170 Dast Jobs - Page 7

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Roles & Responsibilities : - Working closely with the CTO and members of technical staff to meet deadlines. - Working with an agile team to setup and configure GitOps (CI/CD) based pipelines on GitLab - Create and deploy Edge AIoT pipelines using AWS Greengrass or Azure IoT - Design and develop secure cloud system architectures in accordance with enterprise standards - Package and automate deployment of releases using Helm charts - Analyze and optimize resource consumption of deployments - Integrate with Prometheus, Grafana, Kibana etc. for application monitoring - Adhering to best practices to deliver secure and robust solutions Requirements : - Experience with Kubernetes and AWS - Knowledge of cloud architecture concepts (IaaS, PaaS, SaaS) - Knowledge of Docker and Linux bash scripting - Strong desire to expand knowledge in modern cloud architectures - Knowledge of System Security Concepts (SAST, DAST, Penetration Testing, Vulnerability analysis) - Familiarity with version control concepts (Git) Apply Insights Follow-up Save this job for future reference Did you find something suspiciousReport Here! Hide This Job Click here to hide this job for you. You can also choose to hide all the jobs from the recruiter.

Company Overview: At Toast, we are committed to creating innovative solutions that enhance security and leverage the power of artificial intelligence to drive restaurant business growth and help them thrive. We are seeking a highly skilled and versatile engineer who specializes in application security to join our dynamic team. Job Summary: The Senior Application Security Engineer will be responsible for designing, implementing, and maintaining secure applications and collaborate closely with development teams to embed security best practices throughout the software development lifecycle (SDLC). This role requires a deep understanding of security principles, cloud architecture, and AI technologies to ensure our systems are robust, scalable, and secure. Key Responsibilities: Application Security: Conduct security assessments and code reviews to identify and mitigate vulnerabilities in web, mobile applications and APIs. Identify, analyze, and prioritize security risks and vulnerabilities. Implement and manage security protocols and measures to protect applications from threats. Develop and maintain security tools and frameworks to support secure software development. Develop and execute security testing strategies to validate the effectiveness of security controls. Promote and enforce security best practices throughout the SDLC. Provide guidance on secure coding principles, secure design patterns, and cryptographic techniques. General Security Practices: Stay current with the latest security threats, vulnerabilities, and technology trends. Develop and deliver security training and awareness programs for engineering teams. Work closely with cross-functional teams to embed security best practices throughout the development lifecycle. Required Skills and Qualifications: Education: Bachelors or Master’s degree in Computer Science, Engineering, Information Security, or a related field. Experience: Minimum of 5 years of experience in application security domain Proven experience with secure software development practices and tools (e.g., SCA, SAST, DAST). Proven experience with pentesting of web applications, mobile applications (Android and IOS) and APIs (REST and GraphQL) Technical Skills: Strong programming skills in languages such as Python, Java, Kotlin, C++, or similar. Deep understanding of security principles, cryptography, and secure coding practices. Familiarity with DevSecOps practices and CI/CD pipelines. Knowledge of containerization technologies (e.g., Docker, Kubernetes) and their security implications. Experience with AI security testing tools and techniques. Soft Skills: Excellent problem-solving and analytical skills. Strong communication and collaboration abilities. Ability to work independently and as part of a team in a fast-paced environment. Preferred Qualifications: Relevant security certifications such as CISSP, CEH, or similar. Knowledge of frameworks such as OWASP, SANS. Knowledge of compliance frameworks such as PCI, ISO, GDPR, or similar. Benefits : Competitive salary and performance-based bonuses. Flexible working hours and remote work options. Comprehensive health insurance and wellness programs. Professional development opportunities and continuous learning. Collaborative and inclusive company culture.

