7 Csrf Jobs

Your Role and Responsibilities Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design. Key responsibilities Plan the penetration test Select, design and create appropriate tools for testing Perform the penetration test on computer systems, networks, web-based and mobile applications Document your methodologies, findings Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs. Review your findings and feedback to development teams Analyse the outcomes and make recommendations for security improvements Carry out application, network, systems and infrastructure penetration tests Review physical security and perform social engineering tests where appropriate Evaluate and select from a range of penetration testing tools Keep up to date with latest testing and ethical hacking methods Deploy the testing methodology and collect data Report on findings to a range of stakeholders Make suggestions for security improvements Enhance existing methodology material Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Experience – 2 to 5 years in Cybersecurity Web Application Testing Basic understanding of HTTP Protocol HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc. Basic understanding of HTML/JavaScript Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities Automated Testing Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.) Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan. Assessment of scanner results and intelligently identifying false positives from the scan results. Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender. Manual Testing: Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing. Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities. Preferred technical and professional experience Preferred Professional and Technical Expertise Webservice Testing SOAP/REST APIs testing. Configuring cURL commands and POSTMAN tool to capture the request in automated scanner. Network Testing Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc. Basic understanding of network devices like router, switches, firewall/IDS/IPS etc.. Network scanning tools such as Nessus, Nmap, Metasploit etc. Exploitation and Post Exploitation of network vulnerabilities. Threat Model and Source code security scanning Perform/Participate in threat model creation/design or review Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools. Security Certifications Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc

We are seeking a QA Test Engineer (Automation) who Conduct UIUX testing, vulnerability assessments, security testing on web applications & APIs.Develop and maintain automated test scripts using tools such as Cypress,Playwright, Selenium, or similar.

Role & responsibilities Be open to adopting new technologies and approaches on projects as they evolve, especially those relating to GenAI advancements. Stay at the forefront of the industry by staying abreast of the latest GenAI advancements and leveraging cutting-edge developments to fulfill migration projects. Participates as a software developer on small Agile teams, delivering software-based solutions for migrating and modernizing customer legacy applications to MongoDB. Follow existing best practice migration playbooks where applicable and be prepared to innovate to fill in gaps with creative solutions to solve challenges on each specific project. Actively participate in sprint grooming, planning, and showcases with ideas and suggestions. Take direction from the technical lead and project manager on projects, raising identified challenges and potential solutions to the team when applicable. Study the current state of each legacy application and the desired target state outlined by the customer and contribute to the planning, design, and solution from getting from source state to target state on each project. Be prepared to change project direction if customer or account team priorities change. Preferred candidate profile 8+ years of experience working as a software developer. Strong proficiency in Java. Experience building Enterprise grade application Java and Microservices (J2EE / JavaEE / Spring/ Spring boot). History of delivering high-cadence modern applications with applied Agile methodologies, test-first development approaches, adopting CI/CD pipelines and using Git version control. Strong experience in building applications that interact with relational databases using SQL,PL/SQL. Experience in Java security (JWT, CSRF, Method based security, RBAC).

BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing. A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. Roles and Responsibilities: Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. Provide expert guidance on application security best practices. Research and develop new penetration testing methodologies, tools, and techniques. Qualifications & Skills: 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. Penetration testing experience is essential; prior participation in bug bounty programs is a plus. Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. Ability to think creatively and analytically to identify and exploit vulnerabilities. Strong problem-solving skills when encountering unexpected challenges during testing. Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. Meticulous attention to detail in documenting findings and creating reports. Effective time management skills to meet project deadlines and testing schedules. High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. Preferred Skills: Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks.

