161 Dast Jobs - Page 6

Competencies: Strong knowledge of cloud platform security (AWS, Azure, GCP), including networking, Storage, Compute, IAM, data encryption, Identity management, Access management, AD, SSO, SAML and securing cloud-native services. Experience with security methodologies (e.g., SAST, SCA, DAST, penetration testing) and tools (Veracode, Qualys, Orca, Black Duck) Strong understanding of network security protocols (firewalls, intrusion detection/prevention systems) Experience automating and integrating security workflows using tools such as Terraform, Ansible, CloudFormation, Jenkins, or similar. Strong hands-on experience remediating code-based vulnerabilities and scripting/automating remediation scripts. Hands-on development experience in Java a strong plus. Experience configuring and using SIEM for security monitoring, log analysis, and threat detection. Strong communication and collaboration skills, especially in cross-functional teams. Ability to explain complex security concepts to technical and non-technical stakeholders. Strong analytical and problem-solving skills with the ability to act quickly in high-pressure situations. Leadership abilities to mentor junior engineers and advocate for security best practices. Requirements: Bachelors degree in computer science, Engineering, or a related field. 6+ years of experience in security engineering or a related field, with a focus on cloud security, vulnerability management, and automation. 4+ years of experience with public cloud platforms (AWS strongly preferred) and securing cloud-native and on-prem infrastructures. Minimum of 3 years of hands-on development experience in a common programming language. (Java strongly preferred). Flexibility to occasionally work US Pacific Standard Time (PST) hours as needed. Regards, Kajal Khatri Kajal@beanhr.com

Job Title: Application Security (AppSec) Experience: 10+ Years Location: Hyderabad Department: Information Security / DevSecOps Industry: Software / IT Services / Product Engineering Job Summary: We are seeking a seasoned Application Security Focal with 10+ years of experience to lead our application security initiatives across the SDLC. The AppSec Focal will act as the central point of contact between development, DevOps, and security teams to ensure secure design, development, and deployment of applications. This role demands deep technical expertise in secure coding practices, threat modelling, SAST/DAST tools, and secure CI/CD integration. Key Responsibilities: Security Leadership & Governance: Act as the single point of contact for all application security initiatives within the organization. Define, implement, and enforce secure coding standards and security architecture reviews. Establish and maintain secure SDLC practices in collaboration with engineering teams. Drive risk assessments and provide actionable security recommendations for applications. Collaborate with compliance teams to support audits (ISO 27001, SOC 2, HIPAA, etc.). Technical Responsibilities: Lead threat modelling, secure code reviews, and vulnerability assessments. Manage and optimize the use of AppSec tools: SAST (e.g., SonarQube, Checkmarx), DAST (e.g., OWASP ZAP, Burp Suite), SCA (e.g., Mend, Black Duck), and container scanning tools. Integrate security tools into CI/CD pipelines (e.g., Azure DevOps, GitLab CI/CD, Jenkins). Drive vulnerability triage and remediation with engineering teams. Analyze third-party components and APIs for security risks (open-source security management). Training & Awareness: Conduct secure coding workshops, OWASP Top 10 training, and awareness sessions. Build and maintain a knowledge base of secure development practices, checklists, and guidelines. Support incident response efforts in case of application-related security incidents. Required Skills & Experience: 10+ years of experience in application development and/or security engineering. Deep understanding of OWASP Top 10, CWE, CVE, and common attack vectors (XSS, SQLi, CSRF, etc.). Strong knowledge of application architectures (web, mobile, APIs, microservices). Hands-on experience with security tools (SAST, DAST, SCA, RASP, WAF, etc.). Proficiency in at least one programming language (Java, .NET, Python, Node.js, etc.). Familiarity with DevSecOps pipelines and security automation. Preferred Qualifications: Bachelor's/masters degree in computer science, Cybersecurity, or related field. Relevant certifications: CSSLP , OSWE , GWAPT , CISSP , or CEH Azure/AWS security certifications are a plus. Experience in Agile/DevOps environments and secure CI/CD implementation. Soft Skills: Excellent stakeholder communication, documentation, and leadership abilities. Ability to influence engineering teams and build a security-first mindset. Strong problem-solving and risk assessment skills. Reporting To: Head of Security / CISO / Enterprise Architect Work Mode: Hybrid / On-site / Remote

