.0, JWT , and Spring Security Familiarity with GraphQL APIs Understanding of event-driven architecture and CQRS patterns Website : www.medhansolutions.com, HR Consulting Quick Reach Appy directly on Form Link : https://forms.gle/2ZkjYhAcMztSnuH87

Job Responsibilities • Support asset development, process establishment. • Conducting application security assessments (web, mobile, web service, Infra etc.). These assessments involve manual testing andanalysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and/or code review tools such as HCL AppScan/HP Fortify or CMx. We expect candidate to have experience doing similar assessments, candidate can be trained on any proprietary assessment methodology. • Reporting/Dashboarding/Retesting and participation in conference calls with clients to review assessment results and consult with the clients on remediation options. • Participating/Driving conference calls with potential clients to scope out newly requested security projects and estimate effort and resource requirement to complete the project etc. Skills Required Mandatory: • 7+ years of strong Application Security experience in S-SDLC Threat Modeling, Code Review, Vulnerability Assessment, Penetration Testing. Web Service/API security testing, Firmware Assessment. • Expert in Application Security process establishment. • Through exposure on DevSecOps implementation/integration. • Deep hands on experience into Mobile application Security Android/iOS - reverse engineering/memory analysis etc. • Security tool experience - • HCL AppScan/CheckMarx/Veracode/Fortify /BurpSuite/Nmap/Nessus/Metasploit • Good exposure on penetration testing. Good to have one of the given certifications - OSCP/GPEN/GWAPT/CSSLP etc. • Independent global client handling AppSec delivery exposure. >=2years. • Moderate exposure on AppSec technical solutioning, estimation and RFP/RFI response, Client presentation. • Excellent interpersonal skill.

Support asset development, process establishment. Conducting application security assessments (web, mobile, web service, Infra etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and/or code review tools such as HCL AppScan/HP Fortify or CMx. We expect candidate to have experience doing similar assessments, candidate can be trained on any proprietary assessment methodology. Mandatory: 5+ years of strong Application Security experience in S-SDLC Code Review, Vulnerability Assessment, Penetration Testing. Web Service/API security testing Hands on experience into Mobile application Security Android/iOS - reverse engineering/memory analysis etc. Security tool experience - HCLAppScan/CheckMarx/Fortify/Veracode/Burp Suite Good exposure on penetration testing. Good to have one of the given certifications - OSCP/GPEN/GWAPT/CSSLP etc. Independent global client handling AppSec delivery exposure. >=2 years. Excellent interpersonal skill.

Acclivis Technologies is a high-end services company managed by technically qualified professionals with a collective experience of more than 200 man-years in product engineering services, providing custom solutions to meet client requirements. We are currently looking for talented and enthusiastic team members who have a passion for technology and creativity to join us. As a Senior Architect for Android Automotive (AAOS) with 8+ years of experience (strong AAOS experience preferred), you will be responsible for architecting and designing scalable Android Automotive applications and platform components. Your key responsibilities will include driving technical decisions on app structure, performance, and security, leading design discussions, code reviews, and solution evaluations, as well as collaborating with cross-functional teams including product owners, testers, UI/UX designers, and OEM clients. You will also guide development teams on best practices, coding standards, and platform architecture, debug complex issues across system layers, and contribute to CI/CD and automation pipelines. Additionally, you will integrate new technologies like Jetpack Compose, Automotive SDKs, and OEM APIs, while ensuring compliance with standards such as CTS, VTS, and ATS. To excel in this role, you must possess expertise in Android development, be proficient in Kotlin and Java with excellent knowledge of Android app architecture, and have hands-on experience with Android Studio, ADB, Gradle, SDK/AVD Manager, Git, and debugging tools. A deep understanding of Jetpack libraries, Material Design, Android Managers, and AAOS APIs, as well as strong UI/UX design skills for scalable, responsive apps supporting RTL and multiple screen sizes, are essential. Your architectural and system-level thinking skills will be put to the test as you leverage your experience with Clean Architecture, MVVM, MVI, or similar patterns, in-depth knowledge of Android lifecycle, system services, and custom embedded environments, and expertise in handling system-level issues, certification compliance (CTS/VTS), and custom ROM setups. Furthermore, advanced technical proficiency in RxJava, Kotlin Coroutines, and Flows for concurrency, secure coding practices with tools like SonarQube, Checkmarx, testing experience including TDD, unit testing, and compliance verification, and performance tuning using tools like ADB Profiler, Trace, Perfetto, will be required for this role. In addition to your technical skills, you will need to demonstrate strong leadership and communication abilities, including mentoring, team guidance, and review process ownership, the ability to evaluate multiple technical paths and recommend best-fit solutions, and fluency in English with clear communication in cross-cultural teams. If you are ready to take on this challenging and rewarding opportunity, we invite you to apply and become a valuable part of our dynamic team at Acclivis Technologies.,

