105 Dss Jobs - Page 5

Hiring: Application Security Engineer Pune, India (Onsite) | Full-time About the Role Secure applications & infrastructure end-to-end through testing, automation, and collaboration with cross-functional teams. Responsibilities SAST, DAST, IAST, Mobile & API testing VAPT & reporting Security automation in CI/CD (Jenkins, Azure DevOps) Promote secure coding practices Manage tools: BurpSuite, OWASP ZAP, SonarQube Ensure OWASP compliance & risk assessments Requirements 2+ years in Application Security Strong in SAST, DAST, VAPT, DevSecOps Hands-on with 3+ tools (BurpSuite, OWASP ZAP, Kali Linux) Proficient in Java/Python/PHP SDLC integration & PCI DSS/HIPAA knowledge Strong communication & teamwork

Project description The project will focus on ensuring data privacy and compliance in the client environment by implementing and managing data masking solutions using the Delphix platform. This role involves collaboration with cross-functional teams to secure sensitive data while maintaining data integrity for development, testing, and analytics. Responsibilities Key Responsibilities: Design and Implementation: -Develop and implement robust data masking solutions using the Delphix platform. -Analyze data sets to identify sensitive information that requires masking. -Create and maintain masking rules, algorithms, and templates for various data environments. Data Security & Compliance: -Ensure sensitive data complies with regulatory requirements, such as GDPR, HIPAA, PCI-DSS, and CCPA. -Collaborate with security and compliance teams to establish masking policies and standards. Testing & Validation: -Conduct thorough testing to validate the effectiveness of masking solutions. -Troubleshoot and resolve issues related to data masking processes. Collaboration & Support: -Work closely with database administrators, developers, and QA teams to integrate masking into workflows. -Provide training and documentation on the Delphix platform and data masking techniques. Monitoring & Optimization: -Continuously monitor and optimize data masking performance. -Stay updated on the latest trends and updates in data masking technologies. Skills Must have Required Skills and Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field with 10+ years of IT industry experience. 8-10 years of experience in data masking, data privacy, or a related field. Expertise in the Delphix platform with 4+ years, including data virtualization and masking. Strong understanding of database management systems (e.g., Oracle, SQL Server, MySQL). Understanding of mainframe databases is an added advantage. Knowledge of data privacy regulations (GDPR, HIPAA, PCI-DSS, etc.). Proficiency in scripting languages such as Java, Python, Shell, or SQL. Excellent problem-solving and troubleshooting skills. Strong communication skills and ability to work in a collaborative team environment. Nice to have Preferred Qualifications: Mainframe exposure -Experience with cloud platforms (AWS, Azure, or GCP). -Familiarity with other data masking tools and technologies. -Certification in data privacy or data security (e.g., CIPP, CDPSE).

We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure youre set up for success, you will bring the following skillset & experience: 3+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

What you’ll do Design, build, and manage data workflows and pipelines in Dataiku DSS . Integrate data from multiple sources including AWS, databases, APIs, and flat files. Collaborate with data engineering and business teams to translate requirements into scalable data solutions. Implement data validation, error handling, and monitoring processes within Dataiku. Support model deployment, scheduling, and performance optimization within the Dataiku environment. Maintain documentation and version control for Dataiku projects and pipelines. What you’ll bring 3+ years of experience in data engineering or analytics development roles. Hands-on experience with Dataiku DSS , SQL, Python, and data wrangling. Familiarity with AWS services, APIs, and data integration tools. Understanding of data quality, pipeline performance optimization, and analytics workflows. Additional Skills: Strong communication skills, both verbal and written, with the ability to structure thoughts logically during discussions and presentations Capability to simplify complex concepts into easily understandable frameworks and presentations Proficiency in working within a virtual global team environment, contributing to the timely delivery of multiple projects Travel to other offices as required to collaborate with clients and internal project teams

About Team : The Internal Audit team at Paytm comprises seasoned professionals with diverse skill sets and experience across different verticals like process audits, technology audits and forensics. The team focuses on implementing the approved audit plan, ensuring delivery of qualitative audits and conducting internal / special reviews while leveraging technology & data analytics and gauging key risks across business processes. About the role: We are seeking an experienced and detail-oriented Information Security and Cloud Security Auditor to join our team. The ideal candidate will have 3-7 years of expertise in data security and privacy control implementation, internal auditing, third-party risk management, cybersecurity governance, and cloud security (banking sector preferred). This role will be responsible for conducting comprehensive IT and cloud security audits, ensuring compliance with regulatory requirements, and enhancing our information security policies and procedures. Key Responsibilities: Conduct IT and cloud security audits across various domains, including IT General Controls, Information Security Controls, Cloud Security, Network Security, Vulnerability Management, and Vendor Risk Assessments. Assess compliance with relevant laws, regulations, and organizational policies, providing expertise in regulatory requirements specific to both on-premises and cloud environments. Develop and enhance information security and cloud security policies and procedures in alignment with industry best practices. Maintain thorough documentation of audit findings, risk assessments, and security measures for internal and external reporting. Validate ITGC, cloud security, and application-specific controls, and manage audit documentation including risk assessments, working papers, audit program checklists, and evidence gathering. Follow up on and ensure closure of non-compliance issues identified during audits. Manage and oversee third-party risk assessments and audits, ensuring robust security controls are in place for both traditional and cloud-based service providers. Lead and participate in the development, migration, and implementation of security controls and policies for network and cloud security solutions. Conduct risk-based security assessments on internal, vendor, and third-party hosted environments, focusing on both traditional IT and cloud infrastructure. Participate in product and vendor selection processes, contributing to the implementation and integration of new technologies, with a strong emphasis on cloud security solutions. Experience/ Skills Required: Minimum 5 years of experience in information security and auditing, with a strong background in cloud security, and the banking and IT industries. Proven experience in performing IT and cloud security audits, validating ITGC and cloud application controls, and maintaining audit documentation. Hands-on experience with vulnerability management, risk management, physical security, identity & access management, encryption, secure development, incident management, security infrastructure, and security policy for both on-premises and cloud environments. Expertise in third-party risk management, regulatory compliance, and managing IT audit findings in both traditional and cloud-based contexts. Strong analytical and problem-solving skills. Excellent communication and documentation skills. Ability to manage multiple projects and meet deadlines. Strong understanding of IT, cloud security, and cybersecurity frameworks and standards. Proficiency in using various security assessment tools and technologies, particularly those related to cloud environments. Strong analytical and problem-solving skills. Excellent communication and documentation skills. Ability to manage multiple projects and meet deadlines. Strong understanding of IT, cloud security, and cybersecurity frameworks and standards. Proficiency in using various security assessment tools and technologies, particularly those related to cloud environments. Qualifications & Certification: Bachelor's / Masters degree in Information Technology, Cyber Security, or a related field. ISO 27001/CNSS/CCNA/CISA/CISM/CISSP Preferred Detailed knowledge of security tools, PCI-DSS, general ITGC controls, compliance testing, cloud risk assessment, GRC, OWASP, MITRE ATT&CK, change management, and policies and procedures. Proficiency in various security and cloud technologies including AWS, Azure, Google Cloud Platform, Palo Alto, Fortinet & Checkpoint Firewalls, SOAR (Cortex), Force scout