Technical Skills, Experince & Qualification Required :- Manual Pentesting of web application, infrastructure, mobile app Extensive knowledge in the areas of information system security Coding ability (at the very least Python) Recognized credential on a hacking platform: training (HTB, root-me, etc.) or bug bounty (synack, hackerone, etc.) Experience in relevant tools : Burp Suite or equivalent, network discovery, vulnerability scanner, OSINT, exploitation and post-exploitation on web app, OS, infra and mobile application, payload customization, virtualization. Deep knowledge in manual web application penetration testing and payload customization Expertise in at least one programming language Experience in working on Linux and Windows environment Cloud environment testing (AWS, Azure) Certifications Required : Offensive security : OSWE, OSCE, OSCP, OSWP, OSEE certification EC-Council certification (APT, LPT, not CEH) Government sponsored certification : CREST, PASSI PCI DSS certification ISO 27001 certification SANS or equivalent certification Immediate Joiners will be preferred

What We Are Looking For: Meltwaters collaborative Security Team needs a passionate Security Engineer to continue to advance Meltwaters security Working with a group of fun loving people who are genuinely excited and passionate about security, there will be more laughs than facepalms! If you believe that improving security is about constantly moving technology forward to be more secure, and shifting security tools and checks earlier in the development lifecycle, then youll feel at home on Meltwaters Security Team! At Meltwater we want to ensure that we can have autonomous, empowered and highly efficient teams Our Security Team charges head on into the challenge of ensuring our teams can maintain their autonomy without compromising the security of our systems, services and data Through enablement and collaboration with teams, Security Engineers ensure that our development and infrastructure practices have security defined, integrated and implemented in a common-sense manner that reduces risk for our business Security Engineers define best practices, build tools, implement security checks and controls together with the broader Engineering and IT teams to ensure that our employees and our customers' data stays safe. As part of this, we leverage AWS as a key component of our cloud infrastructure Security Engineers play a critical role in securing and optimizing AWS environments by implementing best practices, automating security controls, and collaborating with teams to ensure scalability, resilience, and compliance with industry standards. What Youll do: In this role, you will be designing and implementing security functions ranging from checks on IaC (Infrastructure as Code) to SAST/DAST scanners in our CI/CD pipelines You will be collaborating closely with almost every part of the Meltwater organization and help create security impact across all teams with strong support from the business. Collaborate closely with teams to help identify and implement frictionless security controls throughout the software development lifecycle Propose and implement solutions to enhance the overall cloud infrastructure and toolset. Perform ongoing security testing, including static (SAST), dynamic (DAST), and penetration testing, along with code reviews, vulnerability assessments, and regular security audits to identify risks, improve security, and develop mitigation strategies. Educate and share knowledge around secure coding practices Identify applicable industry best practices and consult with development teams on methods to continuously improve the risk posture. Build applications that improve our security posture and monitoring/alerting capabilities Implement and manage security technologies including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and security information and event management (SIEM) tools. Conduct vulnerability assessments, penetration testing, and regular security audits to identify risks and develop mitigation strategies. Monitor and respond to security incidents and alerts, performing root cause analysis and incident handling. Participate in incident response and disaster recovery planning, testing, and documentation. Manage identity and access management (IAM) solutions to enforce least privilege and role-based access controls (RBAC). Assist in the development of automated security workflows using scripting (Python, Bash, or similar). What You'll Bring: Strong collaboration skills with experience working cross functionally with a diverse group of stakeholders Strong communication skills with the ability to provide technical guidance to both technical and non-technical audiences Experience in implementing security controls early in the software development life cycle Knowledge of industry accepted security best practices/standards/policies such as NIST, OWASP, CIS, MITRE&ATT@CK Software developer experience in one or more of the following languages: JavaScript, Java, Kotlin or Python Experience in at least one public cloud provider, preferably AWS, with experience in security, infrastructure, and automation. Hands-on experience with SIEM platforms such as Splunk, QRadar, or similar. Proficiency in Linux operating system, network security, including firewalls, VPNs, IDS/IPS, and monitoring tools. Experience with vulnerability management tools (Snyk, Nessus, Dependabot) and penetration testing tools (Kali Linux, Metasploit). Experience in forensics and malware analysis. Self-motivated learner that continuously wants to share knowledge to improve others The ideal candidate is someone from a Software Development background with a passion for security If youre someone who understands the value of introducing security early in the software development lifecycle, and want to do so by enabling and empowering teams by building tools they WANT to use, we want to hear from you!