Roles & responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Experience in one or more of the following is a plus: mobile application testing, Web application pen testing, application architecture, and business logic analysis. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in the development of web applications and/or APIs. should be able to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred: GWAPT, CREST, OSCP, OSWE, OSWA

The Digital Software Engineer Senior Analyst role involves developing digital applications for digital channels such as Mobile and Internet banking using the latest cloud native technologies and frameworks. As a full stack Developer, you will focus on the Investment domain, ensuring the compatibility of applications with internet and mobile touch points. Your responsibilities will include working on various phases of the SDLC lifecycle, including Design, development, Unit Testing, and Performance testing. Additionally, you will collaborate with business users and Business analysts to comprehend requirements and translate them into business logic. You will be accountable for writing code on one or more development platforms to deliver features, with guidance from senior engineers. Your role will also encompass applications systems analysis, programming activities, feasibility studies, time and cost estimates, and implementation of new or revised applications systems and programs. Moreover, you are expected to develop secure, stable, testable, and maintainable code for Omni-channel Web applications and micro services following Agile SDLC. Furthermore, you will need to understand Customer Journeys and high-level solution design to scope out necessary changes and create technical specifications for Application modules. Participation in daily stand-up calls, execution of work in-line with agile practices, writing unit-test cases, and ensuring adherence to CICD pipeline criterion to meet quality gates are part of your responsibilities. You will also onboard components on source code repositories, conduct application sanity and validation, and provide support for QA, performance, and VA testing. Your role will involve optimizing the performance, quality, and responsiveness of Web/Micro services, as well as providing support for the running production environment and adhering to internal safe coding practices. Additionally, you are expected to actively participate in the training process to enhance your skills and knowledge of software & Citi applications. Your qualifications should include a minimum of 8 years in a product development/product management environment, strong analytical and quantitative skills, experience in an agile methodology, and familiarity with front end development languages and frameworks. The ideal candidate should also have experience in the Investment domain, knowledge of OWASP top 10 security vulnerabilities, experience with CI/CD processes, and familiarity with various development and testing tools. Excellent written and oral communication skills are essential for this role. A Bachelors/University degree or equivalent experience is required for this position. If you are a person with a disability and require a reasonable accommodation to use the search tools or apply for a career opportunity, please review Accessibility at Citi. You can also refer to Citi's EEO Policy Statement and the Know Your Rights poster for further information.,

As a Senior Software Engineer specializing in Mobile Apps Testing, you will play a crucial role in ensuring that our products maintain the high standards expected by our customers. Your responsibilities will involve enhancing existing functionalities, updating outdated features, and contributing to the development of cutting-edge solutions for mobile platforms. Are you ready to be part of a dynamic team that is dedicated to innovation and excellence With 5 to 8 years of experience in automation testing, you will collaborate with a skilled group of developers and test engineers to create high-performance mobile applications for iOS and Android devices. Your main focus will be on delivering Quality Engineering services, including code quality, testing services, mobile test automation, development collaboration, and continuous integration. Additionally, you will be expected to have a deep understanding of BDD/TDD practices, code review techniques, and open source agile testing frameworks. Your role will involve authoring automated test suites for mobile apps and APIs, conducting ad hoc and exploratory testing to ensure system functionality, and interpreting user stories to align testing tasks with various levels of testing. You will actively participate in enhancing quality assurance best practices and engage with different technology teams to define project scopes and deliver services effectively. To excel in this position, you must possess a keen eye for detail and a strong Java coding background for mobile test automation. Experience with Android and iOS mobile automation frameworks such as APPIUM, Cucumber, Jbehave, Xcode, and TestNG is essential. Proficiency in STLC and SDLC, along with expertise in testing web services and APIs, will be valuable assets. Your ability to create effective acceptance and integration test automation scripts, integrate with continuous integration tools like Jenkins, and uphold coding best practices will be critical to your success. Candidates with a passion for code quality, familiarity with Linux/Unix environments, and knowledge of Java, Spring, Junit/TestNG, Eclipse/Intellij IDE, Rest Assured, Jbehave/Cucumber frameworks, databases, APIs, and continuous delivery concepts will thrive in this role. Strong communication skills, a proactive approach to problem-solving, and the ability to work well under pressure are also key attributes we are seeking. Experience with Groovy or Spock framework would be advantageous. In addition to your technical responsibilities, you will be entrusted with upholding corporate security standards by adhering to Mastercard's security policies, safeguarding information integrity, promptly reporting security concerns, and completing mandatory security training sessions as per guidelines. If you are ready to embark on a challenging yet rewarding journey in mobile apps testing, we invite you to join our team and contribute to driving innovation in a world beyond cash.,

