161 Dast Jobs - Page 5

Static Code analysis Static/dynamic testing of mobile applications Vulnerability Assessment Penetration Testing. SAST Penetration testing Vulnerability Assessment

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps.

Senior Data Engineer - Enterprise Data Platform Get to know Data Engineering Okta s Business Operations team is on a mission to accelerate Okta s scale and growth. We bring world-class business acumen and technology expertise to every interaction. We also drive cross-functional collaboration and are focused on delivering measurable business outcomes. Business Operations strives to deliver amazing technology experiences for our employees, and ensure that our offices have all the technology that is needed for the future of work. The Data Engineering team is focused on building platforms and capabilities that are utilized across the organization by sales, marketing, engineering, finance, product, and operations. The ideal candidate will have a strong engineering background with the ability to tie engineering initiatives to business impact. You will be part of a team doing detailed technical designs, development, and implementation of applications using cutting-edge technology stacks. The Senior Data Engineer Opportunity A Senior Data Engineer is responsible for designing, building, and maintaining scalable solutions. This role involves collaborating with data engineers, analysts, scientists and other engineers to ensure data availability, integrity, and security. The ideal candidate will have a strong background in cloud platforms, data warehousing, infrastructure as code, and continuous integration/continuous deployment (CI/CD) practices. What you ll be doing: Design, develop, and maintain scalable data platforms using AWS, Snowflake, dbt, and Databricks. Use Terraform to manage infrastructure as code, ensuring consistent and reproducible environments. Develop and maintain CI/CD pipelines for data platform applications using GitHub and GitLab. Troubleshoot and resolve issues related to data infrastructure and workflows. Containerize applications and services using Docker to ensure portability and scalability. Conduct vulnerability scans and apply necessary patches to ensure the security and integrity of the data platform. Work with data engineers to design and implement Secure Development Lifecycle practices and security tooling (DAST, SAST, SCA, Secret Scanning) into automated CI/CD pipelines. Ensure data security and compliance with industry standards and regulations. Stay updated with the latest trends and technologies in data engineering and cloud platforms. What we are looking for: BS in Computer Science, Engineering or another quantitative field of study 5+ years in a data engineering role 5+ years experience working with SQL, ETL tools such as Airflow and dbt, with relational and columnar MPP databases like Snowflake or Redshift, hands-on experience with AWS (e.g., S3, Lambda, EMR, EC2, EKS) 2+ years of experience managing CI/CD infrastructures, with strong proficiency in tools like GitHub Actions, Jenkins, ArgoCD, GitLab, or any CI/CD tool to streamline deployment pipelines and ensure efficient software delivery. 2+ years of experience with Java, Python, Go, or similar backend languages. Experience with Terraform for infrastructure as code. Experience with Docker and containerization technologies. Experience working with lakehouse architectures such as Databricks and file formats like Iceberg and Delta Experience in designing, building, and managing complex deployment pipelines.

The Senior Manager of Information Security (External Role Description Application / Product Security Architect) will report to the Chief Information Security Officer. As a leader in the Information Security organization, this role will lead the task of refining, managing and executing strategic product/application security roadmap that is based on industry standard software security frameworks. You will plan, implement and track key initiatives focused on product / application security strategy, metrics, compliance, policy, developer awareness, training and stakeholder engagement. You will work closely with multiple teams that make up Information Security, Product Management, Engineering, Legal, Risk and Compliance to improve product / application security controls and drive impactful change to the team and its members. Responsibilities: Bring a deep background and broad experience in Information Security, Application Security, & Application Development or related business areas. Lead a team of high performing individuals who create remediation plans, perform security reviews, and recommend security solutions to meet current and future needs for HMH products and applications. Drive the development and implementation of product and application standard security review processes that result in effective methods for reducing security risks before product releases. Demonstrate an ability to influence all project and portfolio stakeholders; communicate relevant security information to both executive leaders and individual contributors in an effective manner. Accountable for all aspects of staff management, hiring, coaching, training, performance reviews and recommending pay actions and promotions for the Security Engineering team Provide input into the Information Security strategy to ensure that future security investments are aligned appropriately when considering key priorities such as business requirements, industry threat landscape, and risk appetite of HMH. Collaborate closely with the Architecture teams Demonstrated experience handling the demand/supply of project and program resources and tracking allocation. Track policy exceptions and remediation dates through active engagement with development teams and operations teams. Partner with Audit teams to periodically audit controls and secure coding practices being followed by development teams. Staying abreast of latest cyber security threats both internal and external Oversee projects, program delivery, daily monitoring, response; review of cloud infrastructure, physical infrastructure, and the full life cycle of alerts through incident response; and the threat landscape to ensure ongoing and continued maturity of the organization's security controls in addition to service support Drive operational efficiency and excellence leveraging tools, process and automation with appropriate and transparency visibility and metrics that can meet SLAs/SLOs Support and implement controls and visibility to meet third party attestations (SOC2, ISO27001, GDPR, SOX) Balance being collaborative, open, and approachable while still being firm on security policies and in facilitating progress and compromise What you should have: 5 to 6+ years hands-on experience in application security utilizing SAST, DAST, IAST, RASP and WAF. 5+ years of application engineering, architecture or development management experience Proficient analyzing ambiguous problems, compelling communicator with the ability to receive and analyze information, translating security risk to business risk to driving actionable decisions across multiple levels and departments Experience in leading application security remediation work, leading the mitigation initiative to accommodate the developer community priority. Proficient experience with common web application attack vectors and related mitigation strategies that translate to controls within the organization You are highly organized. With many people doing many things in a fast-moving company, strong organizational skillsboth for yourself and for the teamwill be required

Roles and Responsibilities Conduct SAST, DAST, SCA, and PT analysis on software applications to identify vulnerabilities and weaknesses. Collaborate with development teams to remediate identified issues and implement security patches. Develop expertise in multiple programming languages such as Java, Python, C++, JavaScript, HTML/CSS. Provide technical guidance on application security best practices to team members. Participate in code reviews to ensure adherence to coding standards.