Job Statement: NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a clients needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. We are looking for a proven, high energy, results oriented GRC professional, where you will be a key advisor for our clients, analyzing business requirements to design and implement ideal security solutions for their needs. As an established GRC Professional, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security and compliance posture For attending the walk-in, please fill the form https://forms.gle/wLS8HtPyFZQKA4jf8 (Copy and paste in a browser) 1. SOC L3 Experience: 6+ years Skills: SIEM, IDS/IPS, EDR tools, log/packet analysis, TCP/IP, Linux/Windows, threat intelligence Tools: Splunk, QRadar, Crowdstrike, NetWitness Certifications (preferred): CISSP, CEH, CISM, GCIH 2. Offensive Security Specialist / Penetration Tester-L3 Experience: 6+ Skills: Web/API/Mobile Pentesting, Threat Modeling, Code Review, DAST, Cloud & Microservices security Tools: Burp Suite, Metasploit, Cobalt Strike, Nmap Languages: Python, Go, Java, JavaScript, C++ Certifications (preferred): OSCP, OSCE, OSWE, GPEN, CEH 3. GRC Security Consultant-L3 Experience: 8+ years Skills: Risk assessments, audits, ISO/NIST/PCI/GDPR frameworks, GRC tools, TPRM, vendor/client management Certifications: ISO 27001 LA/LI, CISSP, CISA, CIPP, CCSP, CCSK Note: Immediate to 30 days' notice preferred.

Job Summary : We're looking for a skilled .NET Developer with a strong background in Security Testing (DAST) to design, develop, and test secure web applications. The ideal candidate will have expertise in identifying and mitigating security vulnerabilities using DAST tools and techniques. Responsibilities : - Design, develop, and test secure web applications using .NET framework - Conduct Dynamic Application Security Testing (DAST) to identify security vulnerabilities - Analyze and mitigate security risks using DAST tools and techniques - Collaborate with cross-functional teams to ensure secure coding practices - Develop and maintain security testing frameworks and tools - Stay up-to-date with emerging security threats and trends - Participate in code reviews and ensure adherence to security best practices - Develop and deliver training programs on security testing and secure coding practices Requirements : - 5+ years of experience in .NET development with a focus on security testing (DAST) - Strong expertise in .NET framework, C#, (link unavailable), and related technologies - In-depth knowledge of DAST tools and techniques, such as OWASP ZAP, Burp Suite, and SQLMap - Experience with security testing frameworks and tools, such as NMap, Nessus, and OpenVAS - Strong understanding of web application security risks and vulnerabilities, such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF) - Excellent problem-solving skills and attention to detail - Strong communication and collaboration skills - Experience with Agile development methodologies and version control systems, such as Git Nice to Have : - Experience with cloud-based security testing tools and platforms, such as AWS Security Hub and Google Cloud Security Command Center - Knowledge of containerization and orchestration technologies, such as Docker and Kubernetes - Experience with DevOps practices and tools, such as Jenkins, Puppet, and Ansible - Certification in security testing or related field, such as OSCP, CEH, or CISSP What We Offer : - Competitive salary and benefits package - Opportunity to work with a talented team of professionals - Collaborative and dynamic work environment - Professional development and growth opportunities - Flexible working hours and remote work options

Job Summary : We're looking for a skilled .NET Developer with a strong background in Security Testing (DAST) to design, develop, and test secure web applications. The ideal candidate will have expertise in identifying and mitigating security vulnerabilities using DAST tools and techniques. Responsibilities : - Design, develop, and test secure web applications using .NET framework - Conduct Dynamic Application Security Testing (DAST) to identify security vulnerabilities - Analyze and mitigate security risks using DAST tools and techniques - Collaborate with cross-functional teams to ensure secure coding practices - Develop and maintain security testing frameworks and tools - Stay up-to-date with emerging security threats and trends - Participate in code reviews and ensure adherence to security best practices - Develop and deliver training programs on security testing and secure coding practices Requirements : - 5+ years of experience in .NET development with a focus on security testing (DAST) - Strong expertise in .NET framework, C#, (link unavailable), and related technologies - In-depth knowledge of DAST tools and techniques, such as OWASP ZAP, Burp Suite, and SQLMap - Experience with security testing frameworks and tools, such as NMap, Nessus, and OpenVAS - Strong understanding of web application security risks and vulnerabilities, such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF) - Excellent problem-solving skills and attention to detail - Strong communication and collaboration skills - Experience with Agile development methodologies and version control systems, such as Git Nice to Have : - Experience with cloud-based security testing tools and platforms, such as AWS Security Hub and Google Cloud Security Command Center - Knowledge of containerization and orchestration technologies, such as Docker and Kubernetes - Experience with DevOps practices and tools, such as Jenkins, Puppet, and Ansible - Certification in security testing or related field, such as OSCP, CEH, or CISSP What We Offer : - Competitive salary and benefits package - Opportunity to work with a talented team of professionals - Collaborative and dynamic work environment - Professional development and growth opportunities - Flexible working hours and remote work options

