3149 Owasp Jobs

We’re hiring on the Blackbaud Application Security team! As a member of the Cyber Security organization at Blackbaud, the Application Security Engineer is a specialized position that plays a key role in securing software built and/or used by Blackbaud. You can expect to work closely with software development teams as well as third-party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications at Blackbaud. In addition to securing software, you will be expected to stay up to date on what’s happening in the Cyber Security industry to optimize and align our application security processes and systems throughout the Software Development Life Cycle (SDLC) at Blackbaud. The Application Security Engineering team focuses on building automation for security self-service and vulnerability management to reduce unnecessary toil. What you will be doing: Identifying solutions for difficult security problems while participating in a broader agile Application Security team. Building comprehensive solutions to conduct consolidation, aggregation, and notification of security findings to respective stakeholders. Conducting threat modeling, secure design reviews, and providing direct guidance to development teams. Promoting, designing, and evaluating application security in all phases of the SDLC and constantly looking for innovative ways to improve processes. Influencing, building, and assisting with information security challenges within applications. What we'll want you to have: You are either a security-minded software engineer who has been building modern services using a microservice architecture in an agile development environment or a development-interested security practitioner who understands security best practices but wants to get closer to development and engineering. 5+ plus years of experience with application security and relevant testing tools for: DAST: Burp Suite, OWASP Zap, Invicti, AppScan SAST/SCA: Fortify, Checkmarx, Coverity, Semgrep, OWASP Dependency Check, Mend, Blackduck Attack Surface Management: OWASP Amass, Spiderfoot, CyCognito 3+ years of experience with Python, Bash, and/or PowerShell. 3+ years of experience in DevSecOps integrating security solutions into CI-CD pipelines and automated tooling orchestration. Relevant certifications include CompTIA Security+ or CASP+, EC Council CEH, ISC2 CSSLP are a plus. Experience partnering with development and systems engineers on impactful security initiatives. Understanding of software development; how applications and systems are designed, built, and break is critical. Understand DevSecOps cultural mindsets, and an engineering-focused approach to solving complex security problems. Strong verbal and written communication skills to translate security objectives and requirements to specific engineering outcomes. The Application Security team at Blackbaud is committed to ensuring security issues are prevented, discovered, and remediated in collaboration with our engineering partners across the business. Stay up to date on everything Blackbaud, Blackbaud is a digital-first company which embraces a flexible remote or hybrid work culture. Blackbaud supports hiring and career development for all roles from the location you are in today! Blackbaud is proud to be an equal opportunity employer and is committed to maintaining an inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.

Blackbaud’s IT Software Development team builds and manages software and services critical to our company’s business operations. We are trusted business partners, first-class software engineers, and digital transformation leaders empowering Blackbaud to keep pace with a rapidly changing technology landscape. We are looking for a dynamic, high-performing Staff Software Engineer to join our IT Software Engineering team. Our software engineers work in multi-disciplinary teams with other back end and front-end engineers, DevOps, product managers, and IT infrastructure teams to build innovative solutions. As a Software Engineer on the IT Software Engineering team, you will be developing both our Customer-facing web applications and back-end systems that power modern interactions between Blackbaud’s Customers and our IT systems. Your success in this area will have a direct impact on our customers’ experience working with Blackbaud, and consequently, their ability to succeed in their missions. What you’ll do: Build software systems using technologies like .NET Core, C#, Angular, TypeScript, JavaScript, SQL, Azure cloud resources, and REST APIs Develop integrations between core systems, including SalesForce, Workday, and Blackbaud’s Engineering System Administer the API Documentation Libraries using 'Swagger / OpenAPI ' ( Swashbuckle ) Work with a Scrum team to groom, plan, and deliver work. Solve defects within our operational software baseline and ensure technical debt is identified, tracked, and planned as part of the Scrum process Support existing structures and pipelines Improve software quality through techniques like adherence to software standards, static analysis scanning, unit testing, logging, proactive alerting, and monitoring Deliver documented results of improving the operating efficiency and security posture of our software development life cycle environment Work directly with stakeholders to understand their needs and identify areas of opportunity Participate in an on-call rotation Explore emerging technologies and apply new learning to improve how we build systems through refactoring, modernizing technology, and automation What you’ll bring: 3+ years of experience in Software Development Fundamental understanding of the software development lifecycle Understanding of secure coding practices based on OWASP standards Experience with Microsoft C# / .NET Experience building and consuming REST Web Services Experience working with code versioning, GIT preferred Experience with developing applications using Angular Understanding and know how to apply agile principles, practices, and patterns Excellent communication skills and ability to articulate complex and technical concepts to non-technical audiences Able to work flexible hours as required by business priorities Stay up to date on everything Blackbaud, Blackbaud is a digital-first company which embraces a flexible remote or hybrid work culture. Blackbaud supports hiring and career development for all roles from the location you are in today! Blackbaud is proud to be an equal opportunity employer and is committed to maintaining an inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.

Over the past 15 years, Medanta has created an unrivalled impact in delivering world class multi-specialty care for patients in India. We have hospitals in Gurgaon, Lucknow, Patna, Indore and Ranchi. In addition, we have clinics in Defence Colony (South Delhi), Cybercity & Subhash Chowk (Gurgaon), and at the Delhi Airport. Medanta is constantly growing and has also ventured in Retail vertical through Diagnostics (Laboratory Services) and Pharmacies. We also have also launched homecare services. We further plan to scale up existing facilities and expand into a few more geographical areas and also identify new avenues (Academics - Medical College) within the Healthcare eco-system. As we continue to scale and grow into new geographies, explore innovative methods of healthcare delivery, we are looking to hire exceptional talent to help us achieve our vision and grow in the process to achieve their professional aspiration. Roles & Responsibilities: Leverage the existing cybersecurity tools and capable to identify open-source tools to discover threat agent actions. Identify potential threats and mitigation strategies to enable a proactive defense mechanism before an actual security incident. Design and implement a security incident response process. Act as the primary control point during significant information security incidents, manage the development of incident response plans and generate detailed reports. Identify and propose the implementation of the key information security initiatives, plans, practices and tools to the management. Proactive support on the approved information security projects, internal/external security audits, internal audits, application security assessment and reviews and compliance. Identify and understand potential and emerging information security threats and vulnerabilities and implement an effective communication channel across the appropriate teams. Detect and respond to cyber security threats and implement remediation controls. Perform GRC assessment on IT infrastructure and Applications and prepare plan to mitigate. Hardening reviews of endpoints, networks and servers. Manage security compliance for end points, networks, servers, databases, etc. Proficient in operating cyber security solutions to protect IT Infrastructure and data it hold What we are looking for Bachelor’s degree specializing in Information Security, Computer Science, Information Management Systems, or relevant work experience. Minimum 6 years of experience in Cyber Security . Individual Contributor and capable of working independently. Strong technical skills relevant to Information Security such as SIEM, IDAM, PIM/PAM, Breach Attack Simulation and Micro segmentation An excellent knowledge and deep understanding of the complex network and end point security principles and concepts. Practical knowledge of operating systems (such as: Windows, Linux, Hypervisors). Detailed experience with vulnerability scanning solutions. Ability to identify and mitigate network vulnerabilities and an understanding of their remediation. Required to assist with root cause identification for incident management. Should be acquainted with Information Security Industry standards/best practices and relevant regulations (such as: SSAE16, SOC 2, PCI DSS, HIPAA, GLBA, FISMA, NIST, ISO27000, CobiT, ISF, OWASP, SANS). Must have proficient analytical, technical research and detail-oriented skills Available to work on-call whenever required. Employment Type : Full-Time Job Location - Gurgaon Work Days - 6 Days a week from office

• Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network & blockchain. Experience in both commercial and open source tools like: Burp Professional, Nmap, Kali, Metasploit, etc. Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. Experience in preparing a security threat model and associated test plans. Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results. In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred. Knowledge of current information security threats

We are seeking an experienced Application Security Manager to lead our security initiatives and ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial in safeguarding our digital assets and maintaining compliance with industry standards. Themanageroftheapplicationsecurityprogramwillberesponsible for - 1. To Integratesecuritytools,standards,andprocessesintothe productlifecycle(PLC). 2. EnsurethatdevelopersandQApersonnelaretrainedwiththeappropriatele velofsecurityknowledgetoperformtheir dailyactivities. 3. Improveandsupportapplicationsecuritytooldeploymentsincludingstaticanal ysisandruntimetestingtools and securedevelopmentstandards. 4. Conduct and manage periodic penetration testing exercises through expert consulting, internal technology team, and managed services to identify the gaps and fulfill audit/ regulator requirements. 5. Create, Integrate and manage threat modelling process/ practices, following SSDLC and application framework. 6. Manage the secure configuration/ hardening guidelines and compliance. 7. Should create and manage application security KPIs. KRIs compliance reports and dashboards. 8. Should have strong hand-on experience of different tools, processes related to SAST, DAST, API Security and Threat Modelling. 9. Should take care of Infosec functions by coordinating with various stakeholders (App Team, Vendors, Auditors, Regulators). 10. Should have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST. 11. Should have a good espouser to cloud environment (AWS) and WAF (Imperva, Akamai) 12. Knowledge of Network and Data Security is a plus. Qualifications and Experience: 1. 8-10 years of hands-on experience in application security. 2. Strong understanding of application security best practices, frameworks, and security technologies, like Checkmarx, Fortify, Burp Suite, OWASP ZAP, Acunetix etc. 3. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes. 4. Familiarity with regulatory requirements and compliance standards (e.g., RBI, SEBI). 5. Excellent communication, interpersonal, analytical and problem-solving skills. 6. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Masters degree or relevant certifications preferred.

Overview The Information Security Assessment Lead is responsible for safeguarding PepsiCo's digital assets by assessing the cyber risk and compliance of new and changing systems against information security requirements and managing risks associated with IT and Information Security systems throughout the project lifecycle. The ISA Lead will collaborate with various security teams and businesses to facilitate compliance with Information Security standards, provide technical guidance for key strategic initiatives, and drive the secure delivery of technology solutions within PepsiCo. The role heavily focuses on security risk-based assessments, and data-driven decision-making and automation. Responsibilities Security Design Expertise: Proven track record in assessing security designs, including data flow diagrams, architectural blueprints, low-level designs, networking diagrams, authentication mechanisms, and authorization schemes. Must demonstrate experience in aligning these designs with industry standards such as NIST 800-53, ISO 27002, CIS, and OWASP to ensure robust security postures. Skilled at identifying potential security gaps and implementing best practices to fortify system architectures against emerging threats. Familiarity with the latest security tools and technologies, as well as experience in integrating security measures into complex IT environments, is essential. Compliance Assessment: Assess new and changing application designs and requirements to ensure compliance with PepsiCo information security standards. Risk Communication: Identify, quantify, and communicate technology risks impacting the business, recommending resolutions and identifying root causes. Explain scan results (infrastructure, applications, databases) and pen testing results to stakeholders. Threat Modeling: Utilize expert knowledge in threat modeling techniques and methodologies to proactively identify, assess, and prioritize security risks, enabling the organization to implement targeted mitigation strategies and maintain a robust information security posture. Project Lifecycle Reviews: Review IT and Information Security systems throughout the project lifecycle, identifying risks and security requirements, and recommending paths to eliminate identified risks and implement compensating controls. Automated Risk Assessments: Conduct risk-based assessments using automated tools and techniques to prioritize and address security risks. Collaboration and Education: Collaborate with various IT and Business teams to ensure they are knowledgeable about Information Security processes and requirements, influencing them to eliminate or reduce risks. ServiceNow Utilization: Experience using ServiceNow to gather necessary information and data, automating security assessment processes to enhance efficiency and effectiveness. Metrics Management and Reporting: Manage operational metrics related to the ISA and GRC processes, utilizing Power BI for advanced reporting, tracking project progress, and developing corrective action plans. Process Improvement and Proactive Security: Govern Information Security services from the ISA, tracking process metrics, identifying issues, and driving process improvement initiatives. Stay updated with threat intelligence, leverage Azure and cloud security knowledge, and implement Agile and DevSecOps methodologies to integrate security into the development process. Qualifications A minimum of 8 years of experience in Information Security, IT Risk Management, or a similar role. Mandatory Technical Skills: In-depth technical experience and knowledge of infrastructure technologies, networks, web, computing, cloud services, manufacturing equipment, mobile devices, and information (cyber) security. Strong understanding of information security frameworks, regulations, and standards such as NIST 800-53, CIS, and ISO 27002. Proficient in ServiceNow, with the ability to leverage its modules for information gathering, data analysis, and automation of the ISA service. Experience in threat modeling and applying threat modeling methodologies in previous roles. Proficient in Power BI for developing reports and dashboards to support data-driven decision-making. Strong skills in developing ad hoc reports and managing metrics. Knowledge of Azure and general cloud security principles. Ability to read and explain scan (infrastructure, applications, databases) and pen testing results to technical and non-technical stakeholders, guiding them on risk and vulnerability remediation. Mandatory Non-Technical Skills: Proficient in influencing and educating stakeholders on security best practices and policies, ensuring understanding and adherence to security standards. Established a reputation as a trusted adviser, providing expert guidance on information security matters. Strong presence to represent PepsiCo Information Security in complex situations with business and IT partners. Ability to collaborate with various stakeholders, including business units and product managers.