Role & responsibilities Experience: At least 6 years in static code analysis/SAST (Static Application Security Testing), secure coding, and software development. Technical Skills: Proficiency in static code analysis tools (e.g., SonarQube, Veracode, Checkmarx) and experience with secure code review of multiple programming languages, including: Java Python .NET/C# C/C++ Code Review Skills: Ability to read and understand source code across various programming languages and tech stacks, troubleshoot false positives, and confirm genuine issues. Secure Coding Knowledge: Strong understanding of secure coding practices, including OWASP Top 10, SANS 25, and CWE, applicable to cloud and non-cloud environments.

locationsGURGAON, IND time typeFull time posted onPosted 4 Days Ago job requisition idR1147923 . We are seeking an experienced DevOps Engineer to join our team. In this role, you will be responsible for designing, implementing, and maintaining secure cloud infrastructure using cloud-based technologies, including Oracle and Microsoft platforms. You will build and support scalable and reliable application systems and automate deployments. Additionally, you will integrate various systems and technologies using REST APIs and automate the software development and deployment lifecycle. Leveraging automation and monitoring tools, along with AI-powered solutions, you will ensure the smooth operation of our cloud-based systems. Key Areas of Responsibility Implement automation to control and orchestrate cloud workloads, managing the build and deployment cycles for each deployed solution via CI/CD. Utilize a wide variety of cloud-based services, including containers, App Services, API , and SaaS-oriented integration. GitHub and CI/CD tools (e.g., Jenkins, GitHub Actions, Maven/ANT). Create and maintain build and deployment configurations using Helm and Yaml. Manage the software change control process, including Quality Control and SCM audits, enforcing adherence to all change control and code management processes. Continuously manage and maintain releases, clear understanding of release management process Collaborate with cross-functional teams to ensure seamless integration and deployment of cloud-based solutions. Problem-solving, teamwork, and communication to emphasize the collaborative nature of the role. Perform builds and environment configurations. Required Skills and Experience 10+ years of overall experience, with at least 5 years in DevOps. Expertise in automating the software development and deployment lifecycle using Jenkins, Github Actions, SAST, DAST, Compliances, and Oracle ERP DevOps tools. Proficient with Unix Shell Scripting, SQL*Plus, PL/SQL, and Oracle database objects. Understanding of branching models is important. Experience in creating cloud resources using automation tools. Strong hands-on experience with Terraform and Azure Infrastructure as Code (IaC). Hands-on experience in GitOps, Flux CD/Argo CD, Jenkins, Groovy. Building and deploying Java and .NET applications, Liquibase database deployments. Proficient with Azure cloud concepts, creating Azure Container Apps, Kubernetes, Load balancers, Az CLI, Kubectl, Observability, APM, App Performance reivews. Azure AZ-104 or AZ-400 Certification is a plus Offers of employment are conditional upon passage of screening criteria applicable to the job.

PREFERENCE: Early joiners preferred This position is strictly Work from Office. Please read this carefully before applying. Working days will be 5 per week. The job location will be Sec 59, Gurgaon Candidates currently based in Delhi-NCR Prior experience in a startup or fast-paced environment Immediate availability for interviews Strong communication skills and team fit Long-term commitment preferred Job Title: DevOps Engineer Location: Sector 59, Gurgaon/Gurugram Experience: 4 to 7 years Industry: BFSI Employment Type: Full-time Work Mode: On-site Job Description: We are hiring a DevOps/Integration Engineer with strong experience in CI/CD , cloud (AWS/OCI) , and DevSecOps tools . The candidate should be skilled in integrating and troubleshooting across build systems, application monitoring, and secure deployments in hybrid (on-prem + cloud) environments. Key Responsibilities: Set up and manage CI/CD pipelines , quality gates, and vulnerability scanning Configure & troubleshoot SAST/DAST tools Manage build/compile tools - Maven, Gradle, etc. Use tools like Prometheus , Grafana , ELK , or Splunk for monitoring/logging Work on cloud (AWS/OCI) and on-prem infrastructure Troubleshoot network issues and maintain system uptime Experience with Hibernate , clusters , and performance tuning Collaborate with development and security teams for smooth delivery Required Skills: CI/CD tools: Jenkins, GitLab CI, Azure DevOps Cloud platforms: AWS or Oracle Cloud Build tools: Maven, Gradle Security: SAST/DAST, DevSecOps integration Monitoring: ELK, Prometheus, Grafana Networking & troubleshooting Hibernate, clustering exposure Good to Have: Certifications (AWS, OCI, DevOps) Docker/Kubernetes knowledge Awareness of OWASP or ISO compliance

Senior Manager, Corporate Security – Application Security Architect Remote Job Description About Corporate Security Cognizant Corporate Security, a key organization within Cognizant Technology Solutions, is chartered with managing and directing the global enterprise physical and logical security programs. The Corporate Security organization is responsible for the oversight and coordination of security efforts across the company, including information technology, human resources, communications, legal, facilities management and various other groups, and is responsible for identifying security initiatives and standards. Corporate Security drives security compliance and serves as the key organization responsible with helping the business appropriately manage security risks. Position Description Cognizant is searching for an experienced Application Security Architect who can lead application security initiatives for product teams in the Cognizant Healthcare division. This will include day-to-day collaboration with product teams, ensuring that they meet Cognizant Security requirements and architectural standards in addition to regulatory and contractual obligations. This will also include reviewing application designs to ensure security is part of each product from the start. You would ensure solutions are appropriately assessed prior to release, and work with product teams to prioritize remediation of findings from security activities. This is not an assessment/testing role; although testing experience will be beneficial, the role is for design-level review and guidance. To excel in this role, you will need the following: 5+ years of application security and secure coding experience. Expertise in implementing a secure SDLC within an Agile framework for new and existing applications. Expertise in designing and implementing application security controls across complex and diverse environments. Experience reviewing testing/scanning results and communicating the technical implications to development teams. Ability to assess real-world risk and communicate that in technical and business/management contexts. Exceptional verbal and written communication skills, including the development of reports and best practices documents. An attitude of always learning, sharing your knowledge with the team, and collaborating across multiple security teams. Strong attention to detail and self-organization skills. Experience working remotely and with geographically separated teams. Additional preference for candidates who: Have done application development in large-scale environments. Have conducted threat models. Have integrated application security practices into CI/CD pipelines and DevOps environments. Have experience with Java and .NET. Have secured applications in Cloud environments (especially Azure). Understand network and infrastructure security. Have conducted application testing (SAST, DAST, and manual assessments). Obtained relevant GIAC or Offensive Security certifications. About Cognizant Technology Solutions Cognizant is a leading provider of Information Technology, Consulting, IT Infrastructure, and Business Process Outsourcing services. Cognizant’s single-minded mission is to dedicate our business process and technology innovation know-how, deep industry expertise, and worldwide resources to working together with customers to make their businesses stronger. As a customer-centric, relationship-driven partner, we are redefining the way companies experience and benefit from global services. Our unique delivery model is infused with a distinct culture of high customer satisfaction. Cognizant delivers a trusted partnership, cost reductions and business results. Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500. Cognizant is ranked among the top performing and fastest growing companies in the world. Visit us online at http://www.cognizant.com/ or follow us on Twitter: Cognizant. Cognizant is an Equal Opportunity Employer M/F/D/V. Cognizant is committed to ensuring that all current and prospective associates are afforded equal opportunities and treatment and a work environment free of harassment.