locationsBangalore RMZ-ECO WORLDposted onPosted Yesterday time left to applyEnd DateJune 14, 2025 (28 days left to apply) job requisition idR177746 , India Job Family Group: Information Technology (IT) Worker Type: Regular Posting Start Date: May 15, 2025 Business unit: Projects and Technology Experience Level Experienced Professionals About The Role Whats the role As a Cyber Threat Prevention Advisor in the CyberDefence SecOps team, you'll join the Vulnerability team to manage and oversee vulnerability processes, ensuring they are trackable and measurable with robust tool support. Your team will lead the implementation of these processes within ServiceNow Security Operations (SecOps), establishing standard workflows and integrating them with IT service management processes executed by Line of Defence 1 within IRM. This role leverages market-standard tools and practices to streamline the architecture by reducing dependency on Collective. What youll be doing Asset Discovery: Set-up and lead adequate discovery of new Shell IT assets in Shell's legacy IT network, RES & Portfolio companies, Cloud environments and PCD and Retail environments. Ensure visibility in new areas such as Internet of Things and Cloud and investigate possibilities to keep track of IT assets. Automated Vulnerability Scanning: Maintain a portfolio of tools for automated vulnerability scanning with a focus on Business-Critical systems and systems that are available from the public Internet. Set-up regular scanning and make results available for further analytics in IRM investigation platform. Take appropriate action on vulnerabilities where required. Security Posture Reporting: Use the results from asset discovery, vulnerability scanning, penetration testing and attack simulation to provide an overview of vulnerabilities in Shell IT landscapes for different stakeholders including IRM LT and IDSO LT. Create specific reports for Business, Business Critical applications, IDSO service lines, External perimeters etc. Act as a Subject Matter Expert on implications of a vulnerability in an IT system and establishing the priority of applying security patches. Help creating prioritized overviews of Cyber vulnerabilities and putting these in a context of IT services and Business applications. Take mitigating actions coming out of identified threats or vulnerabilities either directly by the team or agree the actions with other parties in Shell. What you bring Bachelors degree in Computer Science, Information Technology, or related field 5-8 years of total experience in IT Security including at least 3-4 years of experience in Vulnerability Assessment Proficient in analysing network traffic using tools such as tcpdump or wireshark Strong experience in using open-source scanning tools such as nmap, nessus, metasploit and/or commercial tools such as Rapid7 or Qualys Knowledge in integrating Vulnerability Management into modern CI/CD Pipelines with 'shift-left' strategy Understanding of Network Security, Cloud Security, Endpoint Security, Application Security Understanding Cyber Threat Landscape and analyzing Threats from various sources. Assess new threats, rate threat per Shell ratings and collaborate with Threat team on new threat criticality Understanding of CVE id / CVSS score and metrics Familiar with application of Cybersecurity Benchmarks, NIST controls, PCI controls Lead security research proposals and Proof Of Concepts for Emerging Technologies and assessing Fit-For-Purpose Tools. Understanding of Cloud Security Posture Management (CSPM) Expertise in operating Application security tools like Rapid7 Appspider, Netsparker Knowledge on CI/CD pipeline able to understand the integration of security tools and guide the developers Understanding of Application security design and providing guidance to developers on secure design. Good understating of SAST/DAST concepts and process Knowledge of Mobile DAST scanning and vulnerabilities and remediation consultation Knowledge of Splunk, SecOps VR, basic querying and creating dashboards Additional Skills (Good to have): PCI-DSS Compliance Scan. SecOps VR Module in ServiceNow. Linux environment experience. Azure/AWS Cloud Console. Wiz.io tool knowledge. Advanced Splunk skills. What we offer You bring your skills and experience to Shell and in return you work with talented, committed people on one of the most important