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience. Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModelingAbility to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify

5 - 7 years of experience in a DevSecOps, Application Security, or DevOps Security role. Strong working knowledge of: Extensive experience in GitHub Enterprise and related security capabilities, specially security tool integrations and automations CI/CD pipeline integration of security tooling. Cloud platforms (AWS, Azure, GCP) and hands-on experience with CSPM solutions. Working experience in Application security tools (SAST, DAST, SCA, IaC) Sound working experience in scripting and programming languages Experience collaborating with software engineers, cloud teams, and SREs in a security capacity. Good understanding of OWASP Top 10, secure coding practices, and DevOps lifecycle. Proficient in scripting (e.g., Python, Bash) and automation (e.g., GitHub Actions, Terraform, Ansible).

Implement security-as-code principles and automate security controls in CI/CD pipelines. Conduct secure code reviews and assist developers in adopting secure coding practices. Deploy and manage security tools such as SAST, DAST, SCA, IAST, and container security solutions.

We are looking for a skilled Cyber Testing Senior Associate 1 to join our team in Bengaluru. The ideal candidate will have between 5 and 10 years of experience in cyber testing, with expertise in manual and automated testing. Roles and Responsibility Perform security assessments, including static and dynamic application security testing. Conduct manual penetration testing on web applications, network devices, and other systems. Collaborate with clients in a fast-paced environment across various technology stacks and services. Develop, enhance, and interpret security standards and guidance. Demonstrate and promote security best practices, including secure development and cloud security. Assist with the development of remediation recommendations for identified findings. Identify and clearly articulate (written and verbal) findings to senior management and clients. Help identify improvement opportunities for assigned clients. Stay up-to-date with the latest security trends, technologies, and best practices. Work effectively within a team, fostering collaboration and open communication to deliver successful outcomes. Supervise and provide engagement management for other staff working on assigned engagements. Job Requirements Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent work experience. Expertise in web security, with extensive knowledge of vulnerabilities and the ability to identify and exploit them effectively. Minimum 5 years of experience in code review, application security testing, or web application development. Excellent written and verbal communication skills. Strong scripting skills, such as Python, Ruby, or Perl. Experience with cloud platforms, such as AWS, and knowledge of cloud security best practices. Familiarity with development technologies like Docker, CDK, Terraform, Java, Python, React, GraphQL, Javascript, JSON, REST, etc. Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices. Technical background in application development, networking/system administration, security testing, or related fields. Experience with both static application security testing (SAST) and dynamic application security testing (DAST) using various tools and techniques. Preferred but not required: one or more relevant certifications such as Offensive Security Web Assessor (OSWA), Offensive Security Web Expert (OSWE), Offensive Security Certified Professional (OSCP), Burp Suite Certified Practitioner, or AWS Certified Security Specialist. Additional Info The standard work hours for this role are from 3:30 PM to 11:00 PM IST, aligned with client requirements and deliverables.

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment ..Interested candidate can share resume to ankita.patari@happiestminds.com Work Location: Belapur, Navi Mumbai Experience: 11-15 Years General Shift who can join with 30 days notice period Skills: Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10,OWASP ZAP, Ethical Hacking, Static/dynamic testing of mobile applications, Vulnerability Mitigation Job Description: Project Management - Lead and manage the AppSec team consisting of L1 and L2 resources. Serve as the primary point of contact between the Bank and the team for all project-related activities. Monitor daily operations, ensure resource optimization, and address any issues that arise during the engagement. Application & Security Review - Oversee the review of application security including web, mobile, API, and other banking applications. Perform comprehensive reviews of Network Architecture, Source Code, VAPT reports, and configuration audits. Review deliverables from L1 and L2 resources, ensuring completeness and quality. Compliance and Risk Management Reporting Stakeholder Management B.Sc (IT/CS) / B.Tech in Computer Science, Information Technology, or related field. CISSP, CISA, CISM, CRISC 11-15 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. Thanks And Regards, Ankita Ghosh ankita.patari@happiestminds.com