Job Purpose (overall high-level summary of the role) Build and lead global relationships for Cybersecurity (sitting within the wider IT organization), representing WPB IT and WPB Cyber interests within the context of transformational and service uplift from central and federated functions. As a senior Cybersecurity SME for WPB, promote the principles of secure development and ensure effective coverage for all Cybersecurity services consumed. The Senior Cyber SME is, among many other things, responsible for the following key activities: Coordinate and manage the relationship between the central Cybersecurity leadership teams, WPB IT leadership and WBP CISO; reporting to WPB IT CISO. Provide specialist technical and process knowledge to influence support and manage the direction of cyber tooling, processes and practices into WPB IT and engineering teams. Lead the Information Security agenda within the central cyber control owners, including driving business/functional stakeholder engagement to ensure delivery of security programmes, tooling, and initiatives. Develop and maintain strong relationships with the cyber control owners and Heads of cybersecurity functions to ensure optimum synergy and collaboration between them WPB IT. Monitor and engage with cyber control owners, heads of cyber practices and central programme managers to shape and represent WPB IT in order to ensure that deliveries align with WPB IT interests and strategic direction. Promote the development and rollout of security tools and processes that aligns with WPB IT engineering strategies and ensure that group security scanning and orchestration tools can be adopted and used within WPB IT s CI/CD pipeline and engineering teams. Work with service line and value stream CIOs and their representatives to ensure that cyber assurance actions, vulnerability remediation and KCI compliance receives the right level of attention and support, and to escalate and highlight blockers if required. Guide the service lines/value streams CIOs and their representatives with respect to compliance with relevant security policies, standards, and governance, including challenging the risk profile, appetite, and control effectiveness, coordinating with embedded WPB Cyber SMEs, Risk Champions, and central Cyber teams required to ensure overall WPB IT operation within appetite. With specific focus ensure that control and risk metrics and related responsibilities for cyber assurance activities, vulnerability, and secure development practices & tooling, third party security reviews are monitored, actioned, and understood by WPB CIOs and their delegates. Ensure that WPB IT and Cyber priorities are communicated to cyber control owners and central cyber functions. Facilitate ongoing cybersecurity awareness within the Service Line to strengthen the responsible culture. Lead Annual Assurance activities (Pen Test & TMA) for WPB and provide oversight responsibility for TPSR Organization structure Reports to the WPB IT CISO Principal Accountabilities: key activities and decision-making areas Typical Targets and Measures Impact on the Business/Function Protect the Bank. Lead Security embedding within WPB IT together with the WPB CISO, owning the relationship with cybersecurity control owners and heads of cyber functions. Uses technical expertise and experience to enable WPB IT and Cybersecurity to develop implementable designs, solutions and operational plans to ensure compliant security is enforced. Leads and drives this change through effective communication, preparation, and implementation. Driving sustainable growth. Drive efficiencies in the SDL through secure from start development, SecDevOps and minimal iterative issue-remediation. Ensure that evolving technologies are embraced with appropriate mitigation controls and contingency planning. Achieving excellence. Promote the understanding of risk in the context of security in order to align WPB security practices with business risk appetite and strategic objectives. Generate an environment in which innovation is supported by security in the working practices. Measures benefits over the short, medium, and long term. Demonstrates a comprehensive WPB IT view when developing solutions. Executes ideas and innovation that are original but remain aligned to business objectives and cybersecurity principles and plans. Customers / Stakeholders Customer focus. Lead a customer-centered culture, championing activities encouraging outstanding customer advocacy. Proactively seek opportunities to utilize strong Cybersecurity principles to improve availability and ensure privacy for customers. Strengthening stakeholder relationships. Enhance key relationships, using rapport-building expertise and appropriate influencing to add value beyond the initial scope, increasing stakeholder advocacy. Maintain key relationships to include technology and business heads across WPB and Cybersecurity along with other GB/GF/R counterparts across the globe. Understanding markets and customers Cultivate strong relationships with organizationally important global and/or high value stakeholders with a tailored approach. Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets. Promotes the most appropriate security solution even if there are short term additional costs. Demonstrates sensitivity to the realities and concerns of their stakeholders' situation. Analyses and interprets the evolving security threat landscape. Uses innovation to address the needs of customers and stakeholders (building trust). Leadership & Teamwork Drive the development and communication of a clear vision for secure development and maintenance in WPB IT which is aligned to the overall HSBC and Cybersecurity strategy, values and goals in order to inspire and engage people to create an inclusive, high performing, customer-centered culture. Lead, develop and motivate adoption of and compliance with the cybersecurity principles across the lifecycle in the PODs, XFTs, and service Lines / value streams within WPB IT. Lead and encourage constructive teamwork within value streams by demonstrating collaboration and matrix management in action and taking prompt action to address any activities and behaviors that are not consistent with HSBC's diversity policy and/or the best interests of the business and its customers. Monitors complex dependencies and respond accordingly to ensure on-going delivery to local and WPB IT goals. Translates the required course of action into a clear and realistic vision. Develops international solutions that are beneficial for the Service Line across its geographies and its customers. Identifies and builds relationships with key contacts and influencers Effectively translates coaching requirements to WPB IT s overall performance requirements. Operational Effectiveness & Control: Lead the continuing development, implementation and improvement of the security processes, understanding of risk and controls, and capabilities needed to deliver agreed plans and targets. Collaborate with control owners and WPB leadership to maximize end-to-end integration, effectiveness, and efficiency. Establish and maintain a robust and efficient control environment across the lifecycle to ensure good operational, financial and project management and compliance with HSBC policy and procedures, together with early identification and effective resolution or escalation of issues that arise. Lead the implementation and oversight of the Cyber Risk standards and governance frameworks, process and procedures, including adaptation of documentation, to ensure relevance to WPB operations, effective risk management and regulatory compliance. Creates an environment which anticipates risk, ensuring action is taken to quantify and mitigate them. . Coordinate with central cyber teams, 2LOD and control owners to ensure that WPB specific requirements and ways of working are integral to adopted Cyber Policies, Processes, and tooling. Implement IT best practices in risk policies and governance frameworks in areas across WPB IT. Management of Risk (Operational Risk / FIM requirements) The Senior Cyber SME will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation. The Senior Cyber SME will also continually reassess the Cybersecurity and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology. This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department. Observation of Internal Controls (Compliance Policy / FIM requirements) Maintains HSBC internal control standards vis- -vis cybersecurity operations, including coordination and resolution planning of internal and external audit points together with any issues raised by external regulators. The Senior Cyber SME will also manage and coordinate the implementation of new internal control and risk -related metrics relating to cyber and secure development practices (KCIs, KRIs, and GRAS). This will be achieved by service line / value stream adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified Cybersecurity risks. Escalation to CIOs and CISO when required for prompt addressing to relevant risk forum, such as WPB IT Cyber Working Groups, RCMMs to mention some examples. Local Job Requirements (This could include; Job Dimensions, Job Context & Major Challenges) Budget & people. This is a cross-functional and Senior Cyber SME role which supports and represents WPB IT interests against central cyber and group IT initiatives. This is achieved though and with the support of a large number of CIO delegates (risk champions), embedded cyber-SMEs, pod leads and ITSOs within WPB IT. It will secure applications leveraging right tools and processes enabled by Cybersecurity. The indirect headcount which will be supported by this role would be more than 150-200 staff. Relationships. Key relationships include ownership of the relationship with Cybersecurity control owners and Heads of Cybersecurity Functions and extends to peers across other Global Businesses, Global Functions and Regions up to MD levels in HSBC, including relationships with auditors, regulators and external security forums. This may also include external relationships with TPEMs and potentially vendors, focusing on security support to the WPB IT. Regulatory & Risk Management. Working closely with WPB IT Value Streams and governance counterparts (such as 2LOD, RR and CCO), build strong relationships with internal and external stakeholders (risk, audit, government agencies, industry forums etc) to understand the IT/Information Security risk profile, monitor compliance with policies and standards, and identify and address WPB IT specific requirements. Strategic input. Providing influence and input to ensure alignment between Cybersecurity and Central Cyber Functions and Leadership to represent and ensure WPB IT strategic outcomes and business goals. Uses technical knowledge and experience to solve complex problems, and propose implementable solutions, to deliver ongoing improvements in line with business strategy. Certifications, Qualifications & Experience (For the Job not the Job holder. Minimum requirements of the Job) Good understanding of WPB businesses and general understanding of the bank s businesses and differentiating factors between retail, wholesale, and investment banking A fair understanding of laws and regulations with an emphasis on regulations, rules and standards with global or boarder regional impact (e.g. GDPR, PCI DSS, DORA, HIPAA, etc.) Formal education with a post-graduate degree in IT, Information Security, Risk Management, Business Management or other relevant areas 10+ years of experience in Information Security Management and Cybersecurity High level of personal drive and motivation to ensure delivery of a broad range of outputs simultaneously across WPB IT and HSBC Technology Extensive Programme Management experience and analytical skills. Proven ability to articulate complex issues concisely and in simple language to support problem analysis. Strong knowledge of the external environment regulatory, political, competitors etc. Outstanding relationship management, collaboration and influencing skills. Strong attention to detail and business writing skills and to be able to challenge and shape submissions. Outstanding communication and interpersonal skills with the ability to produce clear and concise reports and communications to senior internal and external stakeholders. Excellent stakeholder management skills with a proven ability to build and maintain strong relationships and communicate on complex issues with a wide spectrum of stakeholders. Proven abilities in working across cultures. Familiarity with Information Security Control and Risk Frameworks (e.g., NIST, ISO 27001, COBIT, etc.) Strong familiarity with and competence in application security tools in general and with specific focus on security tooling used in secure development (e.g., SAST, DAST, MAST, FOSS), threat modelling and risk management. Certifications, Qualifications & Experience (For the Job not the Job holder. Minimum requirements of the Job) Familiarity with security controls around technologies such as cloud, mobile, social, open-banking, etc. Familiarity with OWASP, Cloud, and SANS guidelines on application-security. Experience in supporting Agile and DevOps methodologies. Experience in lifecycle management across the CI/CD pipeline Excellent understanding of banking and security in context of wider industry trends and direction