challenges facing our planet. Youll have the opportunity to develop the skills you need to grow in an environment where we value honesty, integrity, and respect for one another. Youll be able to balance your priorities as you become the best version of yourself. Progress as a person as we work on the energy transition together. Continuously grow the transferable skills you need to get ahead. Work at the forefront of technology, trends, and practices. Collaborate with experienced colleagues with unique expertise. Achieve your balance in a values-led culture that encourages you to be the best version of yourself. Benefit from flexible working hours, and the possibility of remote/mobile working. Perform at your best with a competitive starting salary and annual performance related salary increase our pay and benefits packages are considered to be among the best in the world. Take advantage of paid parental leave, including for non-birthing parents. Join an organisation working to become one of the most diverse and inclusive in the world. We strongly encourage applicants of all genders, ages, ethnicities, cultures, abilities, sexual orientation, and life experiences to apply. Grow as you progress through diverse career opportunities in national and international teams. Gain access to a wide range of training and development programmes. We'd like you to know that Shell has a > click here . - Shell in India Shell is a diversified energy company in India with 13,000 employees, and presence in Integrated Gas, Downstream, Power, Renewable and Upstream. Additionally, we have deep capabilities in R&D, digitalisation, and business operations. Our global strategy, Powering Progress, is designed to generate value for our shareholders, customers, and the wider society, and focuses on creating more value with less emissions. The strategy supports our purpose of providing more and cleaner energy solutions, with the aim of profitably transforming Shell into a net-zero emissions energy business by 2050. As India moves towards its target of net-zero emissions by 2070, Shell India aims to play a leading role in securing vital energy for today, while investing in, and helping to build, the energy system of the future through strategic investments in the country. Our Lubricants business serves over 50,000 consumers through a strong network of over 200 distributors, and operates an end-to-end value chain that spans conceptualization, development, and production at a world-class blending plant at Taloja. Through our 350-plus retail stations, we offer an integrated mobility experience including fuels, cafes, and convenience stores, with a prominent network of EV recharging facilities. Shell owns and operates a LNG re-gasification terminal at Hazira, Surat, with a capacity of 5 MTPA and a LNG truck-loading unit that plays a crucial role in helping meet Indias growing demand for gas across sectors. In 2022, Shell acquired Sprng Energy in a $1.55 billion deal to build an integrated energy transition business in the country. Sprng is a leading renewable energy company in India which develops and manages solar, wind, and hybrid power generation facilities and infrastructure. Our three capability centres across Bangalore and Chennai serve as a technology and innovation powerhouse for Shell globally, working as a delivery engine for core technical, digital, and finance processespioneering digital innovation and cutting-edge technologies across the energy sector. We also have strong academic partnerships and collaborations with leading universities and technology institutes to accelerate decarbonization efforts within the energy sector. We are committed to positively contributing to the communities in which we operate through programmes on STEM Education, Skilling, and Livelihood across India. We nurture and invest in startups developing initiatives focused on accelerating energy innovation through programs such as Shell E4 and Shell Eco-marathon. We also have strategic investments in new energy companies such as Husk Power, d.light, Orb Energy, and Cleantech Solar. DISCLAIMER: Please noteWe occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date. Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Shell/Shell Group companies around the world. The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand. Shell is an Equal Opportunity Employer.

