87 Checkmarx Jobs - Page 4

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

About this role: Wells Fargo is seeking a Lead Software Engineer within CT Cloud Engineering team In this role, you will: Migrate applications from TAS (formerly PCF) to OpenShift Container Platform. Contribute towards containerizing an application, by following the standard development practices. Leverage DevOps tools to migrate applications on OpenShift Container Platform. Integrate application with other middleware, monitoring, logging products to ensure smooth operations. Follow SDLC best practices, troubleshoot migration issues & be vocal as a Consultant for application teams to ease the migration journey. Collaborate and consult with key technical experts, senior technology team, and external industry groups to resolve complex technical issues and achieve goals. Working in a globally distributed team to provide innovative and robust Cloud centric solutions. Closely working with Product Team and Vendors to develop and deploy Cloud services to meet customer expectations. Required Qualifications: 5+ years of Software Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications: Overall 5+ years of experience, 2+ years working with OCP (OpenShift Container Platform). Must have 5+ years of hands-on experience on Java .Net (C# or other) language. Must have 5+ years of exposure and knowledge on different DevOps tools - GitHub, Jenkins, Harness, Blackduck, Checkmarx. Must have exposure and knowledge on infrastructure skills on maintaining the Kubernetes clusters, workloads, services. In depth, practical experience with Cloud methodologies (IaaS, PaaS, SaaS), microservices, orchestration etc... Job Expectations: Proficient and have a thorough understanding of various Cloud service offerings Well versed with Agile methodologies, product operating model and experience working in/for big enterprises

Position 1: Consultant - MAST Vanguard Requirements: Mandatory technical & functional skills •Strong knowledge on manual secure code review against common programming languages (Java, C#) •Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. •Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs •Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. •Preferred one year of experience in development of web applications and/or APIs. •should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. •One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following a plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

*ONLY IMMEDIATE JOINERS PREFERRED* Job Title: Consultant - MAST Vanguard Experience: 4-7 Years Location: Bangalore (WFO 5 days) Work timings 12PM to 9PM Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages ( Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and leading remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA

Job Title: Security Engineer Location: Chennai (5 Days Onsite) Employment Type: Contract Role Overview We are seeking a skilled and detail-oriented Security Engineer to join our team in Chennai on a contract basis. The ideal candidate will have hands-on experience in application security testing, static code analysis, and vulnerability assessments for web and mobile applications. Key Responsibilities Perform Application Security Testing using tools such as Burp Suite, ZAP , and Postman . Conduct OWASP Top 10 assessments and ensure adherence to secure coding practices. Implement and manage Static Application Security Testing (SAST) using tools like SonarQube, Fortify, Checkmarx , and Semgrep . Execute Vulnerability Assessment and Penetration Testing (VAPT) for web and mobile applications. Collaborate with development and DevOps teams to identify and remediate security vulnerabilities. Provide detailed reports and recommendations for security improvements. Required Skills Strong experience in OWASP-based security testing . Proficiency with Burp Suite, ZAP , and API testing tools like Postman . Hands-on experience with SAST tools : SonarQube, Fortify, Checkmarx, Semgrep . Experience in VAPT for web and mobile applications . Good understanding of secure software development lifecycle (SSDLC).

Seeking a skilled OSS Lead with strong DevOps expertise. Must have hands-on experience in build tools, package managers, scanning tools, GitHub Actions, and BASH scripting. Public cloud exposure is a plus. Required Candidate profile 6+ yrs of exp in DevOps Strong expertise in Build tools and Package Manager Exp-Scanning tools like CheckMarx and SCA 4+ yr exp-GitHub Actions BASH scripting Public cloud exposure is good to have

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

Key Responsibilities Support vulnerability[Support][Done] assessments using SAST, DAST, and SCA tools. Collaborate with DevOps , Vulnerability Management, IBM teams [Add vulnerability management team, IBM and third-party PenTest service provider][Done]to ensure security is integrated into CI/CD pipelines. Manage the vulnerability management lifecycle, including triage, tracking, and remediation. Provide remediation guidance and recommendations [Have a think about this.][Rephrased.]to developers on vulnerabilities. Maintain and evolve secure SDLC practices and documentation. Deliver security awareness and secure coding training sessions. Demonstrate a willingness to learn, research, and innovate to improve the overall AppSec posture. Threat Modeling tool administration[Re-visit.][Rephrased]. 3. Technical Skills and Experience Required Experience with the following tools: - DAST: Qualys, Rapid7 - SAST: CodeQL, Checkmarx, Fortify, SonarQube - SCA: Dependabot, JFrog Xray - API Security: Understanding of API security principles and tools like Postman, OWASP 47 years of hands-on experience in application security or secure software development. Strong understanding of OWASP Top 10, CWE/SANS Top 25, and secure SDLC. Understanding of vulnerability management lifecycle and remediation workflows. Understanding of threat modeling concepts. [This should be at the top of our requirement.][Done]API Security Top 10, or API gateways with security features. Familiarity with penetration testing tools (e.g., Burp Suite, Metasploit, Nmap). Proficiency in at least one programming language (e.g., Java, Python, JavaScript, C#). Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI, Azure DevOps). Exposure to cloud security (AWS, Azure, or GCP) is a plus. 4. Soft Skills Required Strong analytical and problem-solving skills. Excellent verbal and written communication. Ability to work independently and collaboratively in cross-functional teams. Strong documentation and reporting capabilities. Proactive, detail-oriented, and eager to learn. 5. Good to Have Skills Working knowledge of DevSecOps practices and tools. Experience with container security (Docker, Kubernetes). Certifications such as CEH or equivalent. Familiarity with threat modeling tools (e.g., Microsoft Threat Modeling Tool, IriusRisk). Experience in Agile/Scrum environments.

Proficient with Peoplesoft Architecture, Financials and HRMS Peoplesoft-AR - Design, enhancement , Development and maintenance experience • Developed skills with network maintenance, performance tuning and related knowledgE