161 Dast Jobs - Page 7

We seek a Desecvops Engineer, Expert Level who shares our passion for innovation and change. This role is critical to helping our business partners evolve and adapt to consumers' personalized expectations in this new technological era. What will help you succeed: In the position of DevSecOps Engineer, you will join the DevSecOps Enablement product line and will be part of the quality,security and complaince team.The job is part of a small, but quickly growing and highly agile team of Global IT who are focused on supporting our devops team delivering applications and products with quality and secuirity. This platform is built toolachian which integrate well with development life cycle. As a DevSecOps Engineer, you will: Expertise in DevSecOps Expertise in SCA, SAST and DAST tools Expertise in threat modeling Expertise in container scanning tools Expertise Vulnerability scanning and management Expertise in automation of day to day security operations Be a hands-on technical leader on toolchain and work closely with architects, product owners, and teams across sites to drive toolchain forward with high quality, scalable and maintainable components, and delivering excellence on schedule. Provide technical leadership through coaching and mentoring other team members. Dedication to SAFe/ Lean practices and scalable architecture, including experience building adaptable roadmaps and evolving stakeholders requirements. Willing to learn and adapt new tools and technologies. Educate and train team and Devops teams on quality and security best practices. Technical Skills: Experience in quality scanning tools like SonarQube Experience in security scanning tools like Mend Experience in GHAS and GitLab SAST/DAST Experience in DevOps tools like GitHub and GitLab Experience in Snek and VeraCode etc Experience in scripting languages like Python, Powershell etc Job-related Experience Bachelor of Science in Computer Science or a related field Five or more yearswork experience as a Quality and Security Engineer or related position Extensive knowledge of operating system and database security In-depth knowledge of security protocols and principles Critical thinking skills and ability to solve complex problems Furthermore, you bring: Very good interpersonal skills, a team player attitude and mindset, and you like bringing others up to speed on technology Ability to take ownership and be effective with limited supervision Strong organizational skills and ability to prioritize and manage multiple projects simultaneously In-depth understanding of Quality, Security and compliance This job can be filled in Pune, Hyderabad, Bangalore, Indore #LI-Hybrid

Description: Work with multiple medical customers in the areas of - - Threat modelling, security requirements and architecture - Drive security lifecycle for multiple customer projects - Drive pen testing requirements across projects - Take part in customer discussions for new business development activities - Setup security practice for MedTech in India Requirements: - Must have 15+ years of experience in cyber security areas - Must be efficient in medical domain security - Must have experience with medical device security: threat modelling, pen testing, SAST, DAST - Must be hands on with pen testing of medical devices, application and cloud Job Responsibilities: Work with multiple medical customers in the areas of - - Threat modelling, security requirements and architecture - Drive security lifecycle for multiple customer projects - Drive pen testing requirements across projects - Take part in customer discussions for new business development activities - Setup security practice for MedTech in India What We Offer: Exciting Projects: We focus on industries like High-Tech, communication, media, healthcare, retail and telecom. Our customer list is full of fantastic global brands and leaders who love what we build for them. Collaborative Environment: You Can expand your skills by collaborating with a diverse team of highly talented people in an open, laidback environment — or even abroad in one of our global centers or client facilities! Work-Life Balance: GlobalLogic prioritizes work-life balance, which is why we offer flexible work schedules, opportunities to work from home, and paid time off and holidays. Professional Development: Our dedicated Learning & Development team regularly organizes Communication skills training(GL Vantage, Toast Master),Stress Management program, professional certifications, and technical and soft skill trainings. Excellent Benefits: We provide our employees with competitive salaries, family medical insurance, Group Term Life Insurance, Group Personal Accident Insurance , NPS(National Pension Scheme ), Periodic health awareness program, extended maternity leave, annual performance bonuses, and referral bonuses. Fun Perks: We want you to love where you work, which is why we host sports events, cultural activities, offer food on subsidies rates, Corporate parties. Our vibrant offices also include dedicated GL Zones, rooftop decks and GL Club where you can drink coffee or tea with your colleagues over a game of table and offer discounts for popular stores and restaurants!