Experience - 4 - 8 years Location - Hyderabad You are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following: Understand and be compliant with the Service Level Agreements defined for the DevSecOps services; Understand and deep knowledge of application security engineering principles, and helping clients development team and function to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations; Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service; Perform manual and automated security assessment of the applications; Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets; Be a liaison between the Application development and infrastructure team, and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying, researching and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and Performing active monitoring and tracking of application related threat actors and tactics, techniques and procedures (TTPs), that could likely cause an impact to client organization

Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatory technical & functional skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Shift-timings: 12 PM to 9 PM

•Strong knowledge on manual secure code review against common programming languages (Java, C#) •Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. •Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs •Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. •Preferred one year of experience in development of web applications and/or APIs. •should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. •One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). JOB DESCRIPTIONS 2 •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following a plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •

About Product Security Engineer at Traveloka will be required to ensure that our products and services are shipped with high security standards through application security testing, hardening, and secure framework. A Product Security Engineer will be smart and self starter. The person needs to find unique ways to understand complex software architecture and should be able to perform manual security code review. They need to be able to integrate security in the software development process with defense-in-depth strategies such as automated testing in CI/CD pipeline. A Product Security Engineer preferably needs to have a software development background and should have practical programming knowledge. They will work very closely with our Software Engineering Team to implement Secure SDLC in Traveloka. They will also need to have proficiency in handling multiple projects based on different frameworks and groups. Responsibilities Carry out manual and automated review of source code to identify security vulnerabilities and risks Implement automated security testing tools (SAST, DAST, IAST) and their deployment within continuous integration systems Implement hardening and secure framework such as RASP, WAF, safe library, and security decorator functions Perform vulnerability assessment & penetration testing on web API, front-end service, internal RPC, and mobile application Attend design reviews and actively lead the discussions from a security standpoint Analyze possible security incident related to application security such as payment abuse or sensitive data exposure via web API Ensure that product security requirements are identified early on and are being baked into all projects Provide effective recommendations or patches to mitigate security vulnerabilities Develop in-house tools to integrate with SDLC and to track and derive security metrics Skills & Experience Academic background in Computer Science or equivalent Relevant professional experience or extensive experience in security activities (e.g. CTF, bug bounty, security research, publications, blog) Practical knowledge of modern software development such as microservices, application containerization, REST architecture, object oriented programming, stateless/stateful authentication, and cloud platform Working knowledge of one or more of these programming languages: Java, JavaScript, Kotlin, C#, Objective-C, Swift Experience in security code review, vulnerability assessment, and penetration testing. Knowledge of common vulnerabilities such as OWASP Top 10 and CWE including business logic issue (e.g. IDOR) Core skill set in two or more of the following areas: JavaScript framework (e.g. React) Java framework (e.g. Spring) Android / iOS platform DevOps AWS Automation tool development Dynamic debugging Unit testing Algorithm & data structure If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

We are hiring for Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 2 to 5 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2 to 4 Years Primary Skills : SAST, Penetration testing , Vulnerability Assessment Responsibility: Static Code analysis, Static/dynamic testing of mobile applications,Vulnerability Assessment,Penetration Testing Thanks And Regards, Ankita P Ghosh ankita.patari@happiestminds.com

We seek a Desecvops Engineer, Expert Level who shares our passion for innovation and change. This role is critical to helping our business partners evolve and adapt to consumers' personalized expectations in this new technological era. What will help you succeed: In the position of DevSecOps Engineer, you will join the DevSecOps Enablement product line and will be part of the quality,security and complaince team.The job is part of a small, but quickly growing and highly agile team of Global IT who are focused on supporting our devops team delivering applications and products with quality and secuirity. This platform is built toolachian which integrate well with development life cycle. As a DevSecOps Engineer, you will: Expertise in DevSecOps Expertise in SCA, SAST and DAST tools Expertise in threat modeling Expertise in container scanning tools Expertise Vulnerability scanning and management Expertise in automation of day to day security operations Be a hands-on technical leader on toolchain and work closely with architects, product owners, and teams across sites to drive toolchain forward with high quality, scalable and maintainable components, and delivering excellence on schedule. Provide technical leadership through coaching and mentoring other team members. Dedication to SAFe/ Lean practices and scalable architecture, including experience building adaptable roadmaps and evolving stakeholders requirements. Willing to learn and adapt new tools and technologies. Educate and train team and Devops teams on quality and security best practices. Technical Skills: Experience in quality scanning tools like SonarQube Experience in security scanning tools like Mend Experience in GHAS and GitLab SAST/DAST Experience in DevOps tools like GitHub and GitLab Experience in Snek and VeraCode etc Experience in scripting languages like Python, Powershell etc Job-related Experience Bachelor of Science in Computer Science or a related field Five or more yearswork experience as a Quality and Security Engineer or related position Extensive knowledge of operating system and database security In-depth knowledge of security protocols and principles Critical thinking skills and ability to solve complex problems Furthermore, you bring: Very good interpersonal skills, a team player attitude and mindset, and you like bringing others up to speed on technology Ability to take ownership and be effective with limited supervision Strong organizational skills and ability to prioritize and manage multiple projects simultaneously In-depth understanding of Quality, Security and compliance This job can be filled in Pune, Hyderabad, Bangalore, Indore #LI-Hybrid