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Skills: Vulnerability Assessment,Penetration Testing,Manual Penetration Testing using OWASP checklists,Static/dynamic testing of mobile applications,OWASP Top 10 Roles and Responsibility: Roles and responsibility: Perform Web Application Security Assessment, API Security Assessment, Mobile Application Security Assessment & Thick Client Security Assessment. Report Preparation etc. Thanks and Regards, Ankita Ghosh

Design, develop, and maintain automated and manual test cases with a focus on security. Perform static and dynamic application security testing (SAST/DAST). Identify, document, and track security-related defects and work with engineering teams for remediation. Conduct threat modeling and risk assessments as part of the software development lifecycle. Validate fixes and patches for known vulnerabilities. Assist in integrating security testing tools (e.g., OWASP ZAP, Burp Suite, SonarQube) into CI/CD pipelines. Stay current with security best practices, industry trends, and vulnerability databases (e.g., CVE, NVD). Collaborate with QA, DevSecOps, and security analysts to promote secure development practices. Participate in code reviews and assist in the development of secure coding guidelines.

Serko is a cutting-edge tech platform in global business travel & expense technology. When you join Serko, you become part of a team of passionate travellers and technologists bringing people together, using the world’s leading business travel marketplace. We are proud to be an equal opportunity employer. We embrace the richness of diversity, showing up authentically to create a positive impact. There's an exciting road ahead of us, where travel needs real, impactful change. With offices in New Zealand, Australia, North America, and China, we are thrilled to be expanding our global footprint, landing our new hub in Bengaluru, India. With a rapid growth plan in place for India, we’re hiring people from different backgrounds, experiences, abilities, and perspectives to help us build a world-class team and product. Requirements We are seeking an experienced and highly skilled Senior Security professional to join our fast moving and enthusiastic team at Serko. The ideal candidate will have a strong background in software engineering and DevSecOps, with a focus on integrating security practices throughout the software development lifecycle. This role involves leading security initiatives, managing risk, overseeing security operations, ensuring compliance, and providing detailed reporting to senior management. Serko has an inclusive, engaging and supportive culture and we need a motivated self-starter who can take the initiative without close supervision to deliver optimal security outcomes for the organisation. Someone who is eager to advance their professional career and play a crucial role in delivering effective security solutions, while collaborating closely with a highly skilled software engineering team that operates at pace. What you'll get to do Integrate Security Practices: Lead the integration of security practices into the DevOps lifecycle, ensuring security is embedded throughout the software development process. Collaborate with Teams: Work closely with development and operations teams to identify and mitigate security risks in software applications, infrastructure, and deployment pipelines. Security Automation: Implement and maintain security automation and orchestration tools to streamline security processes and improve overall security posture. Security Risk Management: Identify, assess, and manage security risks across the organisation. Develop and implement risk mitigation strategies and ensure that risk management practices are integrated into all aspects of the development and operations processes. Security Operations: Oversee day-to-day security operations, including monitoring, incident response, and threat intelligence. Develop and implement operational security strategies and assist with operational security management of the environment. Compliance: Ensure compliance with relevant security policies, as well as external regulations and standards, such as PCI-DSS, and SOC2 Reporting: Prepare and present detailed security reports to senior management, highlighting key risks, incidents, and mitigation strategies. Provide regular updates on the security posture of the organization. Security Awareness: Conduct security awareness campaigns and initiatives to educate staff on emerging threats and mitigation strategies. Emerging Technologies: Stay at the forefront of emerging security trends, technologies, and best practices, particularly in Azure security and DevSecOps domains. Security Tools: Evaluate and recommend new security tools, solutions, and technologies that enhance our security posture and streamline security operations. What you'll bring You will contribute through your expertise in: Experience: 5+ years of experience in a senior role focused on Security Operations, Risk Management, and Compliance, preferably within software engineering environments Security Knowledge: A deep understanding of security attack and defence methods. A demonstrable and hands on knowledge of ethical hacking tools and techniques would be highly beneficial. DevSecOps Tools: Proven experience with DevSecOps tools and services such as SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing). Security Operations: Proven experience in managing Microsoft security products and services, including Azure Security Centre, Defender, Azure Active Directory, and Sentinel. Certifications: Relevant certifications such as CISSP or equivalent are preferred. Communication Skills: Excellent communication, presentation, and documentation skills. Team Collaboration: Ability to work collaboratively with cross-functional teams and lead security initiatives. Education: Bachelor's degree in Computer Science, Cybersecurity, or a related field. Relevant certifications will be considered in lieu of a degree. Benefits At Serko we aim to create a place where people can come and do their best work. This means you’ll be operating in an environment with great tools and support to enable you to perform at the highest level of your abilities, producing high-quality, and delivering innovative and efficient results. Our people are fully engaged, continuously improving, and encouraged to make an impact. Some of the benefits of working at Serko are: A competitive base pay Discretionary incentive plan based on individual and company performance Focus on development: Access to a learning & development platform and opportunity for you to own your career pathways Family medical coverage, Meal coupons, Transport allowances, Mobile & Internet Reimbursement Flexible work policy Apply Hit the ‘apply’ button now, or explore more about what it’s like to work at Serko and all our global opportunities at www.Serko.com .

