7 Oswe Jobs

Here's an updated version of the job description, incorporating your specified details: Staff Product Security Engineer (Embedded & IoT) Work Flexibility: Hybrid Work Mode: Hybrid Location: Bengaluru Work Flexibility Definitions: Remote Role allows you to work the majority to 100% of time from an alternate workplace. These roles could have travel expectations, and you must work within the country of the job requisition location. Field-based – You can expect to regularly work a majority to 100% of time at customer facilities and has a set territory or expectation to travel within a set boundary. Almost all sales roles would likely be qualified as field-based. Onsite – Role is 100% located at a company facility. Some ad hoc flexibility may be available depending on role, level, and job requirements. Manufacturing roles and any role that requires physical presence at the office would qualify under this category. Hybrid – You can expect to regularly work in both an alternate workplace and a company facility. Roles that are partially remote or co-located would qualify as hybrid, and the expectation to be on site would be defined and agreed upon by your manager/supervisor. What you will do: Provide technical leadership and guidance to a team of Web, Embedded, and IoT Security engineers. Execute and oversee Penetration Testing and Vulnerability Assessment activities for Embedded Systems and IoT devices. Leverage DevSecOps to embed security testing ( SAST, DAST, Host Scanning, ATO Scanning, SBOM Generation ) into all phases of the Software Development Life Cycle (SDLC). Develop/review technical documentation (procedures/work instructions/guidance documents) for technical services. Develop and maintain comprehensive test plans, methodologies, and tools for security testing. Conduct in-depth analysis of security vulnerabilities and propose mitigation strategies. Collaborate with cross-functional teams to design and implement secure Embedded and IoT solutions. Lead the Software Bill of Materials (SBOM) Management program , ensuring accurate identification and documentation of software components and dependencies. Drive continuous improvement initiatives related to Embedded and IoT security, testing, and vulnerability management. What you need: Required Qualifications: Bachelor's or Master’s in Computer Science Engineering or a related field. 4 to 10 years of experience in product security, with a strong focus on embedded systems and IoT . Experience with threat modeling, risk assessment , and security architecture reviews for Embedded Systems and IoT solutions. Proficiency in C, C++, and Python programming languages. Familiarity with relevant security standards and frameworks such as OWASP, NIST Cybersecurity Framework , and ISO 27001 . Solid understanding of software development lifecycles and methodologies, particularly in the Embedded Systems and IoT context. Preferred Qualifications: Proficiency in using security testing tools such as Burp Suite, Wireshark, Nessus, and Metasploit , and experience applying DevSecOps principles. Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby, or Python. Understanding of Cloud-based environments like Azure and AWS . At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams. Additional Details: Travel Percentage: 10% Mode of Interview: Face-to-Face

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Consultant - MAST Vanguard Requirements: Mandatory Technical & Functional Skills Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Job Description: Roles & responsibilities Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Perform manual security code review against common programming languages (Java, CSharp). Perform automated testing of running applications and static code (SAST, DAST). Experience in one or more of the following a plus: AI pen testing. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Job Description Role : Offensive Security Location: Mumbai/Hyderabad/Chennai Qualification & Experience M.Tech/B.E. /B.Tech/MCA/BCA/BSC More than 4 years of experience in conducting Red Team and offensive security. Certifications in different Security products, ITIL, CEH, OSCP, OSCE, OSWE, SANS/GIAC etc. would be an added advantage. Job Responsibilities: 3-4 years of experience in Pentest, Red Team, offensive security engagements. Deep understanding of network, web and API security vulnerabilities and mitigation. Good understanding on Active directories and ways of exploitation. In-Depth knowledge of Linux operating system. Ability to model threats and risks for large and complex systems. Good knowledge of IPS/IDS, Firewalls, WAF, Switch and Router. Advance knowledge on Authentication, security protocols, Cryptography etc. Ability to think critically and identify areas of technical and non-technical risk. Ability to write technical reports and communicate technical content to non-technical audiences. Relevant security certification i.e. OSCP, OSCE, OSWE, SANS/GIAC, Published CVEs is an added advantage. Good understanding and experience in offensive security tools and techniques i.e. Metasploit, Burpsuite, Armitage, MITRE ATT&CK Framework. Knowledge in one of the scripting language. Has basic knowledge to write exploits for known vulnerabilities. Interested candidates can share their resume & details at - ankita.parihar_pri@npci.org.in

Job Summary We are looking for an Application Security Analyst with 2-3 years of experience in IT and security to strengthen our security team. The ideal candidate will focus on securing web and mobile applications (Android/iOS) by conducting penetration testing, vulnerability assessments, API security reviews, and ensuring compliance with security best practices . Key Responsibilities Application Security & Penetration Testing Conduct security assessments for web, mobile (Android/iOS), and APIs . Identify, exploit, and remediate OWASP Top 10 vulnerabilities. Perform manual and automated security testing to uncover security risks. Conduct secure code reviews to detect application security flaws. Mobile Security (Android & iOS) Perform static and dynamic analysis of Android/iOS applications. Identify security risks such as insecure data storage, API vulnerabilities, and jailbreak/root detection bypass . Utilize tools like MobSF, Frida, Burp Suite, Objection, Drozer, Jadx, and apktool . Validate applications against OWASP Mobile Top 10 security risks. API Security & Secure Development Perform API penetration testing using Burp Suite, Postman, OWASP ZAP . Identify critical vulnerabilities such as Broken Authentication, Excessive Data Exposure, and IDOR . Collaborate with developers to implement secure coding practices and remediation strategies . Vulnerability Management & Compliance Conduct vulnerability assessments using tools like Nessus, Acunetix, Nexpose, Rapid7, and Qualys . Ensure compliance with ISO 27001, SOC2, GDPR , and other regulatory frameworks. Work closely with development teams to remediate security vulnerabilities . Required Skills & Qualifications Bachelors degree in Computer Science, Information Security, or a related IT field . 2-3 years of experience in IT , with at least 1-2 years focused on Application Security & Penetration Testing . Strong understanding of OWASP Top 10 (Web & Mobile) vulnerabilities. Hands-on experience with security tools such as Burp Suite, MobSF, Frida, Objection, Drozer, Jadx, apktool . Proficiency in secure code review (Java, Swift, Kotlin, JavaScript). Expertise in API Security Testing and secure development best practices. Strong analytical, problem-solving, and communication skills . Preferred Qualifications Security certifications such as OSCP, CEH, eJPT, OSWE, GMOB (preferred). Experience with bug bounty programs or responsible disclosure initiatives. Compensation & Benefits Competitive salary based on experience. Career growth opportunities in Application Security & Ethical Hacking . Health & wellness benefits . Access to continuous learning, certifications, and security training programs . If your skills matches the above requirement, kindly share drop your updated resume at "pooja.valluru@engro.io". Looking for immediate to 30 Days Notice Period.