Description: Work with multiple medical customers in the areas of - - Threat modelling, security requirements and architecture - Drive security lifecycle for multiple customer projects - Drive pen testing requirements across projects - Take part in customer discussions for new business development activities - Setup security practice for MedTech in India Requirements: - Must have 15+ years of experience in cyber security areas - Must be efficient in medical domain security - Must have experience with medical device security: threat modelling, pen testing, SAST, DAST - Must be hands on with pen testing of medical devices, application and cloud Job Responsibilities: Work with multiple medical customers in the areas of - - Threat modelling, security requirements and architecture - Drive security lifecycle for multiple customer projects - Drive pen testing requirements across projects - Take part in customer discussions for new business development activities - Setup security practice for MedTech in India What We Offer: Exciting Projects: We focus on industries like High-Tech, communication, media, healthcare, retail and telecom. Our customer list is full of fantastic global brands and leaders who love what we build for them. Collaborative Environment: You Can expand your skills by collaborating with a diverse team of highly talented people in an open, laidback environment — or even abroad in one of our global centers or client facilities! Work-Life Balance: GlobalLogic prioritizes work-life balance, which is why we offer flexible work schedules, opportunities to work from home, and paid time off and holidays. Professional Development: Our dedicated Learning & Development team regularly organizes Communication skills training(GL Vantage, Toast Master),Stress Management program, professional certifications, and technical and soft skill trainings. Excellent Benefits: We provide our employees with competitive salaries, family medical insurance, Group Term Life Insurance, Group Personal Accident Insurance , NPS(National Pension Scheme ), Periodic health awareness program, extended maternity leave, annual performance bonuses, and referral bonuses. Fun Perks: We want you to love where you work, which is why we host sports events, cultural activities, offer food on subsidies rates, Corporate parties. Our vibrant offices also include dedicated GL Zones, rooftop decks and GL Club where you can drink coffee or tea with your colleagues over a game of table and offer discounts for popular stores and restaurants!

Job Title: Security Tester/Security Test Engineer Location: Chennai/Hyderabad Mode: Hybrid Notice Period: Immediate/Currently Serving 6+ years of experience only (relevancy) Role Summary: This job is responsible for assisting in application security testing, including source code review, automating application security testing process and developing application security solutions to influence organizational efficiency and security. Assists in evaluating security risk assessments and presenting security information to workforce and management. Serves as a resource to the workforce regarding security-based questions and problems. ESSENTIAL RESPONSIBILITIES SAST & DAST Level 1 scan SAST & DAST Level 2 scans after getting approval/certification. Triaging of scan findings Document identified vulnerabilities from scans and review with application teams. Participate in peer reviews. Assist with API Security testing. Pull and complete non-testing related stories from the team backlog (Update documentation, complete research, POCs, process improvement items, documentation of automation components etc...) Collecting security requirements. Educational Qualification Any Degree Must Have 7 - 10 years of experience in Application Security testing Proficiency with Web application and API security testing process. Deep knowledge of Web technologies (i.e How web application works, Authentication, Authorization, HTTP Response & HTTP Request). Thorough understanding of SAST & DAST process. Experience in Burp suite/Acunetix/ Sonarqube or any other security testing tools. Proficiency in Vulnerability reporting process and Remediation process. Ability to handle meetings with Development team to share and explain about vulnerabilities and its remediations. Good to Have: Development experience using Java technologies. Knowledge of GIT, Eclipse, and experience in working with Agile methodology. Good written and verbal communication along with logical thinking and problem-solving abilities Ability to learn new things quickly. Always keen to learn about latest security risk. Any Certifications - Added Advantage