Job Description: UI Automation Test Engineer Experience: 2 to 4 years Salary budget: upto 8 LPA Notice: immediate to 30 days Location; chennai Key Responsibilities:  Develop, maintain, and execute automated tests for user interfaces (UI) using industry-standard tools and frameworks (e.g., Playwright, Selenium, Cypress, Appium). (Preferable - Playwright)  Design test plans and test cases based on functional and non-functional UI requirements.  Collaborate with software developers, product managers, and quality assurance team members to identify test scenarios and ensure comprehensive UI test coverage.  Implement test automation scripts using scripting languages such as Java, Python.  Integrate automated tests into continuous integration/continuous deployment (CI/CD) pipelines for efficient and reliable UI testing.  Perform manual testing as needed, especially for exploratory testing or scenarios where automation is not yet feasible.  Identify, report, and track UI bugs and defects using issue tracking systems (e.g., Jira, Bugzilla), working closely with development teams to ensure timely resolution.  Participate in code reviews and provide feedback on the UI's testability, maintainability, and accessibility.  Stay updated on emerging trends, tools, and technologies in UI testing and automation, incorporating best practices into the testing process.  Contribute to the improvement of UI testing processes, methodologies, and tools within the organization. Qualifications:  Bachelor's degree in computer science, software engineering, or a related field (or equivalent experience).  Proven experience (2 to 4 years) in software testing, with a focus on UI automation.  Strong understanding of web development concepts (HTML, CSS, JavaScript).  Proficiency in at least one scripting language commonly used in UI test automation (e.g., Java, Python).  Experience with UI automation frameworks like Playwright, Selenium, Cypress, Appium, or similar. (Preferable - Playwright)  Familiarity with continuous integration/continuous deployment (CI/CD) practices and tools (e.g., Jenkins, GitLab CI/CD).  Excellent problem-solving skills and a keen eye for detail.  Strong communication and collaboration skills, with the ability to work effectively in a team environment.  Ability to prioritize tasks and manage time efficiently in a fast-paced environment.  Experience with agile software development methodologies (e.g., Scrum, Kanban) is a plus Preferred Qualifications:  Certification in software testing (e.g., ISTQB Certified Tester) or relevant API testing certifications.  Experience with performance testing and load testing of APIs using tools like JMeter or Gatling.  Knowledge of containerization technologies such as Docker and orchestration tools like Kubernetes.  Familiarity with cloud computing platforms (e.g., AWS, Azure, Google Cloud) and their respective API services.  Experience working with microservices architectures and distributed systems.  Understanding of security testing principles and techniques for APIs (e.g., OWASP API Security Top 10).

Summary Position Summary Job Description: Cyber Risk Application Security Consultant Attack Surface Management (ASM) Services Overview Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloitte’s ASM team could be the place for you. Deloitte’s ASM business is committed to transparency, innovation, collaboration, and sustainability. We deliver industry-leading services through fresh thinking and creative approaches, collaborating across the organization to support our clients. Our goal is to be the premier integrated services provider transforming the cybersecurity marketplace. Role: Cyber Risk Attack Surface Consultant As a Consultant, you will: Work with global teams to identify vulnerabilities and rogue assets (e.g., shadow IT). Help clients achieve business growth while managing risk. Key Responsibilities Conduct vulnerability assessments and manual penetration testing for web, API, thick client, and mobile applications. Perform secure code reviews and analyze false positives from industry-standard tools. Respond to ad-hoc reporting and research requests. Develop and implement application security policies and procedures. Identify and prioritize security vulnerabilities. Coordinate with development and operations teams on remediation plans. Quickly understand and deliver on company and client requirements. Participate in regular reporting for clients, partners, and internal teams. Adhere to internal operational security and Deloitte policies. Required Qualifications Bachelor’s degree or higher in Computer Science, or equivalent experience. 3–5 years of hands-on experience in: Application security Vulnerability assessment Penetration testing Mobile application security Thick client and Web API security assessments Strong understanding of OWASP Top 10 and related vulnerabilities. Experience in manual assessment and exploitation (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling). Understanding of OAUTHv2/OpenID standards and business logic vulnerabilities. Experience with secure code review (OWASP Secure Coding Practices). Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc. Ability to perform manual penetration testing and use automated tools. Excellent technical report writing skills. Knowledge of web application components (frontend, backend, databases, application servers). Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases). Experience with application security architecture review and threat modeling. Basic concepts of reverse engineering and memory analysis. Understanding of networking protocols (TCP/IP, DNS, HTTP/S). Familiarity with vulnerability classification (CVE/CVSS). Certifications: CISSP, OSCP, OSWE, BSCP, GWAPT. Preferred Qualifications Proficiency in web and mobile application security assessments, penetration testing, and secure code review. Relevant publications (blogs, tools, conference presentations, CVEs). Preferred certifications: OSWE, BSCP. Experience with automation and scripting (Python). Outstanding English written and oral communication skills. Strong understanding of web, mobile, and microservices vulnerabilities. Knowledge of malicious code operation and exploitation. Strong analytical and problem-solving skills. Self-motivated and eager to learn new attack vectors. Desire to deeply understand the what, why, and how of security vulnerabilities. If you are passionate about cybersecurity and ready to make an impact, Deloitte’s ASM team offers a collaborative and innovative environment to grow your career. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 302277

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders" cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell's underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell's mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats. In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Developer, Application Security. The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers" security journey with tried and true best practices. We are a Java, Python, and React shop combined with world-class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It's challenging and rewarding! If you are up for the challenge, come join us. You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities. Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure). Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk. Bachelor's degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python. Must have prior in-depth demonstrable experience developing in JAVA and Python; Basically you are developer first and a security engineer second. Applicants that do not have this experience will not be considered. Experience developing in, and securing, Javascript and React a plus. Experience securing integrations and code that utilizes Elasticsearch, Snowflake, Databricks, RDS a big plus. Detail-oriented with problem-solving, communication, and analytical skills. Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation. Excellent understanding and utilization of OWASP. Demonstrated ability to secure API; Techniques, patterns, will be assessed. Experience designing and implementing application security solutions for web and or mobile applications. Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects. Experienced in application penetration testing; and understanding of remediation techniques for common misconfigurations and vulnerabilities. Demonstrable experience in understanding patching and library upgrade paths including interdependencies. Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus. Capability to deploy, provide maintenance for, and operationalize scanning solutions. Hands-on ability to conduct scans across application repositories and infrastructure. Must be willing to work extended hours and weekends as needed. Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts. Preferred Qualifications: You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE. Proficient with penetration testing tools such Burp suite, Metasploit or ZAP. You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better. As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation. Capability to develop operational process from scratch or improve current processes and procedures through well-thought-out hand-offs, integrations, and automation. Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications. Understanding of modern endpoint security technologies/concepts. Adept at working with distributed team members. What Cowbell brings to the table: Employee equity plan for all and wealth enablement plan for select customer-facing roles. Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours, and much more. Professional development and the opportunity to learn the ins and outs of cyber insurance, cybersecurity as well as continuing to build your professional skills in a team environment. Equal Employment Opportunity: Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE Transparency, Resiliency, Urgency, and Empowerment, we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk. At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards. We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.,

Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it's not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies including Siemens, Airbus, SalesForce, Stellantis, Adidas, Wal-Mart, and Sanofi. Checkmarx, a leader in the application security testing market, actively seeks talented application security engineers (AppSec Eng.) to support Checkmarx Global Services and our customers. The perfect candidate has a robust background in software development and application security. Support some of our strategic/top-tier customers in conducting security-focused code reviews using the Checkmarx Platform. Support customer's AppSec and Dev Teams with mitigation advice for identified vulnerabilities. Create proof-of-concept based on identified vector attacks. Daily and monthly responsibilities include conducting security-focused statical code analysis on top of a broad range of development languages and open-source libraries. Support customer AppSec/Dev teams with mitigation strategy/advice for identified vulnerabilities. When required, create proofs-of-concept that can illustrate a given vulnerability exploitability. When needed, support AppSec/Dev teams in analyzing applications. Requirements: - Bachelor's degree in computer science or another highly technical scientific discipline. - +3 years experience in development using one or more high-level programming languages like Java, .Net, Javascript, Go, Python, etc. - +3 years experience in security-focused code review covering some market standards AppSec Frameworks like OWASP Web/API/Mobile Top 10, PCI-DSS, etc. - A proactive approach to spotting problems, areas for improvement, and performance bottlenecks. - Strong technical aptitude - being able to pick up technical concepts rapidly is required. - Highly motivated self-starter. - Fluent in English (++ for other languages). The fine print: - Work from office/home (hybrid). - Some international travel required (less than 10%). If you have the skillset we're looking for, we will get you up-to-speed with Checkmarx Platform solutions and invest in you to improve your knowledge and technical skills. Your new title will be Checkmarx Experienced Application Security Engineer.,

The role will involve the following responsibilities: - Performing Web Application Security Testing - Conducting Mobile Application Security Testing - Scanning Networks for Security Vulnerabilities - Coordinating with clients for Project-related queries - Participating in meetings with client teams to discuss security issues and recommendations - Generating detailed security reports - Monitoring project progress and providing regular updates - Researching Open Source security tools and new security topics - Developing a Security Knowledge base for the team The ideal candidate should possess a strong understanding of application security concepts, including mitigation techniques in the following areas: - Web Application Security (OWASP Top 10) - Mobile Application Security (Mobile OWASP Top 10) - Threat Modelling - Risk Rating Frameworks - Web Traffic Interception (for Web/Mobile apps) - SSL - Network Concepts - Web Development Basics (HTTP/HTML/JavaScript) - Basic Mobile Application Concepts (either Android or iOS) Skills required for this role include proficiency in: - Web application security - Mobile security - Nessus - Burp Suite - OWASP - Reporting and Presentation Skills,

As a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients" systems and networks. This position offers an exciting opportunity to work on challenging projects, collaborate with talented professionals, and contribute to the advancement of cybersecurity practices. You will perform end-to-end Vulnerability Assessment and Penetration Testing (VAPT) for clients" IT infrastructure, applications, and networks. Conduct thorough security assessments using industry-standard tools and methodologies, including but not limited to, Nmap, Nessus, Metasploit, Burp Suite, and OWASP. Identify and exploit security vulnerabilities to assess the potential impact on clients" systems and data. Prepare detailed assessment reports outlining findings, risk levels, and recommended remediation measures. Collaborate with clients" IT teams to prioritize and address identified security issues in a timely manner. Develop and implement custom scripts or tools to enhance testing capabilities and automate repetitive tasks. Stay abreast of emerging security threats, vulnerabilities, and industry best practices to continually improve testing methodologies. Provide guidance and mentorship to junior security engineers, fostering a culture of knowledge sharing and skill development within the team. Requirements: - Bachelor's degree in Computer Science, Information Technology, or related field. - 2+ years of experience in cybersecurity, with a focus on Vulnerability Assessment and Penetration Testing. - Proficiency in using tools such as Nmap, Nessus, Metasploit, Burp Suite, and OWASP. - Hands-on experience with various operating systems, including Windows, Linux, and Unix. - Strong understanding of network protocols, web application architecture, and common security vulnerabilities. - Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar certifications preferred. - Excellent analytical skills and attention to detail, with the ability to prioritize and manage multiple tasks effectively. - Effective communication skills, both verbal and written, with the ability to convey technical concepts to non-technical stakeholders. - Proven track record of delivering high-quality security assessments and actionable recommendations.,

You will be responsible for defining and communicating a shared architectural vision for a complex product built on the Salesforce platform, focusing on Service Cloud, Manufacturing Cloud, and Field Services Lightning. Your role involves collaborating with Agile teams to evaluate solutions, validate technology assumptions, and drive platform direction aligned with business needs. Additionally, you will work closely with Enterprise and Solution Architects to deliver solutions that adhere to broader architecture guardrails. Your key responsibilities include setting the strategic direction and roadmap for Service Capabilities, leading the planning and high-level design of complex product solutions, enabling a continuous delivery pipeline, defining system interfaces and data structures, and establishing critical nonfunctional requirements. You will also participate in solution planning, develop architectural runways, provide technical oversight, and negotiate with the business to prioritize nonfunctional work effectively. To qualify for this role, you must hold a Bachelor's degree from an accredited institution and have over 12 years of experience in the software industry, with a strong track record of shipping high-quality products. You should possess at least 8 years of experience with the Salesforce Platform, particularly focusing on Service Cloud, and experience with Manufacturing Cloud and Field Service Lightning is advantageous. Additionally, you should have extensive knowledge of best practices in software engineering. As for skills, you should have an expert level understanding of Salesforce, Lightning Web Components, Apex, and associated development platforms, along with experience in developing enterprise-grade applications and distributed systems. Proficiency in software design principles, DevSecOps, CI/CD principles, modern software development practices, cybersecurity concepts, Agile methodologies, and cloud services is essential. Moreover, experience with multiple cloud service providers, such as Azure, AWS, and GCP, is beneficial, as well as advanced verbal and written communication skills, good judgment, and the ability to work collaboratively with diverse teams. In summary, this role requires a seasoned professional with a solid technical background, extensive experience in Salesforce and software engineering, strong communication skills, and the ability to drive architectural decisions in alignment with business objectives.,