Job Title: Security Tester/Security Test Engineer Location: Chennai/Hyderabad Mode: Hybrid Notice Period: Immediate/Currently Serving 6+ years of experience only (relevancy) Role Summary: This job is responsible for assisting in application security testing, including source code review, automating application security testing process and developing application security solutions to influence organizational efficiency and security. Assists in evaluating security risk assessments and presenting security information to workforce and management. Serves as a resource to the workforce regarding security-based questions and problems. ESSENTIAL RESPONSIBILITIES SAST & DAST Level 1 scan SAST & DAST Level 2 scans after getting approval/certification. Triaging of scan findings Document identified vulnerabilities from scans and review with application teams. Participate in peer reviews. Assist with API Security testing. Pull and complete non-testing related stories from the team backlog (Update documentation, complete research, POCs, process improvement items, documentation of automation components etc...) Collecting security requirements. Educational Qualification Any Degree Must Have 7 - 10 years of experience in Application Security testing Proficiency with Web application and API security testing process. Deep knowledge of Web technologies (i.e How web application works, Authentication, Authorization, HTTP Response & HTTP Request). Thorough understanding of SAST & DAST process. Experience in Burp suite/Acunetix/ Sonarqube or any other security testing tools. Proficiency in Vulnerability reporting process and Remediation process. Ability to handle meetings with Development team to share and explain about vulnerabilities and its remediations. Good to Have: Development experience using Java technologies. Knowledge of GIT, Eclipse, and experience in working with Agile methodology. Good written and verbal communication along with logical thinking and problem-solving abilities Ability to learn new things quickly. Always keen to learn about latest security risk. Any Certifications - Added Advantage

Dear Candidate, We are hiring a Penetration Tester to simulate attacks and discover security vulnerabilities in critical systems. Perfect for professionals skilled in offensive security techniques. Key Responsibilities: Conduct penetration tests on web, mobile, and network systems Document vulnerabilities and remediation recommendations Develop exploits and custom testing tools Collaborate with developers to address findings Required Skills & Qualifications: Proficiency with penetration testing tools (Burp Suite, Metasploit, Nmap) Strong understanding of application and network security Experience writing exploit scripts (Python, Bash) Bonus: OSCP, OSWE, or CEH certification Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Dear Candidate, We are hiring a Security Engineer to design and implement secure systems across cloud and application environments. Ideal for engineers excited about threat modeling and proactive defense. Key Responsibilities: Perform security assessments and code reviews Develop security policies and incident response procedures Implement security controls in cloud and on-prem environments Monitor for vulnerabilities and recommend mitigation Required Skills & Qualifications: Knowledge of OWASP Top 10, secure coding practices Experience with SIEM, IDS/IPS, and vulnerability scanners Familiarity with cloud security (AWS, Azure, GCP) Bonus: Certifications (CISSP, CEH, OSCP) Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Essential duties & responsibilities: Analyze and recommend improvements to network, system, and application architectures to enhance security. Research, design, and implement cybersecurity solutions that protect the organization’s systems and products. Collaborate with DevOps, Platform Engineering and Architecture teams to ensure security is embedded in the design and development of applications and systems. Actively participate in the change management process ensuring security considerations are prioritized in system upgrades and modifications. Design and deploy automated security controls to improve efficiency in risk identification, configuration management, and security assessments. Develop and refine security policies to address cloud security misconfigurations, leveraging cloud-native security technologies. Implement logging and monitoring solutions for cloud environments to enhance SOC team capabilities in detecting and responding to security incidents. Assess and review emerging technologies to identify potential security risks and implement mitigation strategies. Design and deploy innovative security technologies to address evolving security challenges. Conduct vulnerability scanning, anomaly detection, and risk assessment to enhance the security posture. Work closely with security architects to develop and deploy security solutions that address cloud-specific risks. Take ownership of security posture improvements, ensuring strict security policies and controls align with business objectives. Research and stay up to date on emerging security threats and provide strategic recommendations to strengthen security defenses. Qualification & Experience: Hands-on experience with implementing security controls, including Database security, Web content filtering, Anomaly detection & response, Vulnerability scanning & management Proficiency in at least one scripting language (e.g., Perl, Python, PowerShell, Bash) for automation and security tooling. Expertise in at least one of the following security domains: Network security (e.g., IDS/IPS, firewall hardening) , Cloud-native security (e.g., IAM, security groups, encryption), Endpoint security (e.g., EDR/XDR, mobile security) , Application security (e.g., SAST, DAST, API security) Strong familiarity with industry security frameworks and regulations, including: NIST Cybersecurity Framework (CSF), CIS Controls, HIPAA, GDPR compliance Ability to assess compliance requirements and implement security controls to ensure adherence. Strong problem-solving and analytical skills, with the ability to assess complex security risks and develop mitigation strategies. Excellent communication and interpersonal skills, with the ability to engage both technical and non-technical stakeholders. Proven ability to work independently, manage projects, and contribute as an integral part of a high-performing security team