We are searching for an experienced VAPT professional to join our cybersecurity team. You should possess a solid background in recognizing, evaluating, and mitigating security vulnerabilities in network and application environments through thorough penetration testing and vulnerability assessments. ProTechmanize Solutions, an Information Technology product and services company, founded by professionals with over 20 years of collective experience in Cyber Security, Information Technology, IT Security & Software Development, is where you will be working. The ProTechmanize team is dedicated to offering the right solutions and services to customers through customized programs. Your responsibilities will include conducting regular vulnerability assessments of network infrastructure, applications, and systems, performing detailed penetration tests to simulate cyberattacks and identify vulnerabilities, preparing comprehensive reports of findings with recommended remediation actions, collaborating with IT and development teams to address vulnerabilities, utilizing security tools like Nessus, Metasploit, and Burp Suite, providing expert advice on security posture improvement, and staying updated on security trends and technologies. To be a suitable candidate, you must have a Bachelor's degree in Computer Science, Information Security, or a related field, along with 1.5+ to 4 years of hands-on experience in vulnerability assessment and penetration testing. Proficiency in domains such as Application security OWASP, API security testing, Network security & Mobile app security, exposure to Secure Code Review using Checkmarx or HP Fortify, and a strong understanding of common attack vectors, vulnerability exploitation techniques, and security testing methodologies are essential. In addition to technical skills, soft skills such as excellent analytical and problem-solving abilities, strong verbal and written communication skills, and the capacity to work collaboratively with cross-functional teams in a fast-paced environment are vital for this role. Please note that only candidates with the required experience should apply for this position, as it necessitates hands-on experience in VAPT.,

o Experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux Perform automated testing of running applications and static code (SAST, DAST).

As a Web Application Security Tester at Lennox, you will be responsible for performing Dynamic Application Security Testing (DAST) on APIs and web applications using both manual and automated methods. Your role will involve analyzing DAST scan results, identifying and prioritizing vulnerabilities based on risk, and participating in triage sessions with application teams to explain and document vulnerabilities. You will also conduct deep API security testing to uncover issues like BOLA, logic flaws, and abuse scenarios, as well as perform red teaming, adversary emulation, and use offensive security tools as needed. In addition to DAST, you may also be required to conduct Static Application Security Testing (SAST) and understand the differences between the two. Utilizing and maintaining various security tools such as Burp Suite, NetSparker, Checkmarx, Veracode, and Fortify will be part of your responsibilities. Collaboration with developers, DevOps, and security teams to address identified vulnerabilities and effectively communicating security findings to both technical and non-technical audiences are crucial aspects of the role. Your qualifications for this position include a minimum of 5-7 years of experience in Web Application Security Testing, including DAST, SAST, and API Security. You should have a strong knowledge of API security principles and common vulnerabilities, along with proficiency in Kali Linux penetration testing tools and a working knowledge of HTML and JavaScript. Additional expertise in front-end and back-end technologies is advantageous, as well as exposure to common web vulnerabilities and bug bounty programs. Experience in security testing of mobile apps and IoT applications, familiarity with DAST and SAST tools, strong analytical and problem-solving skills, and excellent written and verbal communication abilities are essential for success in this role. Possessing security certifications focused on web application security, such as Offensive Security, SANS, CREST, etc., will be considered a strong plus. Join Lennox and contribute to improving security testing processes and strategies while growing your career in a supportive and innovative environment.,