At Capgemini Invent, you will play a crucial role in driving transformation by blending strategic, creative, and scientific capabilities to deliver cutting-edge solutions for our clients. Your expertise in Vulnerability Management tools such as Rapid7, Qualys, and Tenable will be instrumental in implementing and managing security vulnerabilities both on-premises and in the cloud. You will also be responsible for setting up vulnerability scanning profiles and demonstrating a strong understanding of the vulnerability management lifecycle. In addition, your role will entail in-depth knowledge across various core domains including Vulnerability Management, External Attack Surface Management, Container Scanning, Cloud Security Compliance scanning, and Security Configuration Management. It is essential for you to possess knowledge of system security vulnerabilities, remediation techniques, and tactics, as well as the ability to effectively communicate testing findings to managers and network administrators. Your proficiency in simplifying complex technology concepts for non-technical audiences will be highly valued. Your profile should showcase a good understanding of the risk score acceptance process for vulnerabilities, the ability to generate customized reports, and support in mitigating vulnerabilities. Automation knowledge in existing processes, familiarity with Zero Day Vulnerabilities, and understanding of TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques are also important aspects of this role. Moreover, your comprehension of operating systems, applications, infrastructure, cloud computing services, OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle will be beneficial. Strong oral, verbal, and written communication skills are essential for effective collaboration and sharing of insights. Working at Capgemini offers a supportive environment with flexible work arrangements that prioritize work-life balance. You will have access to career growth programs and diverse professional opportunities tailored to your development. Additionally, you can enhance your skills with valuable certifications in cutting-edge technologies like Generative AI. Capgemini is a global leader in business and technology transformation, empowering organizations to navigate the digital and sustainable world with tangible impact. With a diverse team of over 340,000 members in more than 50 countries, Capgemini leverages its 55-year heritage to unlock the value of technology for clients worldwide. From strategy and design to engineering, the company delivers end-to-end services and solutions driven by market-leading capabilities in AI, cloud, and data, complemented by deep industry expertise and a robust partner ecosystem. In 2023, Capgemini reported global revenues of 22.5 billion, reflecting its commitment to addressing the comprehensive business needs of its clients.,

At Capgemini Invent, we believe difference drives change. As inventive transformation consultants, we blend our strategic, creative and scientific capabilities, collaborating closely with clients to deliver cutting-edge solutions. Join us to drive transformation tailored to our client's challenges of today and tomorrow. Informed and validated by science and data. Superpowered by creativity and design. All underpinned by technology created with purpose. Your role involves expertise in Vulnerability Management tools such as Rapid7, Qualys, and Tenable. You should have hands-on experience in implementing and managing security vulnerabilities both on-premises and in the cloud. Additionally, setting up vulnerability scanning profiles and a strong knowledge and understanding of the vulnerability management lifecycle are essential. It is crucial to have in-depth knowledge across all core domains including Vulnerability Management, External Attack Surface Management, Container Scanning, Cloud Security Compliance scanning, and Security Configuration Management. Understanding system security vulnerabilities, remediation techniques, and tactics is required. You should be able to comprehend vulnerability testing methodology and effectively communicate testing findings to managers and network administrators. Furthermore, the ability to communicate complex technology to non-tech audiences in a simple and precise manner is essential. Your Profile should include a good understanding of the risk score acceptance process of vulnerabilities, ability to create customized reports, support in the mitigation of vulnerabilities, and knowledge of automation in the existing process. Understanding of Zero Day Vulnerabilities and their process, TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques are also important. You should have knowledge of operating systems, applications, infrastructure, and cloud computing services, along with an understanding of OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle. Good oral, verbal, and written communication skills are necessary for this role. What you will love about working here is the recognition of the significance of flexible work arrangements to provide support. Whether it's remote work or flexible work hours, you will have an environment that allows for a healthy work-life balance. Career growth is at the heart of our mission, with an array of career growth programs and diverse professions crafted to support you in exploring a world of opportunities. Equip yourself with valuable certifications in the latest technologies such as Generative AI. Capgemini is a global business and technology transformation partner, helping organizations accelerate their dual transition to a digital and sustainable world while creating tangible impact for enterprises and society. With a responsible and diverse group of 340,000 team members in more than 50 countries, Capgemini is trusted by clients to unlock the value of technology to address the entire breadth of their business needs. The Group reported 2023 global revenues of 22.5 billion.,

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Palo Alto Networks Firewalls Good to have skills : NA Minimum 3 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: We are seeking a highly skilled Senior Network Security Engineer with proven experience in enterprise-grade security technologies including Palo Alto firewalls, IDS/IPS systems, VPN, WAF (Imperva), Cequence Bot Defense, Cloudflare DNS security, and Illumio Zero Trust microsegmentation. The ideal candidate will be responsible for designing, implementing, and maintaining network security controls to protect enterprise infrastructure, applications, and data from advanced cyber threats. Roles & Responsibilities: -Configure, deploy, and maintain Palo Alto Networks firewalls, including threat prevention, URL filtering, and App-ID policies. -Manage and monitor intrusion detection and prevention systems (IDS/IPS) for threat detection and response. -Configure and maintain VPN solutions (GlobalProtect or other IPsec/SSL-based systems) for secure remote access. -Analyze logs and events for unusual activity and support incident investigations. -Automate and optimize firewall rules and network segmentation for least-privilege access. -Deploy and manage Cequence Bot Defense for API security and bot mitigation. -Analyze bot traffic patterns and implement policies to block malicious automation. -Work with DevOps and application teams to integrate Cequence with key digital assets. -Configure and monitor Cloudflare DNS security services including threat blocking, filtering, and DoS mitigation. -Implement policies for DNS-layer protection and content filtering. -Ensure availability and resiliency of DNS infrastructure through Cloudflare edge network. -Implement and administer Illumio Zero Trust Segmentation for workload isolation and application-level segmentation. -Design and enforce microsegmentation policies to restrict lateral movement and reduce attack surface. -Continuously assess traffic flows to identify over-permissive access and optimize segmentation models. -Deploy and manage Imperva WAF to protect critical web applications from OWASP Top 10 and other application-level attacks. -Tune WAF rules to reduce false positives while maintaining effective security posture. -Work with application teams to ensure secure deployment pipelines and integrate security testing. Professional & Technical Skills: - Must To Have Skills: Proficiency in Palo Alto Networks Firewalls. - Strong understanding of cloud security principles and best practices. - Experience with security compliance frameworks such as ISO 27001, NIST, or CIS. - Familiarity with identity and access management solutions. - Knowledge of incident response and threat management processes. -Collaborate with SOC, DevOps, Infrastructure, and Application Security teams to improve detection and response. -Maintain security documentation, configuration baselines, and change control records. -Assist in incident response and forensic analysis during security events. -Stay current with emerging threats and recommend appropriate security controls. -Security certifications such as PCNSE, CCNP Security, GIAC (GCFW, GCIA), CISSP, or CEH. -Experience with REST APIs, automation/scripting (Python, Ansible), and infrastructure-as-code. -Understanding of Zero Trust architecture and NIST 800-207 principles -Rxperience in cybersecurity operations, with a focus on network and perimeter security. - Hands-on experience managing enterprise firewalls, preferably Palo Alto. - Experience in Bot protection and DNS security, including tools like Cequence and Cloudflare. -Proven track record in troubleshooting complex firewall and VPN issues in large-scale environments. -Experience conducting firewall audits, rule reviews, and implementing policy enhancements. -Demonstrated ability to manage incident response and change management processes. -Experience working in a global delivery model and collaborating with cross-functional teams. -Strong analytical and problem-solving skills with a continuous improvement mindset. Additional Information: - The candidate should have minimum 3 years of experience in Palo Alto Networks Firewalls. - This position is based at our Gurugram office. - A 15 years full time education is required.