Dear Candidate, We are hiring a Penetration Tester to simulate attacks and discover security vulnerabilities in critical systems. Perfect for professionals skilled in offensive security techniques. Key Responsibilities: Conduct penetration tests on web, mobile, and network systems Document vulnerabilities and remediation recommendations Develop exploits and custom testing tools Collaborate with developers to address findings Required Skills & Qualifications: Proficiency with penetration testing tools (Burp Suite, Metasploit, Nmap) Strong understanding of application and network security Experience writing exploit scripts (Python, Bash) Bonus: OSCP, OSWE, or CEH certification Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Dear Candidate, We are hiring a Security Engineer to design and implement secure systems across cloud and application environments. Ideal for engineers excited about threat modeling and proactive defense. Key Responsibilities: Perform security assessments and code reviews Develop security policies and incident response procedures Implement security controls in cloud and on-prem environments Monitor for vulnerabilities and recommend mitigation Required Skills & Qualifications: Knowledge of OWASP Top 10, secure coding practices Experience with SIEM, IDS/IPS, and vulnerability scanners Familiarity with cloud security (AWS, Azure, GCP) Bonus: Certifications (CISSP, CEH, OSCP) Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Essential duties & responsibilities: Analyze and recommend improvements to network, system, and application architectures to enhance security. Research, design, and implement cybersecurity solutions that protect the organization’s systems and products. Collaborate with DevOps, Platform Engineering and Architecture teams to ensure security is embedded in the design and development of applications and systems. Actively participate in the change management process ensuring security considerations are prioritized in system upgrades and modifications. Design and deploy automated security controls to improve efficiency in risk identification, configuration management, and security assessments. Develop and refine security policies to address cloud security misconfigurations, leveraging cloud-native security technologies. Implement logging and monitoring solutions for cloud environments to enhance SOC team capabilities in detecting and responding to security incidents. Assess and review emerging technologies to identify potential security risks and implement mitigation strategies. Design and deploy innovative security technologies to address evolving security challenges. Conduct vulnerability scanning, anomaly detection, and risk assessment to enhance the security posture. Work closely with security architects to develop and deploy security solutions that address cloud-specific risks. Take ownership of security posture improvements, ensuring strict security policies and controls align with business objectives. Research and stay up to date on emerging security threats and provide strategic recommendations to strengthen security defenses. Qualification & Experience: Hands-on experience with implementing security controls, including Database security, Web content filtering, Anomaly detection & response, Vulnerability scanning & management Proficiency in at least one scripting language (e.g., Perl, Python, PowerShell, Bash) for automation and security tooling. Expertise in at least one of the following security domains: Network security (e.g., IDS/IPS, firewall hardening) , Cloud-native security (e.g., IAM, security groups, encryption), Endpoint security (e.g., EDR/XDR, mobile security) , Application security (e.g., SAST, DAST, API security) Strong familiarity with industry security frameworks and regulations, including: NIST Cybersecurity Framework (CSF), CIS Controls, HIPAA, GDPR compliance Ability to assess compliance requirements and implement security controls to ensure adherence. Strong problem-solving and analytical skills, with the ability to assess complex security risks and develop mitigation strategies. Excellent communication and interpersonal skills, with the ability to engage both technical and non-technical stakeholders. Proven ability to work independently, manage projects, and contribute as an integral part of a high-performing security team

ANZEN Technologies Private Limited stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. 1. Web Application Security Assessment 2. Mobile Application Security Assessment 3. API Security Assessment 4. Network Vulnerability Assessment & Penetration Testing 5. Understanding vulnerabilities in depth, along with mitigating them - Experience: 2-4 years - Relevant certifications are an advantage - Notice Period: 30 days - Job Location: Navi Mumbai - Work Mode: Work from Office We are looking for immediate Joiner Only