locationsBangalore, Indiaposted onPosted 14 Days Ago job requisition id30672 FICO (NYSEFICO) is a leading global analytics software company, helping businesses in 100+ countries make better decisions. Join our world-class team today and fulfill your career potential! The Opportunity We are seeking a skilled and proactive Cybersecurity Engineer/Analyst to join our Product Security Testing Team. This team helps ensure that our products and clients are protected and maintain trust in our security processes. We protect the FICO brand and our products by engaging with development teams at every step of the product development lifecycle. We assess and influence product design, analyze applications for flaws that may lead to security issues, and provide security testing to help ensure our products are secure. We seek candidates who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, passionate about information security and love their work. This role focuses on validating secure coding practices, conduct and coordinate security testing/pen testing .- Sr Manager, Cyber Security What You'll Contribute Collaborate with engineers, consultants and leadership to identify security risks and recommend mitigations within the Secure Development Lifecycle (SDLC). Perform activities such as secure code reviews, security testing and vulnerability triage across various applications. Regularly interact with internal and external customers on security-related projects and operational tasks. Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks. Analyse test results, draw conclusions from results, and develop targeted exploit examples. Clearly and professionally document root cause and risk analysis of findings. Consult with operations and software development teams to help ensure potential weaknesses are tracked and addressed. Collaborate with other teams to improve the overall security posture of applications/infrastructure. Stay current on security best practices, vulnerabilities, and attacker tactics, techniques, and procedures. Develop and test effective functional security testing strategies for new/emerging product security requirements. Suggest improvements to existing processes/tooling; ideate and implement automation where possible. What We're Seeking Bachelor's degree in computer science, Cybersecurity, or a related field. Relevant cyber security certifications (e.g., CEH, CCSP, CISSP, OSCP etc) are highly desirable. Proven experience of at least 3 years in a similar role within Cybersecurity. Strong understanding of AWS infrastructure and cloud security principles. In-depth knowledge of cybersecurity principles, methodologies, frameworks and best practices. (OSI, NIST, OWASP, SANS, PCI etc) Knowledge of secure coding principles and experience with code review processes and tools. Experience with Pen testing, infrastructure as a code scan reviews and dynamic application security testing (DAST) methodologies and tools. Knowledge and experience in CI/CD, shift left security. Strong analytical and problem-solving skills with a keen attention to detail. Strong written and oral communication skills with the ability to convey complex security concepts to non-technical stakeholders. Strong organizational and interpersonal skills. Our Offer to You An inclusive culture strongly reflecting our core valuesAct Like an Owner, Delight Our Customers and Earn the Respect of Others. The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences. Highly competitive compensation, benefits and rewards programs that encourage you to bring your best every day and be recognized for doing so. An engaging, people-first work environment offering work/life balance, employee resource groups, and social events to promote interaction and camaraderie. Why Make a Move to FICO At FICO, you can develop your career with a leading organization in one of the fastest-growing fields in technology today Big Data analytics. Youll play a part in our commitment to help businesses use data to improve every choice they make, using advances in artificial intelligence, machine learning, optimization, and much more. FICO makes a real difference in the way businesses operate worldwide Credit Scoring FICO Scores are used by 90 of the top 100 US lenders. Fraud Detection and Security 4 billion payment cards globally are protected by FICO fraud systems. Lending 3/4 of US mortgages are approved using the FICO Score. Global trends toward digital transformation have created tremendous demand for FICOs solutions, placing us among the worlds top 100 software companies by revenue. We help many of the worlds largest banks, insurers, retailers, telecommunications providers and other firms reach a new level of success. Our success is dependent on really talented people just like you who thrive on the collaboration and innovation thats nurtured by a diverse and inclusive environment. Well provide the support you need, while ensuring you have the freedom to develop your skills and grow your career. Join FICO and help change the way business thinks! Learn more about how you can fulfil your potential at FICO promotes a culture of inclusion and seeks to attract a diverse set of candidates for each job opportunity. We are an equal employment opportunity employer and were proud to offer employment and advancement opportunities to all candidates without regard to race, color, ancestry, religion, sex, national origin, pregnancy, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Research has shown that women and candidates from underrepresented communities may not apply for an opportunity if they dont meet all stated qualifications. While our qualifications are clearly related to role success, each candidates profile is unique and strengths in certain skill and/or experience areas can be equally effective. If you believe you have many, but not necessarily all, of the stated qualifications we encourage you to apply. Information submitted with your application is subject to theFICO Privacy policy at

We are keenly looking for a resource with 10+ years of experience who had both technical and managerial experience to execute a lead position from offshore. Primary Skill: Azure DevOps, Jfrog Artifactory, SonarQ, DevSecOps(SAST & DAST), Azure native App Security Secondary Skill: Containerization and Orchestration tools. Shift details: Day shift overlapping with EST (2PM-10:30PM) Technical Leadership & team management at Offshore: • Technical Leadership: Provide guidance to ensure best practices and quality standard are maintained in deliverables. Understand Selective standards and help ensure deliverables meets and adhere to the standards. If standards are missing collaborate with the core team to build standards as needed/required • Team Guidance: Lead and support DevOps engineers to achieve project goals. • Team Management: Lead and coordinate offshore DevOps teams. • Sprint Planning: Assist with offshore sprint planning, estimates, and timelines for the work aligned. • Work Execution: Run stand-ups and manage work execution. • Resource Optimization: Optimize team member capacity utilization. • Risk Management: Identify and mitigate risks aligned to the work • Documentation: Maintain detailed documentation of processes and projects Mature Offshore-Driven Operations and Operational capabilities : • SOP Development: Create standard operating procedures for operational tasks. • Communication: Establish clear channels with DevOps service consumers and stakeholders. • Continuous Improvement: Encourage innovation and automation. • SRE for key DevOps tooling: Build Site Reliability Engineering around DevOps platforms and tools. Build health checks for the key platforms. • Keeping platforms/tooling evergreen. Report/track on tech currency • Improve & automate operational onboarding - drive platform Self service capabilities for our end customer Collaboration and Coordination: • Stakeholder Updates: Provide regular updates to stakeholders. • Team Collaboration: Work with development, QA, and operations teams. • Performance Tracking: Develop and monitor key performance indicators (KPIs).