JOB DESCRIPTION The Application Security Developer IV will work closely with both engineering (development) teams and the Information Security group to make sure that RealPage applications are developed with security in mind. Deep awareness of the OWASP Top 10 project and practices for preventing vulnerabilities when developing applications in any tech stack is a key success factor. This person will help to ensure Static Application Security Testing (SAST) occurs during the development lifecycle and that reported vulnerabilities are properly remediated. This person will also help train developers on how to remediate the vulnerabilities and what those vulnerabilities are when needed, Implement OWASP Application Security Verification Standards (ASVS). Additionally, this person role-models for a small team (1-5 others) of persons with similar responsibilities. Excellent communication skills and a good familiarity with DevOps pipelines are key success factors for this role. PRIMARY RESPONSIBILITIES • Shift-Left security in Software Development Life Cycle (SDLC) for various applications. • Provide guidelines, tooling, best practices and implement for: o SAST o Dynamic Application Security Testing (DAST) o Software Composition Analysis (SCA) o Runtime Application Self-Protection (RASP) • Provide guidance and coaching to teams regarding security remediation efforts • Provide guidance to teams on how to properly integrate SAST, DAST, SCA scans into their pipelines • Work with teams to ensure dependency scans are also part of their development process and pipelines • Provide ongoing improvements and awareness training on new application threats and remediation techniques • Provide guidance on OpenID Connect (OIDC) and OAuth2 and other identity-related best practices and practical approaches for client implementation • Help engineering teams plan long term remediation solutions when deep changes are required for remediation activities • Collaborate with the Information Security (InfoSec) team on prioritizing both applications and vulnerabilities based on risk • Provide guidance to teams on proper storage and retrieval of application secrets REQUIRED SKILLS AND EXPERIENCE • 5+ years C# .NET • Web API • SQL • Deep familiarity with the OWASP Top 10 and other security concerns for web applications • Familiarity with OWASP Application Security Verification Standards (ASVS) • Familiarity with SAST, DAST, SCA Scans • Preferred: python or java NICE TO HAVE SKILLS AND EXPERIENCE fortify on demand invicti net sparker

Company Description We are a consulting company with a bunch of technology-interested and happy people! We love technology, we love design and we love quality. Our diversity makes us unique and creates an inclusive and welcoming workplace where each individual is highly valued. With us, each individual is her/himself and respects others for who they are and we believe that when a fantastic mix of people gather and share their knowledge, experiences and ideas, we can help our customers on a completely different level. We are looking for you who is immediate joiner and want to grow with us! With us, you have great opportunities to take real steps in your career and the opportunity to take great responsibility. Job Description We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong foundation in penetration testing and vulnerability management to join our dynamic cybersecurity team. In this role, you will be instrumental in identifying and mitigating security risks across our systems, applications, and network infrastructure. You will also lead internal and third-party penetration testing initiatives and work closely with cross-functional teams to strengthen our overall security posture. Key Responsibilities Conduct comprehensive vulnerability assessments (VA) and penetration tests (PT) on systems, applications, and networks. Identify and assess security vulnerabilities using industry-standard tools and methodologies. Design and manage vulnerability management processes and drive effective remediation strategies. Coordinate and manage third-party penetration testing engagements and ensure alignment with security goals. Collaborate with IT and business teams to prioritize and remediate identified risks. Contribute to the development and maintenance of security policies, procedures, and standards. Continuously monitor systems for unauthorized access, suspicious activities, and emerging threats. Stay abreast of evolving cybersecurity trends, threat landscapes, and best practices in attack surface reduction. Required Qualifications Bachelors degree in Computer Science, Information Security, or related field. 4 to 5 years of hands-on experience in vulnerability scanning, penetration testing, and vulnerability management. In-depth knowledge of common vulnerabilities and exposures (CVEs) and attack vectors. Proficiency with tools such as Kali Linux, Qualys, Burp Suite, and other VA/PT platforms. Familiarity with security frameworks and standards (e.g., NIST, OWASP Top 10, CIS Controls). Strong analytical and problem-solving skills. Excellent written and verbal communication skills, including the ability to explain technical issues to non-technical stakeholders. Preferred Certifications (Certifications are a plus but not mandatory) OSCP, OSEP, SANS GIAC, CREST, CompTIA Security+, or similar. Start : Immediate Location : Bangalore Form of employment: Full-time until further notice, we apply 6 months probationary employment.