What youll be doing... Verizon Cyber Security Team is looking for a Penetration Tester to join our Application Pen Test team. Youll be joining a group of talented, creative thinkers who "act like the enemy" to focus on ensuring that infrastructure and applications (web, mobile, and API) are secure by performing penetration testing from both inside and outside of Verizon. . This team isnt a "copy and paste from a scan tool" reporting team, or a cookie cutter just scanning with tools team, or a team that just monitors and supports security scanning tools used by developers. This team is an enterprise-recognized and supported group of skilled, experienced and certified ethical hacking Verizon employees who are trusted to direct themselves with a lot of unknowns. The successful candidate will possess an effective aptitude in thinking like an adversary, security of Web applications, Infrastructure, APIs and Mobile Applications, mentoring and leading junior pen testers and effectively translating highly technical information to internal customers in a way that supports Cyber Security Team and broader Verizon goals. The ability to lead and perform full scope penetration testing on complex web applications, Infrastructure, APIs and Mobile applications. Configuring and safely utilizing attacker tools, tactics, and procedures for Verizon environments. Developing comprehensive and accurate reports and presentations for both technical and executive audiences. The ability to make collaborative decisions on the impact of an exposure to Verizon. Acting as a SME and guide, advising on security vulnerability impact, ratings and remediation recommendations across the organization as needed. Helping define the Pen Test strategy and standards to further enhance the companys security posture. Effectively communicating findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel. Working closely with stakeholders and developers providing risk-appropriate and pragmatic recommendations to correct found vulnerabilities. Developing scripts, tools, or methodologies to enhance Verizons pen testing processes and effectiveness. Driving technical oversight and mentoring junior pen testers on pen test engagements, vulnerability impact and ratings and remediation recommendations. Providing leadership and guidance to advance the offensive capabilities of the team and its subsequent ability to defend the Verizon Enterprise. What were looking for... Youll need to have: Bachelor's degree and four or more years of work experience. Four or more years of relevant work experience. Relevant pen testing or security experience. Deep understanding of OWASP Top 10, OWASP API Top 10, MASVS. Even better if you have one or more of the following: Strong knowledge of tools used for API, infrastructure, web application, mobile, and network security testing, such as Kali Linux, Metasploit, Wireshark, Burp suite, Cobalt Strike, Nessus, Web Inspect, SQLMap. Knowledge of secure software deployment methodologies, tools, and practices. Experience with application security risk procedures, security patterns, authentication technologies and security attack pathologies. Certifications such as: GXPN, GPEN, eWPT, GCIH, GWAPT, OSCP, OSWA, OSCE, OSWE. Service Delivery/Governance: ITILv2/3. Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors. An implementation level familiarity with all common classes of modern exploitation. Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell. Programming skills preferred and encouraged, as well as the ability to read and assess applications written multiple languages, such as Python, JAVA, .NET, C#, or others. Experience with system and application security threats and vulnerabilities and secure configuration management techniques, software debugging principles, software design tools, methods, and techniques, software development models (e.g., Waterfall Model, Spiral Model). Knowledge of secure coding techniques. Some experience with software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization). Knowledge of secure software deployment methodologies, tools, and practices. Knowledge in discerning the protection needs (i.e., security controls) of information systems and networks.

Job Description Role : Offensive Security Location: Mumbai/Hyderabad/Chennai Qualification & Experience M.Tech/B.E. /B.Tech/MCA/BCA/BSC More than 4 years of experience in conducting Red Team and offensive security. Certifications in different Security products, ITIL, CEH, OSCP, OSCE, OSWE, SANS/GIAC etc. would be an added advantage. Job Responsibilities: 3-4 years of experience in Pentest, Red Team, offensive security engagements. Deep understanding of network, web and API security vulnerabilities and mitigation. Good understanding on Active directories and ways of exploitation. In-Depth knowledge of Linux operating system. Ability to model threats and risks for large and complex systems. Good knowledge of IPS/IDS, Firewalls, WAF, Switch and Router. Advance knowledge on Authentication, security protocols, Cryptography etc. Ability to think critically and identify areas of technical and non-technical risk. Ability to write technical reports and communicate technical content to non-technical audiences. Relevant security certification i.e. OSCP, OSCE, OSWE, SANS/GIAC, Published CVEs is an added advantage. Good understanding and experience in offensive security tools and techniques i.e. Metasploit, Burpsuite, Armitage, MITRE ATT&CK Framework. Knowledge in one of the scripting language. Has basic knowledge to write exploits for known vulnerabilities.