Senior Advisor - Business Security Location: Thane/Vikhroli 5 days work from office in a MONTH Shift: 1.30 P.M. to 10.30 P.M. The Company: UK based one of the largest MNCs is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. One of the oldest MNCs, has more than 42,000 employees serving more than 142 countries. Business Unit The mission of the Business Information Security team is to be Information and Cyber Security trusted advisors to senior business and technology stakeholders. When they're forming strategy and delivering business change, we aim to help them ensure that their business continues to be secure and compliant in line with our information and cyber security policies and standards. Job Summary As the Information Security Associate within the Business Security Operations (BusSecOps) team, you will be responsible for implementing and maintaining information & cyber security practices. Candidate would be required to gain a high-level of knowledge and understanding of critical technology applications and security standards. You will need to take a leadership role in building security testing framework for web-based applications which includes Threat Profiling, DAST, SAST, Security Architecture, and Penetration testing. In this role, you are expected to understand the organizations information & cyber security strategy and standards while working collaboratively with technology teams to implement and maintain sound security practices. This role resides in our Information & Cyber Security (ICS) team within Corporate IT. Roles & Responsibilities Build and maintain effective relationship with technology teams and ICS stakeholders Foster a culture of information and cyber security best practices though awareness and support Stay up to date with the latest application security developments and security trends to continually improve internal processes Hold good understanding of Application & Infrastructure testing methodology & support development teams in the remediation of vulnerabilities Work with development teams to improve the secure software development lifecycle Engage in information security activities to support client/business engagements i.e., incidents, vulnerabilities, development lifecycles, risk management and emerging threats Ability to coordinate and execute security testing for applications and cloud environments Engage with key stakeholders to support internal and external audit activities to ensure compliance with regulations such as: SOC, FCA, NYDFS, GDPR, HIPAA Demonstrate a good understanding of security regulations and data privacy laws Support the risk identification & exceptions management process Manage and oversee adhoc projects related to maturing information and cyber security controls across the organizationR. Education Qualification: Degree in a relevant Business or Information Technology area Experience Band: 5 - 12 yrs. Technical Skills: Need to have Degree in a relevant Information Technology area preferably with a focus on information security Significant experience in managing and patching vulnerabilities across a host of assets Expert understanding of all aspects of information security principles, policy and its application in business and technology areas Understanding of core cloud security principles Knowledge and experience on supporting information security audits Technical Skills: Nice to have Client focus: ability to engage positively with clients and business stakeholders. Information Security specific certification is desirable (such as CISM, CISSP, CISA, CEH) Full JD will be shared on email Best Regards, Uma SW +91 98 22 780 197 uma@starlighthr.com I https://starlighthr.com/

Senior Advisor - Business Security Location: Thane/Vikhroli 5 days work from office in a MONTH Shift: 1.30 P.M. to 10.30 P.M. The Company: UK based one of the largest MNCs is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. One of the oldest MNCs, has more than 42,000 employees serving more than 142 countries. Business Unit The mission of the Business Information Security team is to be Information and Cyber Security trusted advisors to senior business and technology stakeholders. When they're forming strategy and delivering business change, we aim to help them ensure that their business continues to be secure and compliant in line with our information and cyber security policies and standards. Job Summary As the Information Security Associate within the Business Security Operations (BusSecOps) team, you will be responsible for implementing and maintaining information & cyber security practices. Candidate would be required to gain a high-level of knowledge and understanding of critical technology applications and security standards. You will need to take a leadership role in building security testing framework for web-based applications which includes Threat Profiling, DAST, SAST, Security Architecture, and Penetration testing. In this role, you are expected to understand the organizations information & cyber security strategy and standards while working collaboratively with technology teams to implement and maintain sound security practices. This role resides in our Information & Cyber Security (ICS) team within Corporate IT. Roles & Responsibilities Build and maintain effective relationship with technology teams and ICS stakeholders Foster a culture of information and cyber security best practices though awareness and support Stay up to date with the latest application security developments and security trends to continually improve internal processes Hold good understanding of Application & Infrastructure testing methodology & support development teams in the remediation of vulnerabilities Work with development teams to improve the secure software development lifecycle Engage in information security activities to support client/business engagements i.e., incidents, vulnerabilities, development lifecycles, risk management and emerging threats Ability to coordinate and execute security testing for applications and cloud environments Engage with key stakeholders to support internal and external audit activities to ensure compliance with regulations such as: SOC, FCA, NYDFS, GDPR, HIPAA Demonstrate a good understanding of security regulations and data privacy laws Support the risk identification & exceptions management process Manage and oversee adhoc projects related to maturing information and cyber security controls across the organizationR. Education Qualification: Degree in a relevant Business or Information Technology area Experience Band: 2 - 6 yrs. Technical Skills: Need to have Degree in a relevant Information Technology area preferably with a focus on information security Significant experience in managing and patching vulnerabilities across a host of assets Expert understanding of all aspects of information security principles, policy and its application in business and technology areas Understanding of core cloud security principles Knowledge and experience on supporting information security audits Technical Skills: Nice to have Client focus: ability to engage positively with clients and business stakeholders. Information Security specific certification is desirable (such as CISM, CISSP, CISA, CEH) Full JD will be shared on email Best Regards, Uma SW +91 98 22 780 197 uma@starlighthr.com I https://starlighthr.com/

Project Role : Tech Delivery&Op Excellence Practitioner Project Role Description : Understand how to deliver value to clients, and use that commercial competency to apply methods or certifications appropriately. Attention to detail and deep expertise allow them to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Tech Delivery & Op Excellence Practitioner, you will understand how to deliver value to clients and apply methods or certifications appropriately. Attention to detail and deep expertise allow you to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Key responsibility:- Risk and Compliance senior Analyst works with the Application service delivery organization and other compliance related functions to help:- Perform audits/reviews to assess risks in Application development and maintenance service environment- Manage risk in Application development and maintenance service to an acceptable level - Increase the level of awareness of and compliance with policy and process related matters - Support successful completion of various external compliance certification programs and internal compliance assessments- Introduce continual improvement including lessons learned from matters requiring intervention- This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of Application Development & Maintenance Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice.Must-Have Skills/ Qualifications:- Minimum of 1-year experience in Auditing principles and practices (sample qualifications*:CISA, ISO 27001 Lead Auditor)- Minimum of 1-year experience in Application security/audit roles in Application development & maintenance service industry(sample qualifications*:EC-Councils CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker), - Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development- Knowledge of secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption - Minimum of 1-year experience in Operational compliance requirements)- Contract Management / Service Reporting(including Service Level Agreements and Operational Level Agreements)- Risk management or assessment (sample qualification*:CRISC)- Knowledge of cloud environment and services (sample qualification*:Microsoft Azure/AWS/Google Certifications)- Team and stakeholder managementNice-to-Have Skills/ Qualifications:- Data privacy and protection (sample qualifications*:CIPM, CIPT, CIPP)- CISSP*, CISM*, CISA*, CCSK*, CCSP*- SOC1 and SOC2 (SSAE16 / ISAE3402) awareness- Business Continuity and Disaster Recovery awareness (ISO 22301) Professional Attributes:1:Good communication2:Teamwork3:Problem Solving Capabilities4:Work Planning and Management 5:Quick Learner6:Eager to take on responsible task7:Dedicated and Focused Educational Qualification:1:MBA-Information Security/ IT2:BE/B-Tech with CS/IT/related domain3:BSc- IT Additional Information:(i.e., travel, overtime %)1:Occasional within country travel 2:Flexibility in working hours Qualification 15 years full time education