Are you a Product Security Analyst expert looking for a challenging opportunity? Join our Product Security team. We operate at the heart of the digital transformation of our business. Our team is responsible for Product Security including application security for our global organization. Partner with the best . We are looking for a Senior Product Security Analyst, with a focus in Product Security. In this role, you will work in a team and demonstrate working knowledge of systems and products and how they are secured in customers' businesses. As a Senior Product Security Engineer , you will be responsible for: Being responsible for providing technical leadership and defining, developing, and evolving security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure. Working with Cyber Security Leaders and SMEs to understand security requirements Performing penetration testing Collaborating with product and engineering teams to integrate security into the software development lifecycle (SDLC). Conducting threat modeling, design reviews, and code reviews to identify and mitigate security vulnerabilities. Performing static and dynamic application security testing (SAST/DAST), and manage results and remediation efforts. Leading security assessments of new and existing products, including third-party components and APIs. Developing and maintain secure coding guidelines and best practices. Supporting incident response and forensic investigations related to product security. Staying current with emerging threats, vulnerabilities, and security technologies. Assisting security champions in completing Threat Modeling and Architecture Risk Analysis on product features Providing guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project Understanding application security methodologies and frameworks Leveraging Baker Hughes Digital’s tailored Secure SDL practice into specific engineering engagements Researching new application security technologies and implement them to improve application security. Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development Promoting best practices based on OWASP, SANS Top 25, and the Baker Hughes Digital SDL. Fuel your passion To be successful in this role you will: Have Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math). A minimum 2 years of professional experience in STEM related degree, Political Science/Government/International Affairs. Desired Characteristics Have Detailed working knowledge of two modern programming languages, such as java, python, or ruby Have Strong written and oral communication skills and successful security consulting background. Have at least 2 years of security consulting involvement with development team(s) that delivered software-based services Have Experience in developing secure applications Have a high energy and a result-oriented attitude/approach, with an understanding of release timelines and the need to enable development teams, not slow them down Have experience with Security Development Lifecycle processes Have Contribute to and lead discussions and communications within the team and outside, including customers and other business units Have Strong knowledge of Object Oriented Analysis and Design, Software Design Patterns and coding principles Have Experience with penetration testing tools, ability to replicate security defects uncovered by groups such as red team Have Good understanding of security tools and technologies to facilitate secure development. Working with us Our people are at the heart of what we do at Baker Hughes. We know we are better when all our people are developed, engaged and able to bring their whole authentic selves to work. We invest in the health and well-being of our workforce, train and reward talent and develop leaders at all levels to bring out the best in each other. Working for you Our inventions have revolutionized energy for over a century. But to keep going forward tomorrow, we know we must push the boundaries today. We prioritize rewarding those who embrace change with a package that reflects how much we value their input. Join us, and you can expect: Contemporary work-life balance policies and wellbeing activities Comprehensive private medical care options Safety net of life insurance and disability programs Tailored financial programs. Additional elected or voluntary benefits About Us: We are an energy technology company that provides solutions to energy and industrial customers worldwide. Built on a century of experience and conducting business in over 120 countries, our innovative technologies and services are taking energy forward – making it safer, cleaner and more efficient for people and the planet. Join Us: Are you seeking an opportunity to make a real difference in a company that values innovation and progress? Join us and become part of a team of people who will challenge and inspire you! Let’s come together and take energy forward. Baker Hughes Company is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. R149646

What You Can Expect Zoom is seeking a highly qualified and experienced full stack senior software engineer (Java). Developing and maintaining IT cloud native solutions in our CPQ, Order to Cash and other business areas. This strategic position requires an engineer with exceptional initiative and precise attention to detail. The ideal candidate excels at complex challenges and shares our commitment to developing superior software. Furthermore, if you are dedicated to advancing Zoom's evolution into an agile, responsive, and customer-focused enterprise application organization, this role presents an optimal opportunity. About The Team This engineering position would play a pivotal role in architecting, designing, building and supporting the full-stack cloud-native solutions to address the channels business enablement targets. This includes the self-service experience supporting quoting and ordering for Zoom’s partner ecosystem. These range from software development and machine learning to quality assurance teams that work to create and maintain Zoom's user-friendly interfaces and robust infrastructure. If you are excited about the potential of leading Zoom’s continued evolution into a customer-obsessed enterprise application organization, then this role is for you! What We’re Looking For Have a BS/MS in Computer Science or equivalent. 12+ years of backend/full-stack development experience. Expert knowledge in Java and core technologies (JVM, multithreading, IO, network). Have mastery of Java Spring MVC, Spring Boot, RESTful APIs. Experience building low-latency microservices and API publishing. Have understanding of authentication/authorization (OAuth, JWT). Have expertise in SQL/NoSQL databases (MySQL, MongoDB, DynamoDB). Experience with caching systems (Redis, Memcache) - Knowledge of search technologies (ElasticSearch, Lucene, Solr). Cloud services experience (AWS, GCP, Azure) - Containerization and CI/CD (Docker, Jenkins) - Linux systems and application servers (nginx, Tomcat). Have design patterns and coding best practices. System reliability and scalability in cloud infrastructure. Experience with failover and circuit breaking patterns. Have application logging and performance monitoring experience. Proficiency with tools like Splunk, ELK, Datadog, Prometheus .System maintenance and troubleshooting. Have experience with version control (Git) and build tools (Maven/Gradle). Secure coding practices and OWASP guidelines - Localization/internationalization implementation. Have excellent verbal and written communication. Collaborative team player with consensus-building ability. Problem-solving skills for complex technical challenges Ways of Working Our structured hybrid approach is centered around our offices and remote work environments. The work style of each role, Hybrid, Remote, or In-Person is indicated in the job description/posting. Benefits As part of our award-winning workplace culture and commitment to delivering happiness, our benefits program offers a variety of perks, benefits, and options to help employees maintain their physical, mental, emotional, and financial health; support work-life balance; and contribute to their community in meaningful ways. Click Learn for more information. About Us Zoomies help people stay connected so they can get more done together. We set out to build the best collaboration platform for the enterprise, and today help people communicate better with products like Zoom Contact Center, Zoom Phone, Zoom Events, Zoom Apps, Zoom Rooms, and Zoom Webinars. We’re problem-solvers, working at a fast pace to design solutions with our customers and users in mind. Find room to grow with opportunities to stretch your skills and advance your career in a collaborative, growth-focused environment. Our Commitment At Zoom, we believe great work happens when people feel supported and empowered. We’re committed to fair hiring practices that ensure every candidate is evaluated based on skills, experience, and potential. If you require an accommodation during the hiring process, let us know—we’re here to support you at every step. If you need assistance navigating the interview process due to a medical disability, please submit an Accommodations Request Form and someone from our team will reach out soon. This form is solely for applicants who require an accommodation due to a qualifying medical disability. Non-accommodation-related requests, such as application follow-ups or technical issues, will not be addressed.