About the Opportunity Job TypePermanent Application Deadline31 May 2025 About The Role Title Technical Analyst Application Security Department Global Cyber & Information Security Location Bengaluru, India Reports To Senior Technical Consultant - Application Security Level Security Analyst -2 Were proud to have been helping our clients build better financial futures for over 50 years. How have we achieved this? By working together - and supporting each other - all over the world. So, join our GCIS - Application Security team and feel like youre part of something bigger. Department / Team Description The Global Cyber & Information Security (GCIS) department is a part of the Global Technology department. The Technology function globally provides IT services to the Fidelity International business. These include development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Applications, and Infrastructure services that the FIL relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation. About role As Technical Analyst, one would be responsible to understand technical and architectural implementation. Use this understanding to conduct the Design, Code review and Penetration Testing. The role will involve working closely with development groups to securely design, develop and implement services and components. This role demands interaction with development groups, Enterprise Architecture, Information Security Officer (ISO) and vendors. Aim is to ensure applications are compliant with FIL Information Security Standards. The successful candidate will be able to demonstrate an innovative and enthusiastic approach to technology, implementation, adoption and problem solving. The candidate shall display good interpersonal skills and show confidence and ability to interact professionally with people at all levels. Key Responsibilities Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Requirements review, Code Review, Software Composition Analysis, Penetration testing (Ethical Hacking), Vendor Risk Assessment. Liaise with Developers, Architects, Project Managers and Vendors to understand the working of an application, how effectively they are implemented and where security mechanisms are employed. Understand the business requirements, evaluate potential products / solutions and provide technical recommendations. Be hands on with technology and to contribute to the design, development and support of projects with the Security recommendations. Review design and development artefacts to ensure security quality in the products being developed. Evolve security review processes in accordance with Information Security Standards and market best practices. Protect Fidelity information assets by promoting the understanding and acceptance of Information Security Policy and Standards. Experience and Qualifications Required Must Have 2-3 years of conducting application security assessments i.e. Code Review and Penetration testing (Ethical Hacking) and Vendor Risk Assessment. Knowledge of attack vectors from OWASP, WASC and mitigation of the same, open-source software security assessment tools. Knowledge of web technologies (Java/J2EE/Struts/ .NET / PHP / Java Script etc.). Good understanding of HTTP, HTTPS, SSL, TLS, SFTP Protocols Working knowledge of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) Working knowledge of executing source code analysers to unearth security vulnerabilities in the source code Run and analyse security Penetration testing and pinpoint security issues and suggest mitigations. Capable of understanding end user requirements from security perspective Sound business and technical acumen Good to Have Excellent problem-solving and critical-thinking skills Understanding of emerging technologies and corresponding security threats Self-motivated, flexible, with a can do attitude. Feel rewarded For starters, well offer you a comprehensive benefits package. Well value your wellbeing and support your development. And well be as flexible as we can about where and when you work finding a balance that works for all of us. Its all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.