As a Software Engineer II - Java Backend at Mastercard, you will be responsible for driving development in Java 8 and above using Object Oriented SOLID principles and patterns to create reusable and scalable microservices. You will leverage technologies such as Spring Boot Framework, Cloud Native Technologies, and Event Driven Architecture to build mission-critical software capabilities. Your role will involve implementing different application patterns to support various business processes, ensuring alignment with enterprise architecture and delivering high-quality services into test and production environments. Your responsibilities will include writing Junit test cases, utilizing tools like Maven/Ant/Gradle and GIT, and applying best development practices to produce well-designed, maintainable, testable, scalable, and secure code. You will implement standard branching and peer review practices, while also using tools like Sonar and Checkmarx to scan and measure code quality. Building test code at unit, service, and integration levels will be essential to ensure code and functional coverage. Additionally, you will develop and implement business requirements in accordance with defined quality and coding standards, agreed design, and architecture. To be successful in this role, you should have 3-5 years of career experience in Java Development, with expertise in Core Java, J2EE, Spring Boot, and Spring Batch. Experience in Web Services, Microservices, and APIs is crucial, and familiarity with Event Driven Architecture and Cloud Native technologies is advantageous. Knowledge of Middle-tier and Backend development is desirable, along with experience in Wrappers and Angular. Effective communication skills, strong expertise in application development, and an understanding of working with Cloud platforms, performance, and scalability are important. You should also be familiar with secure coding standards, advanced design patterns, and standard branching and peer review practices. If you are a proactive Software Engineer with a passion for Java Development and a strong foundation in Object Oriented SOLID principles, this role offers an exciting opportunity to contribute to the development of innovative solutions at Mastercard.,

Integrate and optimize security controls within CI/CD pipelines. Work with tools like SAST, DAST, SCA, container scanning, and secrets detection. Partner with developers, architects, and QA to embed security early in the SDLC. Reduce turnaround time and offload senior architects by handling routine and mid-complexity requests. Track request volumes, turnaround times, and quality metrics to drive continuous improvement. Hands-on experience with security tools (e.g., SonarQube, Checkmarx, Fortify, Aqua, Trivy). Familiarity with container security, IaC scanning, and SBOM generation. Scripting skills (Python, Bash, or similar) for automation. Excellent communication and documentation skills. Knowledge of CNAPP, secure design patterns, and cloud-native security. Certifications such as CSSLP, GCSA, or equivalent are a plus.

Type: Contract We are hiring a DevOps Engineer with expertise in GitHub Enterprise, GitHub Actions, and CI/CD automation. This is a contract role for one of our top clients in Bengaluru. Key Responsibilities Administer on-prem GitHub Enterprise environments. Migrate repositories from other platforms to GitHub. Manage users, accounts, and roles at the organization level. Design and maintain CI/CD workflows using GitHub Actions. Integrate with tools like JFrog Artifactory, CheckMarx, BlackDuck, SonarQube, etc. Develop reusable and modular workflows. Work with Docker and Kubernetes for containerization and orchestration. Required Skills 4-7 years of experience in DevOps engineering. Hands-on experience with GitHub Enterprise (on-prem). Strong grasp of GitOps practices and version control. Proficiency in CI/CD automation using GitHub Actions. Solid scripting skills: Bash, Python, PowerShell preferred. Familiarity with security and compliance standards. Practical experience in Docker and Kubernetes environments. Please share your updated resume with the following details: Current CTC: Expected CTC: Notice Period: Current Location: Email to: navaneetha@suzva.com

You will be responsible for conducting application security reviews for Web, Mobile (Android and iOS), and API technologies. Your role will involve assessing and identifying potential vulnerabilities in the technology being developed before implementation. You should have expertise in application security testing methodologies such as SAST, DAST, and MAST, with experience in web application, API security, and mobile application security testing according to industry standards like OWASP top 10, SANS top 25, etc. It would be beneficial to have knowledge of programming and scripting languages such as Java, JavaScript, Angular, Spring Boot, Kotlin, and Swift. Familiarity with tools like Burp Suite, Postman, SoapUI, Checkmarx, Netsparker, Nexus IQ, Kryptowire for security testing and analyzing scanned reports is essential. Moreover, a strong understanding of application security tooling and experience in driving automation within the delivery environment is required. You must hold industry-recognized Information Security and Cyber Security qualifications such as CISSP, CISA, OSCP, GIAC GPEN, GIAC GMOB. A deep understanding of security industry trends, major vulnerabilities, and security threat landscape is crucial. Knowledge of Zero Trust security principles and practical implementations is necessary. While a degree is desirable, it is not mandatory. Experience in supporting major programs, security architecture, creating security designs, and displaying positive leadership behaviors related to risk management and mitigation is expected. Proficiency in collaboration tools like SharePoint, Teams, Confluence, and JIRA is advantageous. Hands-on experience in working with DevOps and Agile teams to incorporate security in the software development lifecycle is a key requirement. Additionally, experience in application risk assessment, threat modeling, and working closely with delivery teams for security risk remediation is important. About the Company: Purview is a leading Digital Cloud & Data Engineering company with headquarters in Edinburgh, United Kingdom and a presence in 14 countries including India, Poland, Germany, USA, UAE, Singapore, Australia, among others. The company provides services to Captive Clients and top-tier IT organizations, delivering solutions and resources to clients worldwide. Company Information: Purview Services 3rd Floor, Sonthalia Mind Space Near Westin Hotel, Gafoor Nagar, Hitechcity, Hyderabad Phone: +91 40 48549120 / +91 8790177967 Gyleview House, 3 Redheughs Rigg South Gyle, Edinburgh, EH12 9DQ Phone: +44 7590230910 Email: careers@purviewservices.com Login to Apply!,