Required skillset: Ability to handle security testing projects: Customer Interactions, Team monitoring. Able to derive security requirements Threat Model, TARA, SCA, SAST Able to drive the security standards in the applications like OWASP, SANS, CVSS, CWE, STRIDE, DREAD Good Technical Presentation skills, Team collaboration skills, training and mentoring must be preferred. Expertise in Tools like : Appscan, Fortify, Burpsuite, Kali Linux, Postman Expertise in REST API Penetration testing Handson experience in Embedded Device Security Testing with expertise in Secure Boot, Firmware Analysis, CAN/UDS/USB/JTAG interface security testing Expertise in implementing and executing the Cyber Security Solutions and Penetration Testing for Network and Embedded devices. Hands-on Experience in AWS/Azure Good Technical Presentation skills and Team collaboration skills must be preferred. Security Certifications like CEH, ECSA or equivalent. Role & responsibilities Preferred candidate profile

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModelingAbility to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools. Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify

Role & responsibilities Ensure compliance with DevSecOps SLA's. Implement secure development practices : Conduct security design/architecture reviews, threat modeling, and secure code reviews. Manage secure application environments : Understand deployment baselines and exception handling. Improve service reliability through automation and tools. Perform security assessments : Both manual and automated. Triage and track defects with development teams. Liaise between development and infrastructure teams for integrated processes. Analyze and monitor emerging and existing application security threats. Track threat actors and their TTPs impacting the client.

Job Title: Application Security Engineer SAST & DAST Experience Required: 3 to 8 Years Location: Hyderabad / Bangalore / Chennai / Mumbai / Pune / Kolkata / Gurgaon Mode of Interview: MS Teams (12 rounds) Notice Period: 0 to 30 Days Job Overview: We are looking for an experienced Application Security Engineer specializing in SAST & DAST to join our growing team. The ideal candidate will be responsible for integrating security throughout the software development lifecycle (SDLC), implementing and managing security tools, and driving security best practices across the organization. Key Responsibilities: Implement and manage application security testing activities throughout the development, deployment, and maintenance phases. Perform Static Application Security Testing (SAST) using tools like Checkmarx and Fortify . Execute and manage Dynamic Application Security Testing (DAST) tools such as AppScan and WebInspect . Conduct secure code reviews in languages including Java, .NET, Swift, Objective-C . Integrate security tools in DevOps pipelines and CI/CD environments (e.g., Jenkins, TeamCity, Bamboo, Chef, Puppet). Apply OWASP Top 10 , SANS Secure Coding Practices , and Security Engineering Principles during development and assessment. Analyze, triage, and report vulnerabilities using CVSS scoring and determine business impact. Perform penetration testing for web, mobile, and desktop applications. Implement mobile security testing techniques, including bypassing SSL pinning , root detection , reverse engineering , and manifest analysis . Work with containerized environments such as Docker and Kubernetes . Utilize at least one scripting language (e.g., Python, Bash, PowerShell) for automation or security tooling. Required Skills & Experience: Strong experience with SAST and DAST tools (Checkmarx, Fortify, AppScan, WebInspect) Familiarity with OWASP Top 10 , secure coding practices, and vulnerability remediation Proficient in secure code review for Java, .NET, Swift, Objective-C Solid understanding of DevSecOps practices and security toolchain integration Hands-on experience with CI/CD tools (Jenkins, TeamCity, Bamboo, etc.) Experience with container security in Docker/Kubernetes environments Knowledge of CVSS scoring and vulnerability risk assessment Understanding of mobile application security techniques and concepts Experience with scripting in Python, Bash, or equivalent Preferred Qualifications: Security certifications (e.g., CEH, OSCP, GWEB, GWAPT, Security+ ) Exposure to cloud environments (AWS, Azure, GCP) from a security standpoint Familiarity with automated testing tools like Selenium Experience working in Agile and DevOps environments Interested Candidates can share your updated resume to subashini.gopalan@kiya.ai

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & Responsibilities : - Working closely with the CTO and members of technical staff to meet deadlines. - Working with an agile team to setup and configure GitOps (CI/CD) based pipelines on GitLab - Create and deploy Edge AIoT pipelines using AWS Greengrass or Azure IoT - Design and develop secure cloud system architectures in accordance with enterprise standards - Package and automate deployment of releases using Helm charts - Analyze and optimize resource consumption of deployments - Integrate with Prometheus, Grafana, Kibana etc. for application monitoring - Adhering to best practices to deliver secure and robust solutions Requirements : - Experience with Kubernetes and AWS - Knowledge of cloud architecture concepts (IaaS, PaaS, SaaS) - Knowledge of Docker and Linux bash scripting - Strong desire to expand knowledge in modern cloud architectures - Knowledge of System Security Concepts (SAST, DAST, Penetration Testing, Vulnerability analysis) - Familiarity with version control concepts (Git) Apply Insights Follow-up Save this job for future reference Did you find something suspiciousReport Here! Hide This Job Click here to hide this job for you. You can also choose to hide all the jobs from the recruiter.