Skill required: Tech for Operations - Microsoft ASP.NET Designation: SW/App/Cloud Tech Support Sr Analyst Qualifications: Any Graduation Years of Experience: 5 to 8 years About Accenture Accenture is a global professional services company with leading capabilities in digital, cloud and security.Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Technology and Operations services, and Accenture Song all powered by the worlds largest network of Advanced Technology and Intelligent Operations centers. Our 699,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities.Visit us at www.accenture.com What would you do You will be part of the Technology for Operations team that acts as a trusted advisor and partner to Accenture Operations. The team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. We work closely with the sales, offering and delivery teams to identify and build innovative solutions.The Tech For Operations (TFO) team provides innovative and secure technologies to help clients build an intelligent operating model, driving exceptional results. Works closely with the sales, offering and delivery teams to identify and build innovative solutions. Major sub deals include AHO(Application Hosting Operations), ISMT (Infrastructure Management), Intelligent AutomationA platform to create dynamic and interactive Web applications using server-side scripting technology. What are we looking for Job SpecificationOverall Skills to manage & work on SQL & .Net technologies while working in collaborative and high-performance team environment.ResponsibilitiesFull Stack .net, MS SQL, LinQ, SQL Stored procedures, SSRSDev experience around 5+ yearsexperience with DAST/SAST vulnerabilities, scans, APIs etc. QualificationsExpertise & understanding in Full stack technologies with 5+years experience.Analytical, problem-solving skills.Strong empathy in understanding client needs/requirements.Communication and presentation skills.Representative behavior, client-facing experience.Strong team player with drive. Roles and Responsibilities: In this role you are required to do analysis and solving of increasingly complex problems Your day to day interactions are with peers within Accenture You are likely to have some interaction with clients and/or Accenture management You will be given minimal instruction on daily work/tasks and a moderate level of instruction on new assignments Decisions that are made by you impact your own work and may impact the work of others In this role you would be an individual contributor and/or oversee a small work effort and/or team Please note that this role may require you to work in rotational shifts Qualification Any Graduation

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Infrastructure Security Vulnerability Management Operations Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and overseeing the transition to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure that the implemented solutions align with organizational objectives, all while maintaining a focus on continuous improvement and risk management. Roles & Responsibilities:-Remediation of vulnerabilities-Exp in Tenable,Wiz.IO, Checkmarx and Burpsuite-Defining Scan schedule-Reporting and Dashboard-Metrics driven dashboards Professional & Technical Skills: -Establish and operationalize an enterprise vulnerability management program, including:- Scanner deployment and configuration- VM operating procedures- Remediation working group- Attack surface management procedures- Vulnerability intelligence integration- Exception handling procures- vulnerability risk standard-To integrate VM program operations with existing Cloud security, GRC and IT capabilities/processes.-Scanning of Scout's entire IP space (internal and external) using Tenable. Scanning technology will be provided by Scout.-End-to-end centralized operations of the vulnerability management program encompassing all identified vulnerabilities resulting from penetrating testing, infrastructure scanning, DAST, and OT security assessments, and including risk analysis, remediation support, exception handling, mitigation, and reporting. Additional Information:- The candidate should have minimum 3 years of experience in Infrastructure Security Vulnerability Management Operations.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Infrastructure Security Vulnerability Management Operations Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are looking for a highly skilled Lead Application Security & Vulnerability Management to take charge of identifying, assessing, and mitigating security risks across applications and IT infrastructure. As a key security leader, you will oversee vulnerability management operations, lead security assessments, and collaborate with cross-functional teams to ensure robust security posture and compliance with industry standards. This role demands expertise in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) to protect critical software assets. Roles & Responsibilities:Leadership & StrategyLead vulnerability management operations and security assessments. Develop and implement strategic security initiatives for application protection. Collaborate with leadership to define security roadmaps and policies. Act as a mentor for junior security analysts, fostering skill development.Vulnerability Management & Security OperationsConduct regular vulnerability scans across applications and infrastructure. Analyze security vulnerabilities, assess impact, and prioritize mitigation strategies. Oversee penetration testing and security assessments to identify weaknesses. Provide detailed reports on security findings, risk levels, and remediation efforts. Ensure compliance with industry security frameworks and standards. Develop and maintain security policies, procedures, and playbooks.Application Security & Secure DevelopmentPerform SAST scans to detect vulnerabilities in source code before deployment. Conduct DAST assessments to identify runtime security issues in web applications. Utilize SCA tools to analyze third-party dependencies for known vulnerabilities. Integrate security testing into CI/CD pipelines for proactive protection. Define secure coding guidelines and conduct training for development teams.Incident Management & Vendor CoordinationInvestigate and resolve false positives and critical vulnerabilities in risk management tools. Manage vendor relationships, escalating and resolving security issues efficiently. Generate monthly security reports and dashboards for leadership insights. Qualifications & Skills: Experience:7+ years in Application Security, Vulnerability Management, and Cybersecurity. Education:Bachelors/Masters degree in Computer Science, Information Technology, or Cybersecurity. Certifications:Preferred CISSP, CEH, CompTIA Security+. Technical Expertise:Strong knowledge of network protocols, operating systems, security testing. Leadership & Communication:Excellent problem-solving, analytical, and collaboration skills. Compliance & Frameworks:Deep understanding of ISO 27001, NIST, OWASP, PCI DSS. Professional & Technical Skills: Vulnerability Management:Brinqa, Qualys VMDR, Qualys WAS, Rapid7 InsightVM, NessusApplication Security:Fortify, Snyk, Trufflehog, SnaffpointSecurity Frameworks:OWASP Top 10, NIST, ISO 27001, PCI DSS Additional Information:- The candidate should have minimum 5 years of experience in Infrastructure Security Vulnerability Management Operations.- This position is based at Bengaluru, Gurgram, Hyderabad, Mumbai, Noida only- A 15 years full time education is required. Qualification 15 years full time education