KPMG entities in India are professional services firm(s) affiliated with KPMG International Limited, established in August 1993. Our professionals leverage the global network of firms, understanding local laws, regulations, markets, and competition. With offices across India, in cities like Ahmedabad, Bengaluru, Mumbai, and more, we offer services to national and international clients across various sectors. Our focus is on delivering rapid, performance-based, industry-focused, and technology-enabled services, showcasing our understanding of global and local industries and the Indian business environment. As a Security Code Reviewer at KPMG in India, your primary responsibilities will include performing manual security code reviews for common programming languages such as Java and .NET. You will also be tasked with conducting automated testing of running applications and static code using tools like SAST and DAST. Additionally, you will be required to perform manual application penetration tests on various platforms like web applications, internal applications, APIs, and networks to identify and exploit vulnerabilities. The ideal candidate should have at least 6 months of formal programming experience in Java or C#, and possess 4 to 8 years of overall experience in the field. It would be advantageous to have one or more major ethical hacking certifications such as GWAPT, CREST, OSCP, OSWE, or OSWA. Providing technical leadership and guidance to team members, communicating effectively with both technical and non-technical audiences, and collaborating with Cyber teams to develop new testing techniques are also key aspects of this role. Moreover, having a minimum of three years of recent experience working with security testing tools like AppScan, NetsSparker, Acunetix, Checkmarx, BurpSuite, and others will be beneficial. This position offers equal employment opportunities and encourages individuals with a passion for cybersecurity to apply and contribute to our dynamic team at KPMG in India.,

Role Overview The ideal candidate will be responsible for overseeing **Static Application Security Testing (SAST)** and **Software Composition Analysis (SCA)** processes, strong secure coder, ensuring secure coding practices, and managing security risks within the software development lifecycle (SDLC). This role requires close collaboration with development, DevSecOps, and risk management teams to identify and remediate vulnerabilities effectively. Key Responsibilities 1. SAST & SCA Strategy and Implementation Define, implement, and manage **SAST & SCA frameworks** to secure the banks applications. Lead the integration of security tools (e.g., Fortify, Checkmarx, SonarQube, Veracode, Snyk, Black Duck) into CI/CD pipelines. Continuously evaluate and enhance scanning methodologies to improve detection and remediation of vulnerabilities. 2. Vulnerability Management & Risk Mitigation Oversee the assessment, triage, and remediation of vulnerabilities identified through SAST & SCA scans. Establish risk-based prioritization for vulnerabilities, collaborating with development teams for timely fixes. Ensure compliance with industry standards (OWASP, NIST, ISO 27001, PCI-DSS) and internal security policies. 3. Collaboration & Stakeholder Management Work closely with development, DevOps, and security teams to promote secure coding practices Collaborate with third-party vendors for security tool management and support Present vulnerability trends, remediation progress, and risk insights to senior leadership and risk committees. 4. Governance, Training & Awareness Develop and enhance secure coding guidelines and best practices for development teams. Conduct security awareness sessions and training for developers on SAST/SCA findings and secure coding practices. Define and track key security metrics (KPIs/KRIs) to measure the effectiveness of the SAST & SCA programs. Qualifications & Experience 8-10 years (SM) and 12-15 years (AVP) of experience in Application Security**, with a strong focus on SAST and SCA. Deep understanding of secure SDLC, DevSecOps, and CI/CD integration. Hands-on experience with **SAST & SCA tools** (Fortify, Veracode, Checkmarx, Snyk, Black Duck, SonarQube, etc.) Strong knowledge of **secure coding practices**, vulnerability remediation, and risk management Comprehensive Experience with **programming languages** (Java, .NET, Python, JavaScript) and their security implications Able to write secure code Experience in **regulatory compliance** frameworks (OWASP Top 10, NIST, ISO 27001, PCI-DSS, RBI Guidelines) Strong leadership and stakeholder management skills Certifications preferred:** CISSP, OSWE, OSCP, CSSLP or any relevant security certification