ANZEN Technologies Private Limited stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. 1. Web Application Security Assessment 2. Mobile Application Security Assessment 3. API Security Assessment 4. Network Vulnerability Assessment & Penetration Testing 5. Understanding vulnerabilities in depth, along with mitigating them - Experience: 2-4 years - Relevant certifications are an advantage - Notice Period: 30 days - Job Location: Navi Mumbai - Work Mode: Work from Office We are looking for immediate Joiner Only

About the Opportunity Job TypePermanent Application Deadline31 May 2025 About The Role Title Technical Analyst Application Security Department Global Cyber & Information Security Location Bengaluru, India Reports To Senior Technical Consultant - Application Security Level Security Analyst -2 Were proud to have been helping our clients build better financial futures for over 50 years. How have we achieved this? By working together - and supporting each other - all over the world. So, join our GCIS - Application Security team and feel like youre part of something bigger. Department / Team Description The Global Cyber & Information Security (GCIS) department is a part of the Global Technology department. The Technology function globally provides IT services to the Fidelity International business. These include development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Applications, and Infrastructure services that the FIL relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation. About role As Technical Analyst, one would be responsible to understand technical and architectural implementation. Use this understanding to conduct the Design, Code review and Penetration Testing. The role will involve working closely with development groups to securely design, develop and implement services and components. This role demands interaction with development groups, Enterprise Architecture, Information Security Officer (ISO) and vendors. Aim is to ensure applications are compliant with FIL Information Security Standards. The successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology, implementation, adoption and problem solving. The candidate shall display good interpersonal skills and show confidence and ability to interact professionally with people at all levels. Key Responsibilities Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Requirements review, Code Review, Software Composition Analysis, Penetration testing (Ethical Hacking), Vendor Risk Assessment. Liaise with Developers, Architects, Project Managers and Vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed. Understand the business requirements, evaluate potential products / solutions and provide technical recommendations. Be hands on with technology and to contribute to the design, development and support of projects with the Security recommendations. Review design and development artefacts to ensure security quality in the products being developed. Evolve security review processes in accordance with Information Security Standards and market best practices. Protect Fidelity information assets by promoting the understanding and acceptance of Information Security Policy and Standards. Experience and Qualifications Required Must Have 2-3 years of conducting application security assessments i.e. Code Review and Penetration testing (Ethical Hacking) and Vendor Risk Assessment. Knowledge of attack vectors from OWASP, WASC and mitigation of the same, open-source software security assessment tools. Knowledge of web technologies (Java/J2EE/Struts/ .NET / PHP / Java Script etc.). Good understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols Working knowledge of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) Working knowledge of executing source code analysers to unearth security vulnerabilities in the source code Run and analyse security Penetration testing and pinpoint security issues and suggest mitigations. Capable of understanding end user requirements from security perspective Sound business and technical acumen Good to Have Excellent problem-solving and critical-thinking skills Understanding of emerging technologies and corresponding security threats Self-motivated, flexible, with a can do attitude. Feel rewarded For starters, well offer you a comprehensive benefits package. Well value your wellbeing and support your development. And well be as flexible as we can about where and when you work finding a balance that works for all of us. Its all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.