Role Profile Senior Application Security Engineer Department Information Security/ Cybersecurity Reports ToManager / Lead Security Engineer Location :Hyderabad (WFO) Role Summary: The Security Engineer will play a critical role in strengthening the security posture of applications and infrastructure by implementing secure development practices, performing vulnerability assessments, and integrating security into the SDLC. The ideal candidate will have hands-on experience with OWASP ASVS, security testing tools like ZAP, and a solid understanding of Python-based backend systems. Key Responsibilities: Implement and enforce security policies aligned with OWASP ASVS 4.0.3. Conduct Static and Dynamic Application Security Testing (SAST/DAST) using tools such as ZAP, Fortify, Burp Suite, and GitHub security. Collaborate with DevOps teams to embed security in CI/CD pipelines. Perform threat modelling and risk assessments for applications and APIs. Identify and remediate security vulnerabilities in Python-based services. Prepare and support documentation for STQC audits and other compliance processes. Create and maintain secure coding guidelines for developers. Track and manage vulnerabilities using centralized dashboards or ticketing systems. Collaborate with developers and QA teams during SDLC to ensure secure code deployment. Required Qualifications & Skills: 8–10 years of Overall experience in IT . 5–6 years of hands-on experience in Application Security. Strong knowledge of OWASP Top 10 and OWASP ASVS frameworks. Practical experience with ZAP, Fortify, Burp Suite, or similar tools. Good understanding of Python backend services and typical security flaws. Knowledge of CI/CD security integration tools and methodologies. Familiarity with STQC security processes and regulatory compliance documentation. Knowledge of SAST/DAST/IAST methodologies and modern DevSecOps practices. Bachelor’s degree in computer science, Cybersecurity, or related discipline. Soft Skills: Strong analytical and problem-solving abilities. Excellent written and verbal communication skills. Collaboration and team orientation. High attention to detail and documentation. Strong stakeholder management across development, DevOps, and compliance teams. Preferred Qualifications: Certifications such as OSCP, CISSP, CEH, or GWAPT. Exposure to cloud security (AWS/GCP/Azure). Scripting knowledge for automation using Python or Bash. Experience with container and Kubernetes security tools. Key Relationships: InternalDevelopment Teams, DevOps Teams, QA Teams, Compliance Team, Product Owners ExternalAuditors, Regulatory Authorities (e.g., for STQC), Security Vendors Role Dimensions: Team Size: Individual contributor or small security team lead Scope: Application security coverage across all internal and external apps Impact: High – directly impacts risk mitigation, compliance, and secure software delivery Success Measures (KPIs): % of vulnerabilities resolved within SLA Number of applications onboarded to security tools Security issues found in pre-production vs post-deployment Developer adoption rate of secure coding practices STQC and other audit clearance rates Mean time to detect and remediate vulnerabilities Competency Framework Alignment: Technical Expertise Deep understanding of of AppSec tools and practices Results Orientation Works cross-functionally with technical teams Problem Solving Strong in analysing and resolving security issues Communication Explains complex security concepts to non-tech teams Adaptability Takes ownership of vulnerabilities and resolutions

Are you a skilled penetration tester looking for an exciting new opportunity to take your career to the next level? Join our dynamic cybersecurity team, where youll have the chance to work on cutting-edge projects, including cloud security, reverse engineering, threat modelling, and product security . Who we are? Payatu is an ISO certified company where we strive to create a culture of excellence, growth and innovation that empowers our employees to reach new heights in their careers. We are young and passionate folks driven by the power of the latest and innovative technologies in IoT, AI/ML, Blockchain, and many other advanced technologies. We are on the mission of making Cyberworld safe for every organization, product, and individual. What we look for outside work parameters? Your expertise is your primary qualification, not your degree or certification. Strong leadership qualities, plan, monitor and manage activities for self and team. Passion to deliver the promised service. Motivated, self-starter individual with high level of integrity, intensity, and activity with a can-do attitude. Ability to understand Organization objectives and execute them accordingly. Disciplined process-oriented work style and ability to work independently You are a perfect technical fit if: Advanced knowledge of common penetration testing tools (Burp Suite, Metasploit, Wireshark, etc.).Proficient in reverse engineering tools (IDA Pro, Ghidra, Binary Ninja, etc.).Deep understanding of cloud-native security issues and technologies (containers, Kubernetes, serverless, etc.).Strong knowledge of application security principles, including OWASP Top 10, secure coding practices, and common vulnerabilities.Understanding of product security practices and secure software development life cycles. You Have All Our Desired Qualities, if: Minimum 5+ years of hands-on experience in penetration testing, security research, or related fields. Proven track record in performing complex security assessments on cloud environments (AWS, Azure, GCP), thick client applications, and enterprise systems. Experience with reverse engineering (static and dynamic analysis) of software and binaries. Expertise in threat modelling, risk assessment, and security design for software products. Extensive experience in vulnerability analysis and exploitation techniques across diverse platforms. Deep understanding of: Web application and API vulnerabilities (e.g., SQLi, XSS, IDOR) Mobile app security (reverse engineering, instrumentation) Network and infrastructure testing Cloud security misconfigurations and privilege escalation AI/LLM attack vectors (prompt injection, model extraction, data poisoning, etc.) Your everyday work will look like: Lead penetration tests on cloud infrastructures (AWS, Azure, GCP), thick client apps, and enterprise systems. Conduct security research and vulnerability assessments on cloud platforms. Collaborate with product teams and clients to create threat models, identifying risks, vulnerabilities, and attack vectors with clear, actionable insights. Reverse-engineer binaries, software, and applications to uncover vulnerabilities, develop exploits, and improve product security. Assess and advise on security throughout the product lifecycle, from design to deployment, ensuring robust security measures. Develop custom security tools and scripts to improve testing efficiency and address new vulnerabilities. Stay updated on emerging threats, attack techniques, and security trends, sharing insights with the team to maintain cutting-edge expertise. Certifications : Offensive Security Certified Professional (OSCP) or similar certifications such as CEH, CRTP, OSCE, or CISSP.Additional certifications or training in cloud security, reverse engineering, or product security are a plus. Soft Skills: Excellent communication skills to present findings and security concepts clearly to both technical and non-technical stakeholders.Strong problem-solving skills with the ability to think creatively and develop solutions to complex security challenges.Leadership capabilities to mentor and guide junior security consultants and researchers.Ability to work independently and manage multiple projects effectively under tight deadlines. Preferred Qualifications: Experience in developing custom security tools or exploits.Experience with threat hunting or advanced adversarial techniques.Familiarity with advanced attack frameworks like MITRE ATT&CK.

Role & responsibilities • Opensource/ SAST/ DAST/ Pentest - CVE Vulnerabilities remediation Nexus IQ, Snyk, Bright tool experience required. • Server vulnerabilities clean-up based on Tenable scan reports. • Tech risk remediation/ Exemption management • PAM/ DAP clean ups (Access Management related). • Work experience in security tools like Nexus IQ, Snyk, Bright tools and vulnerabilities fixes • Knowledge of Cyber Security, CVE or IT Risk management space • Experience with exemptions and Tech control remediation from start to finish • Experience working with vendor contacts and business partners. Preferred candidate profile: Job Title: Cyber Security and IT Risk Management Analyst Position: Senior Systems Engineer Experience: 7 10 Years Category: Software Development/ Engineering Shift: Rotational shift Main location: Bangalore/Chennai/ Hyderabad Employment Type: Full Time Education Qualification: Bachelors degree in computer science or related field or higher with minimum 3 years of relevant experience.

Perform security testing on applications using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools to identify vulnerabilities and recommend mitigations.