Summary We are looking for a skilled Front End Developer to join our team and contribute to developing web applications for our clients. The ideal candidate will have experience in front-end development, strong problem-solving abilities, and excellent communication skills. Key Responsibilities Design, develop, and maintain high-performance front-end applications using React and Angular. Collaborate with UX/UI designers, backend engineers, and product managers to deliver seamless user experiences. Optimize application performance, ensuring scalability, security, and cross-browser compatibility. Lead code reviews, mentor junior developers, and promote best practices in front-end architecture. Troubleshoot complex technical issues and implement effective solutions. Stay up to date with emerging trends in front-end development (e.g., Next.js, state management libraries, Ant Design). Skills Proficiency with the Ant Design (antd) component library and optimization practices (e.g., tree shaking). Knowledge of state management libraries (Redux, NgRx) and component libraries (Material-UI, Ant Design). Experience with cloud platforms (AWS, Azure) and serverless architectures is a plus Understanding of cybersecurity principles for front-end security (e.g., XSS, CSRF mitigation). Familiarity with Agile/Scrum methodologies. Qualifications 3-5 years of professional front-end development experience, focusing on React and/or Angular. Proficiency in TypeScript, HTML5, CSS3, and modern CSS frameworks (e.g., Tailwind, Sass). Strong understanding of RESTful APIs, GraphQL, and integration with backend services. Experience with version control systems (Git) and CI/CD pipelines. Familiarity with build tools (Webpack, Babel) and package managers (npm/yarn). Excellent problem-solving skills and attention to detail. Strong communication skills for collaboration with cross-functional teams.

Role Overview : The Application Security Senior Engineer will play a crucial role in safeguarding our applications and digital assets against security threats. With a primary focus on Vulnerability Assessment and Penetration Testing (VAPT), the role involves identifying, assessing, and mitigating security vulnerabilities across our application portfolio. This position requires a proactive mindset, strong technical skills, and the ability to collaborate effectively with cross-functional teams and support the security projects. Key Responsibilities : 1. Vulnerability Assessment and Penetration Testing (VAPT): - Conduct comprehensive security assessments of applications using industry-standard tools and techniques.- Perform manual testing and automated scans to identify vulnerabilities such as OWASP Top 10, SQL injection, XSS, CSRF, etc.- Analyze and interpret assessment findings, providing clear and actionable recommendations to development teams.- Support the security gating process with timely security assessment and reporting.- Provide guidance and assistance on secure software development life cycle.- Track identified vulnerabilities through to resolution, collaborating closely with development teams to ensure timely mitigation.- Provide detailed vulnerability reports and metrics to stakeholders, including risk assessments and remediation progress. 2. Support for Security Projects: - Actively participate in security projects and initiatives, providing expertise and guidance on application security best practices.- Perform Security Architecture review for existing and new security projects and guide on security best practices.- Collaborate with architects and developers to integrate security into the SDLC (Secure Development Life Cycle) and CI/CD pipelines. 3. Incident Response and Support: - Assist in incident response activities related to application security incidents.- Contribute to root cause analysis and lessons learned sessions to improve incident handling and prevention strategies. 4. Security Awareness and Training: - Develop and deliver training sessions on secure coding practices and application security awareness.- Promote a culture of security within the organization, advocating for continuous improvement and adherence to security policies. Requirements: Bachelors degree in Computer Science/Information Technology, or a related field. Minimum of 5 years of experience in application security, with a focus on VAPT and secure development practices. Proven experience with security assessment tools such as Burp Suite, Qualys, Nessus, etc. Strong understanding of web application architecture, including front-end, back-end, and APIs. Solid knowledge of OWASP guidelines and best practices for secure coding. Certifications such as CISSP, CEH, OSCP, or similar are preferred. Excellent communication skills with the ability to articulate technical concepts to non-technical stakeholders. Strong analytical and problem-solving skills, with attention to detail. Why join us? Impactful Work: Play a pivotal role in safeguarding Tanla's assets, data, and reputation in the industry. Tremendous Growth Opportunities: Be part of a rapidly growing company in the telecom and CPaaS space, with opportunities for professional development. Innovative Environment: Work alongside a world-class team in a challenging and fun environment, where innovation is celebrated. Tanla is an equal opportunity employer. We champion diversity and are committed to creating an inclusive environment for all employees. www.tanla.com

Conduct security testing, including vulnerability assessments and penetration testing, on web applications, mobile applications, APIs, and infrastructure. Identify, exploit, and document security vulnerabilities and weaknesses in the systems. Required Candidate profile Experience: 2-3 years of hands-on experience in security testing, vulnerability assessment, and penetration testing. Relevant security certifications such as CEH , OSCP , or similar are mandatory.