We are looking to hire a C ybersecurity Engineer with 2+ years of work experience with analytical mind and a detailed understanding of cybersecurity methodologies to identify threats and vulnerabilities in our systems and software, then apply the skills to developing and implementing security solutions. Responsibilities Planning, implementing, managing, monitoring, and upgrading security measures for the protection of the organization's data, system, and networks. Troubleshooting security and network problems. Testing and identifying network and system vulnerabilities. Daily administrative tasks, reporting, and communication with the relevant departments in the organization. Responding to all system and/or network security breaches. Ensuring that the organization's data and infrastructure are protected by enabling the appropriate security controls. Troubleshooting all network and security issues and incidents. Collaborate with IT and engineering teams to ensure secure software and infrastructure development. Routinely conduct penetration testing. Create and maintain documentation related to security policies, procedures, and incident reports. Taking appropriate security measures to ensure that the organization’s infrastructure and existing data are kept safe. Stay current with emerging threats and trends in cyber security. Skills Required Experience with Firewalls (functionality and maintenance), VSX, and Endpoint Security. Proficiency in Python,C,C#, C++. knowledge of protocols from different layers of the OSI model (HTTP, HTTPS, TCPIP,UDP, Web Socket, SSH, SFTP, RDP). Ability to work under pressure in a fast-paced environment. OWASP Great awareness of cybersecurity trends and hacking techniques. Hands-on experience in threat and vulnerability management as well as security advisory services. Experience with API standards (REST, SOAP, JSON, XML) Experience with SQL and NoSQL databases (DynamoDB) Expert and CI/CD practices and tools (Git, Gitlab) Experience in AWS . Qualification: OWASP Experience: 2+ years Location : Technopark, Thiruvananthapuram Skills: firewalls,threat and vulnerability management,osi model,security advisory services,sql,vsx,hacking techniques,c++,nosql databases (dynamodb),api standards,c#,nosql (dynamodb),ci/cd practices and tools (git, gitlab),osi model protocols (http, https, tcpip, udp, web socket, ssh, sftp, rdp),firewalls management,owasp,python,c,aws,endpoint security,cybersecurity,api standards (rest, soap, json, xml)

JOB DESCRIPTION KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. QUALIFICATIONS • IT Audit + SAP experience with knowledge of IT governance practices Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Preferred Certifications – CISA/CISSP//CISM Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information: KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

JOB DESCRIPTION KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. QUALIFICATIONS • IT Audit + SAP experience with knowledge of IT governance practices Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Preferred Certifications – CISA/CISSP//CISM Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information: KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

COMPANY OVERVIEW KKR is a leading global investment firm that offers alternative asset management as well as capital markets and insurance solutions. KKR aims to generate attractive investment returns by following a patient and disciplined investment approach, employing world-class people, and supporting growth in its portfolio companies and communities. KKR sponsors investment funds that invest in private equity, credit and real assets and has strategic partners that manage hedge funds. KKR’s insurance subsidiaries offer retirement, life and reinsurance products under the management of Global Atlantic Financial Group. References to KKR’s investments may include the activities of its sponsored funds and insurance subsidiaries. POSITION SUMMARY KKR is seeking an experienced Product Security Analyst. This role offers exciting opportunities for growth and impact as KKR scales its business and continues to innovate. As a Security Analyst, you will be responsible for designing, implementing, and maintaining security measures across our environment specific to our internally developed applications, external facing applications, and key Software as a Service (SaaS) applications. You must be proficient in troubleshooting, vulnerability management, cloud security, application security, and have a deep understanding of a wide range of systems, and be capable of leading other teams in these efforts. You will work closely with Enterprise Systems and other business units to ensure our security posture remains strong, aligned with industry best practices, and compliant with regulatory requirements. You will also be looking over the horizon, identifying future needs and exploring leading edge solutions. This position is a full time position and will be onsite in our Gurugram office. We are operating in a 4 day in office, 1 day flexible work arrangement. RESPONSIBILITIES Conduct application security assessments and penetration tests to identify vulnerabilities and security issues. Work closely with the software development team to ensure that secure coding practices are implemented throughout the application development lifecycle. Design and implement security solutions to protect applications from potential threats. Provide guidance and recommendations on application security best practices. Maintain knowledge of the latest security trends, threats, and countermeasures. Participate in incident response and handling activities related to application security incidents. Conduct security awareness and training sessions for the development team to promote secure coding practices. Develop and maintain application security standards, policies, and procedures. Report and document security findings and remediation activities. Integrate security tools and practices into the continuous integration/continuous delivery (CI/CD) pipeline. QUALIFICATIONS Bachelor's degree in Computer Science, Information Technology, or a related field. Atleast 5 years of proven experience as an Application Security Engineer or similar role. Strong understanding of software development life cycle (SDLC) and secure coding practices. Proficiency in conducting security assessments and penetration tests. Experience with security tools and technologies such as firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), and network access control (NAC). Knowledge of regulatory requirements and industry best practices related to application security. Experience with cloud security and DevSecOps practices. Familiarity with OWASP Top Ten and other security frameworks Team-player who enjoys working in a collaborative and collegial environment and is an active contributor as part of a global team Ability to work calmly under pressure and meet deadlines and solve problems requiring creativity, initiative and drive; self-motivated and enjoys a sense of pride in their accomplishments Ability to present ideas in a user-friendly, business-friendly and technical language Strategic self-starter with an innovative mindset and outstanding attention to detail KKR is an equal opportunity employer. Individuals seeking employment are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, or any other category protected by applicable law.

About the Role: We are looking for a skilled and detail-oriented QA Engineer with over 2 years of experience in manual, automation, performance, and security testing . You will work closely with developers, product managers, and DevOps teams to ensure high-quality, secure, and scalable software products. This role is ideal for someone who is passionate about software quality and eager to take ownership of test planning and execution across functional and non-functional requirements. Key Responsibilities: Design and execute test cases for functional, regression, and integration testing. Develop and maintain automated test scripts using tools such as Selenium/TestNG. Conduct performance testing using tools like JMeter, LoadRunner, or similar. Perform basic security testing (e.g., input validation, authentication/authorization checks, session handling). Validate REST APIs and backend logic using tools such as Postman or Swagger. Document defects clearly and follow up with the development team until resolution. Analyze test results, identify patterns, and suggest improvements for stability and performance. Required Skills & Qualifications: Bachelor’s degree in Computer Science, Information Technology, or equivalent. 2+ years of experience in Quality Assurance, with exposure to both manual and automated testing. Hands-on experience in performance testing tools such as Apache JMeter, BlazeMeter, or LoadRunner. Familiarity with security testing concepts , OWASP Top 10, and tools like Burp Suite (basic level). Proficient in bug tracking tools (e.g., Jira). Understanding of API testing using Postman or similar tools. Basic understanding of SQL and database testing. Strong problem-solving, documentation, and communication skills. Job Type: Full-time Pay: ₹30,000.00 - ₹40,000.00 per month Benefits: Leave encashment Paid sick time Paid time off Provident Fund Experience: Functional testing: 2 years (Required) Performance testing: 1 year (Required) Location: Ahmedabad, Gujarat (Required) Work Location: In person