Company Overview: At Toast, we are committed to creating innovative solutions that enhance security and leverage the power of artificial intelligence to drive restaurant business growth and help them thrive. We are seeking a highly skilled and versatile engineer who specializes in application security to join our dynamic team. Job Summary: The Senior Application Security Engineer will be responsible for designing, implementing, and maintaining secure applications and collaborate closely with development teams to embed security best practices throughout the software development lifecycle (SDLC). This role requires a deep understanding of security principles, cloud architecture, and AI technologies to ensure our systems are robust, scalable, and secure. Key Responsibilities: Application Security: Conduct security assessments and code reviews to identify and mitigate vulnerabilities in web, mobile applications and APIs. Identify, analyze, and prioritize security risks and vulnerabilities. Implement and manage security protocols and measures to protect applications from threats. Develop and maintain security tools and frameworks to support secure software development. Develop and execute security testing strategies to validate the effectiveness of security controls. Promote and enforce security best practices throughout the SDLC. Provide guidance on secure coding principles, secure design patterns, and cryptographic techniques. General Security Practices: Stay current with the latest security threats, vulnerabilities, and technology trends. Develop and deliver security training and awareness programs for engineering teams. Work closely with cross-functional teams to embed security best practices throughout the development lifecycle. Required Skills and Qualifications: Education: Bachelors or Master’s degree in Computer Science, Engineering, Information Security, or a related field. Experience: Minimum of 5 years of experience in application security domain Proven experience with secure software development practices and tools (e.g., SCA, SAST, DAST). Proven experience with pentesting of web applications, mobile applications (Android and IOS) and APIs (REST and GraphQL) Technical Skills: Strong programming skills in languages such as Python, Java, Kotlin, C++, or similar. Deep understanding of security principles, cryptography, and secure coding practices. Familiarity with DevSecOps practices and CI/CD pipelines. Knowledge of containerization technologies (e.g., Docker, Kubernetes) and their security implications. Experience with AI security testing tools and techniques. Soft Skills: Excellent problem-solving and analytical skills. Strong communication and collaboration abilities. Ability to work independently and as part of a team in a fast-paced environment. Preferred Qualifications: Relevant security certifications such as CISSP, CEH, or similar. Knowledge of frameworks such as OWASP, SANS. Knowledge of compliance frameworks such as PCI, ISO, GDPR, or similar. Benefits : Competitive salary and performance-based bonuses. Flexible working hours and remote work options. Comprehensive health insurance and wellness programs. Professional development opportunities and continuous learning. Collaborative and inclusive company culture.