Role & responsibilities Job Title: Senior Lead Engineer - Product Cyber Security Years Of Experience: 8-12 Years Role Overview: The Security Sr Lead Engineer/Tech Specialist works with product development teams across all regions globally to ensure commitment to the cyber security strategy of minimizing flaws and improving product resiliency to cyber-attacks by ensuring adherence to the integrated secure development lifecycle process, which embodies a secure-by-design defense in depth philosophy. You will be a strong technical expert in matters related to pentesting and cyber controls and will report to a team manager responsible for product architecture review and testing. This role is part of the Product Cyber team (under the Global DT Cyber team) which focuses on continuously improving the cyber posture of products that are often installed in customer's environments. On a typical day you will: Perform DAST, SAST & Pentest for different products Perform Threat Modeling and Architecture reviews for new products and design changes with existing products Handle Product Cyber Incident Response activities and Active contribution to Risk Management Work with product development teams towards secure DevOps activities and CI/CD integration issues with Security tools Work with product development teams and carry out functional cyber risk assessments to support their cyber requirements throughout the entire development cycle. Coordinate with quality and product development teams to periodically update cyber security design policies and ensure that these policies are incorporated into product design, with requirements for traceability and system validation and verification. Interface with global teams and share best practices and lessons learned Refine and support the standard work associated with product cyber security incident response management Work closely with the product testing teams to validate recommended security controls Continually enhance the capabilities of the Cyber security team: Identification of technology and methodology gaps Participation and leading technical and industry committees Creation of discipline health score card. Work in an environment of continuous improvement and lean process and product development. good to have knowledge in Agile methodologies. Stay updated on latest cyber security hacking news, technologies and methodologies including: The latest attack methodologies include penetration testing and red-team methodologies. Latest forensic and incident response methodologies. Attend security or hacker conferences and stay on the cutting edge What You Will Need to be Successful: Bachelor of Science/Engineering in cyber security, computer science or a related engineering discipline 8+ years of product cyber security engineering and software systems development experience; at least 4 years hands-on experience with penetration testing methodologies and tools. In depth knowledge of IEC 62443 and related cybersecurity standards. In-depth knowledge of requirements captures, cyber security threat modeling and systematic discovery of threats, as part of Secure Development Lifecycle, with broad understanding of potential vulnerabilities at different layers of hierarchical systems Cyber security certifications such as OSCP, GSEC, CEH Knowledge of state-of-the-art security analysis tools and various product cyber security safeguards. These include threat modeling, source code analysis, dynamic analysis, penetration testing and audit/compliance tools Excellent written and verbal communication and presentation skills. Adept at communicating with globally disperse cross functional teams. (Preferred) Strong knowledge in various cryptographic systems and requirements for authentication, authorization and encryption for various types of systems (Preferred) Intimate knowledge and experience with incident response management and risk assessment Preferred candidate profile

Role & responsibilities Conduct regular security assessments (SAST/SCA/DAST) utilizing both automated and manual methods to identify security vulnerabilities Responsible for assessing the risk of the found vulnerabilities as per Broadridge Security Standards and documenting them with proper proof of concepts, as necessary Perform security design and architectural reviews for new and existing applications to ensure they meet security standards and best practices. Collaborate with technical teams and business stakeholders to provide expert advice on vulnerability remediation strategies and best practices. Assess risks reported in the vulnerability assessment results and other security related data, and prioritize remediation actions Integrate security practices into the CI/CD pipeline to identify and address vulnerabilities early in the development cycle and maintain the tooling in the CICD pipeline Conduct regular security group reviews. Identify and implement automation opportunities within security testing and review processes to enhance efficiency and effectiveness. Awareness of working and adapting to Agile environment Preferred candidate profile A bachelors or higher degree in Computer Science, Computer Engineering, or similar discipline. Minimum 6 years of hands-on experience in application security and 2 years in DevSecOps, and extensive knowledge in any one of the object-oriented programming languages. Strong Information Security technical skills and knowledge to identify, research and understand security control gaps and program compliance issues Strong web application security experience with thorough understanding of web application vulnerabilities and secure coding practices Demonstrated experience in performing threat modeling, security architecture review, and vulnerability assessment on applications and infrastructure Deep understanding of OWASP methodologies for web, API, mobile, CI/CD, and LLM. Knowledge in Cloud(AWS, Azure) Architecture Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI) and their integration with security tools. Understanding of Security Policies, Procedures, Audit, and Compliance requirements Skills in Terraform/Chef/Python/Perl/Ruby is desired Superior ability to effectively communicate security concepts, threats, controls, and mitigation/remediation to application teams and audiences not familiar with such topics Soft Skills: Excellent communication and presentation skills Ability to work collaboratively and build consensus is essential Ability to manage multiple priorities effectively. Strong analytical and problem-solving skills with attention to detail. Willingness and capability to self-learn Good to Have: Experience in conducting infrastructure vulnerability scans, analysis of scan results, and vulnerability triage. Experience in assessing and enhancing security of cloud-based environments and services. Experience in AWS security involving tools and process Experience in container/Kubernetes security Active participation in the security communities and groups Demonstrated commitment to staying up to date with emerging security threats and technologies. Hold at least one applicable industry certification; CEH, CISSP, OSCP, CISM, Cloud Security etc.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.