Role & responsibilities Job Title: Senior Lead Engineer - Product Cyber Security Years Of Experience: 8-12 Years Role Overview: The Security Sr Lead Engineer/Tech Specialist works with product development teams across all regions globally to ensure commitment to the cyber security strategy of minimizing flaws and improving product resiliency to cyber-attacks by ensuring adherence to the integrated secure development lifecycle process, which embodies a secure-by-design defense in depth philosophy. You will be a strong technical expert in matters related to pentesting and cyber controls and will report to a team manager responsible for product architecture review and testing. This role is part of the Product Cyber team (under the Global DT Cyber team) which focuses on continuously improving the cyber posture of products that are often installed in customer's environments. On a typical day you will: Perform DAST, SAST & Pentest for different products Perform Threat Modeling and Architecture reviews for new products and design changes with existing products Handle Product Cyber Incident Response activities and Active contribution to Risk Management Work with product development teams towards secure DevOps activities and CI/CD integration issues with Security tools Work with product development teams and carry out functional cyber risk assessments to support their cyber requirements throughout the entire development cycle. Coordinate with quality and product development teams to periodically update cyber security design policies and ensure that these policies are incorporated into product design, with requirements for traceability and system validation and verification. Interface with global teams and share best practices and lessons learned Refine and support the standard work associated with product cyber security incident response management Work closely with the product testing teams to validate recommended security controls Continually enhance the capabilities of the Cyber security team: Identification of technology and methodology gaps Participation and leading technical and industry committees Creation of discipline health score card. Work in an environment of continuous improvement and lean process and product development. good to have knowledge in Agile methodologies. Stay updated on latest cyber security hacking news, technologies and methodologies including: The latest attack methodologies include penetration testing and red-team methodologies. Latest forensic and incident response methodologies. Attend security or hacker conferences and stay on the cutting edge What You Will Need to be Successful: Bachelor of Science/Engineering in cyber security, computer science or a related engineering discipline 8+ years of product cyber security engineering and software systems development experience; at least 4 years hands-on experience with penetration testing methodologies and tools. In depth knowledge of IEC 62443 and related cybersecurity standards. In-depth knowledge of requirements captures, cyber security threat modeling and systematic discovery of threats, as part of Secure Development Lifecycle, with broad understanding of potential vulnerabilities at different layers of hierarchical systems Cyber security certifications such as OSCP, GSEC, CEH Knowledge of state-of-the-art security analysis tools and various product cyber security safeguards. These include threat modeling, source code analysis, dynamic analysis, penetration testing and audit/compliance tools Excellent written and verbal communication and presentation skills. Adept at communicating with globally disperse cross functional teams. (Preferred) Strong knowledge in various cryptographic systems and requirements for authentication, authorization and encryption for various types of systems (Preferred) Intimate knowledge and experience with incident response management and risk assessment Preferred candidate profile

Role & responsibilities Conduct regular security assessments (SAST/SCA/DAST) utilizing both automated and manual methods to identify security vulnerabilities Responsible for assessing the risk of the found vulnerabilities as per Broadridge Security Standards and documenting them with proper proof of concepts, as necessary Perform security design and architectural reviews for new and existing applications to ensure they meet security standards and best practices. Collaborate with technical teams and business stakeholders to provide expert advice on vulnerability remediation strategies and best practices. Assess risks reported in the vulnerability assessment results and other security related data, and prioritize remediation actions Integrate security practices into the CI/CD pipeline to identify and address vulnerabilities early in the development cycle and maintain the tooling in the CICD pipeline Conduct regular security group reviews. Identify and implement automation opportunities within security testing and review processes to enhance efficiency and effectiveness. Awareness of working and adapting to Agile environment Preferred candidate profile A bachelors or higher degree in Computer Science, Computer Engineering, or similar discipline. Minimum 6 years of hands-on experience in application security and 2 years in DevSecOps, and extensive knowledge in any one of the object-oriented programming languages. Strong Information Security technical skills and knowledge to identify, research and understand security control gaps and program compliance issues Strong web application security experience with thorough understanding of web application vulnerabilities and secure coding practices Demonstrated experience in performing threat modeling, security architecture review, and vulnerability assessment on applications and infrastructure Deep understanding of OWASP methodologies for web, API, mobile, CI/CD, and LLM. Knowledge in Cloud(AWS, Azure) Architecture Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI) and their integration with security tools. Understanding of Security Policies, Procedures, Audit, and Compliance requirements Skills in Terraform/Chef/Python/Perl/Ruby is desired Superior ability to effectively communicate security concepts, threats, controls, and mitigation/remediation to application teams and audiences not familiar with such topics Soft Skills: Excellent communication and presentation skills Ability to work collaboratively and build consensus is essential Ability to manage multiple priorities effectively. Strong analytical and problem-solving skills with attention to detail. Willingness and capability to self-learn Good to Have: Experience in conducting infrastructure vulnerability scans, analysis of scan results, and vulnerability triage. Experience in assessing and enhancing security of cloud-based environments and services. Experience in AWS security involving tools and process Experience in container/Kubernetes security Active participation in the security communities and groups Demonstrated commitment to staying up to date with emerging security threats and technologies. Hold at least one applicable industry certification; CEH, CISSP, OSCP, CISM, Cloud Security etc.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.