locationsBangalore RMZ-ECO WORLDposted onPosted Yesterday time left to applyEnd DateJune 14, 2025 (28 days left to apply) job requisition idR177746 , India Job Family Group: Information Technology (IT) Worker Type: Regular Posting Start Date: May 15, 2025 Business unit: Projects and Technology Experience Level Experienced Professionals About The Role Whats the role As a Cyber Threat Prevention Advisor in the CyberDefence SecOps team, you'll join the Vulnerability team to manage and oversee vulnerability processes, ensuring they are trackable and measurable with robust tool support. Your team will lead the implementation of these processes within ServiceNow Security Operations (SecOps), establishing standard workflows and integrating them with IT service management processes executed by Line of Defence 1 within IRM. This role leverages market-standard tools and practices to streamline the architecture by reducing dependency on Collective. What youll be doing Asset Discovery: Set-up and lead adequate discovery of new Shell IT assets in Shell's legacy IT network, RES & Portfolio companies, Cloud environments and PCD and Retail environments. Ensure visibility in new areas such as Internet of Things and Cloud and investigate possibilities to keep track of IT assets. Automated Vulnerability Scanning: Maintain a portfolio of tools for automated vulnerability scanning with a focus on Business-Critical systems and systems that are available from the public Internet. Set-up regular scanning and make results available for further analytics in IRM investigation platform. Take appropriate action on vulnerabilities where required. Security Posture Reporting: Use the results from asset discovery, vulnerability scanning, penetration testing and attack simulation to provide an overview of vulnerabilities in Shell IT landscapes for different stakeholders including IRM LT and IDSO LT. Create specific reports for Business, Business Critical applications, IDSO service lines, External perimeters etc. Act as a Subject Matter Expert on implications of a vulnerability in an IT system and establishing the priority of applying security patches. Help creating prioritized overviews of Cyber vulnerabilities and putting these in a context of IT services and Business applications. Take mitigating actions coming out of identified threats or vulnerabilities either directly by the team or agree the actions with other parties in Shell. What you bring Bachelors degree in Computer Science, Information Technology, or related field 5-8 years of total experience in IT Security including at least 3-4 years of experience in Vulnerability Assessment Proficient in analysing network traffic using tools such as tcpdump or wireshark Strong experience in using open-source scanning tools such as nmap, nessus, metasploit and/or commercial tools such as Rapid7 or Qualys Knowledge in integrating Vulnerability Management into modern CI/CD Pipelines with 'shift-left' strategy Understanding of Network Security, Cloud Security, Endpoint Security, Application Security Understanding Cyber Threat Landscape and analyzing Threats from various sources. Assess new threats, rate threat per Shell ratings and collaborate with Threat team on new threat criticality Understanding of CVE id / CVSS score and metrics Familiar with application of Cybersecurity Benchmarks, NIST controls, PCI controls Lead security research proposals and Proof Of Concepts for Emerging Technologies and assessing Fit-For-Purpose Tools. Understanding of Cloud Security Posture Management (CSPM) Expertise in operating Application security tools like Rapid7 Appspider, Netsparker Knowledge on CI/CD pipeline able to understand the integration of security tools and guide the developers Understanding of Application security design and providing guidance to developers on secure design. Good understating of SAST/DAST concepts and process Knowledge of Mobile DAST scanning and vulnerabilities and remediation consultation Knowledge of Splunk, SecOps VR, basic querying and creating dashboards Additional Skills (Good to have): PCI-DSS Compliance Scan. SecOps VR Module in ServiceNow. Linux environment experience. Azure/AWS Cloud Console. Wiz.io tool knowledge. Advanced Splunk skills. What we offer You bring your skills and experience to Shell and in return you work with talented, committed people on one of the most important challenges facing our planet. Youll have the opportunity to develop the skills you need to grow in an environment where we value honesty, integrity, and respect for one another. Youll be able to balance your priorities as you become the best version of yourself. Progress as a person as we work on the energy transition together. Continuously grow the transferable skills you need to get ahead. Work at the forefront of technology, trends, and practices. Collaborate with experienced colleagues with unique expertise. Achieve your balance in a values-led culture that encourages you to be the best version of yourself. Benefit from flexible working hours, and the possibility of remote/mobile working. Perform at your best with a competitive starting salary and annual performance related salary increase our pay and benefits packages are considered to be among the best in the world. Take advantage of paid parental leave, including for non-birthing parents. Join an organisation working to become one of the most diverse and inclusive in the world. We strongly encourage applicants of all genders, ages, ethnicities, cultures, abilities, sexual orientation, and life experiences to apply. Grow as you progress through diverse career opportunities in national and international teams. Gain access to a wide range of training and development programmes. We'd like you to know that Shell has a > click here . - Shell in India Shell is a diversified energy company in India with 13,000 employees, and presence in Integrated Gas, Downstream, Power, Renewable and Upstream. Additionally, we have deep capabilities in R&D, digitalisation, and business operations. Our global strategy, Powering Progress, is designed to generate value for our shareholders, customers, and the wider society, and focuses on creating more value with less emissions. The strategy supports our purpose of providing more and cleaner energy solutions, with the aim of profitably transforming Shell into a net-zero emissions energy business by 2050. As India moves towards its target of net-zero emissions by 2070, Shell India aims to play a leading role in securing vital energy for today, while investing in, and helping to build, the energy system of the future through strategic investments in the country. Our Lubricants business serves over 50,000 consumers through a strong network of over 200 distributors, and operates an end-to-end value chain that spans conceptualization, development, and production at a world-class blending plant at Taloja. Through our 350-plus retail stations, we offer an integrated mobility experience including fuels, cafes, and convenience stores, with a prominent network of EV recharging facilities. Shell owns and operates a LNG re-gasification terminal at Hazira, Surat, with a capacity of 5 MTPA and a LNG truck-loading unit that plays a crucial role in helping meet Indias growing demand for gas across sectors. In 2022, Shell acquired Sprng Energy in a $1.55 billion deal to build an integrated energy transition business in the country. Sprng is a leading renewable energy company in India which develops and manages solar, wind, and hybrid power generation facilities and infrastructure. Our three capability centres across Bangalore and Chennai serve as a technology and innovation powerhouse for Shell globally, working as a delivery engine for core technical, digital, and finance processespioneering digital innovation and cutting-edge technologies across the energy sector. We also have strong academic partnerships and collaborations with leading universities and technology institutes to accelerate decarbonization efforts within the energy sector. We are committed to positively contributing to the communities in which we operate through programmes on STEM Education, Skilling, and Livelihood across India. We nurture and invest in startups developing initiatives focused on accelerating energy innovation through programs such as Shell E4 and Shell Eco-marathon. We also have strategic investments in new energy companies such as Husk Power, d.light, Orb Energy, and Cleantech Solar. DISCLAIMER: Please noteWe occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date. Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Shell/Shell Group companies around the world. The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand. Shell is an Equal Opportunity Employer.

Experience - 4 - 8 years Location - Hyderabad You are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following: Understand and be compliant with the Service Level Agreements defined for the DevSecOps services; Understand and deep knowledge of application security engineering principles, and helping clients development team and function to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations; Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service; Perform manual and automated security assessment of the applications; Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets; Be a liaison between the Application development and infrastructure team, and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying, researching and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and Performing active monitoring and tracking of application related threat actors and tactics, techniques and procedures (TTPs), that could likely cause an impact to client organization

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Shift-timings: 12 PM to 9 PM

•Strong knowledge on manual secure code review against common programming languages (Java, C#) •Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. •Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs •Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. •Preferred one year of experience in development of web applications and/or APIs. •should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. •One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). JOB DESCRIPTIONS 2 •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following a plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •

About Product Security Engineer at Traveloka will be required to ensure that our products and services are shipped with high security standards through application security testing, hardening, and secure framework. A Product Security Engineer will be smart and self starter. The person needs to find unique ways to understand complex software architecture and should be able to perform manual security code review. They need to be able to integrate security in the software development process with defense-in-depth strategies such as automated testing in CI/CD pipeline. A Product Security Engineer preferably needs to have a software development background and should have practical programming knowledge. They will work very closely with our Software Engineering Team to implement Secure SDLC in Traveloka. They will also need to have proficiency in handling multiple projects based on different frameworks and groups. Responsibilities Carry out manual and automated review of source code to identify security vulnerabilities and risks Implement automated security testing tools (SAST, DAST, IAST) and their deployment within continuous integration systems Implement hardening and secure framework such as RASP, WAF, safe library, and security decorator functions Perform vulnerability assessment & penetration testing on web API, front-end service, internal RPC, and mobile application Attend design reviews and actively lead the discussions from a security standpoint Analyze possible security incident related to application security such as payment abuse or sensitive data exposure via web API Ensure that product security requirements are identified early on and are being baked into all projects Provide effective recommendations or patches to mitigate security vulnerabilities Develop in-house tools to integrate with SDLC and to track and derive security metrics Skills & Experience Academic background in Computer Science or equivalent Relevant professional experience or extensive experience in security activities (e.g. CTF, bug bounty, security research, publications, blog) Practical knowledge of modern software development such as microservices, application containerization, REST architecture, object oriented programming, stateless/stateful authentication, and cloud platform Working knowledge of one or more of these programming languages: Java, JavaScript, Kotlin, C#, Objective-C, Swift Experience in security code review, vulnerability assessment, and penetration testing. Knowledge of common vulnerabilities such as OWASP Top 10 and CWE including business logic issue (e.g. IDOR) Core skill set in two or more of the following areas: JavaScript framework (e.g. React) Java framework (e.g. Spring) Android / iOS platform DevOps AWS Automation tool development Dynamic debugging Unit testing Algorithm & data structure If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

We are hiring for Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 2 to 5 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2 to 4 Years Primary Skills : SAST, Penetration testing , Vulnerability Assessment Responsibility: Static Code analysis, Static/dynamic testing of mobile applications,Vulnerability Assessment,Penetration Testing Thanks And Regards, Ankita P Ghosh ankita.patari@happiestminds.com