3198 Owasp Jobs - Page 12

Job Description Your Impact: You will work in the spirit of agile & a product engineering mindset - delivering the sprint outcomes, iteratively & incrementally, following the agile ceremonies You’re expected to write clean,modular,production ready code and take it through production and post-production lifecycle. You will groom the stories functionally & help define the acceptance criteria (Functional & Non-Functional/NFRs) You will have breadth of concepts, tools & technologies to address NFRs like security, performance, reliability, maintainability and understand the need for trade-offs You will bring in expertise to optimize and make the relevant design decisions (considering trade-offs) at the module / components level Manage the product lifecycle from requirements gathering and feasibility analysis through high-level and low-level design, development, user acceptance testing (UAT), and staging deployment. Integrate SAST,DAST in detecting OWASP vulnerabilities, thereby securing a robust and scalable product journey roadmap Qualifications Your Skills & Experience: A Bachelor’s degree in engineering with 3.5+ years of experience in building large-scale, large-volume services & distributed apps. Proficiency in Java, Spring/Springboot/Micronaut framework,NodeJs,React,K8(Container Orchestrator),Message Queues(Kafka/ActiveMQ,Rabbit MQ/Tibco/JMS) You are aware of Multi-Cloud Platforms like AWS, GCP, Azure, etc. You apply SOLID, DRY design principles, design patterns & practice Clean Code You are an expert at String Manipulation, Data/Time Arithmetic, Collections & Generics You build reliable & high-performance apps leveraging Eventing, Streaming, Concurrency, You design and build microservices from the ground up, considering all NFRs & applying DDD, Bounded Contexts You use one or more databases (RDBMS or NoSQL) based on the needs You understand the significance of security aspects & compliance to data, code & application security policies; You write secure code to prevent known vulnerabilities. You understand HTTPS/TLS, Symmetric/Asymmetric Cryptography, CertificatesYou use logging frameworks like Log4j, NLog, etc. You use Logging/Monitoring solutions (Splunk, ELK, Grafana) Set Yourself Apart With You understand infra. as code (cattle over pets via Terraform/Cloud-Formation/Ansible) You understand reactive programming concepts, Actor models & use RX Java / Spring React / Akka / Play, etc. You are aware of distributed tracing, debugging, and troubleshooting You are aware of side-car, service mesh usage along with microservices You are aware of gateways, load-balancers, CDNs, Edge caching You are aware of gherkin and cucumber for BDD automation You are aware of one distributed caching solution like Redis, MemCache, etc. Additional Information A Tip From The Hiring Manager Software Development Engineers (SDE-I) are bright, talented, and motivated young minds with strong technical skills, developing software applications and services that make life easier for customers. The SDE-I is expected to work with an agile team to develop, test, and maintain digital business applications. As an SDE-I you will get an opportunity to work with industry-leading clients and global teams to solve complex business problems and build your skills on the full stack of application development technologies Education Bachelor’s/Master’s Degree in Computer Engineering, Computer Science, or a related field Additional Information Gender Neutral Policy 18 paid holidays throughout the year. Generous parental leave and new parent transition program Flexible work arrangements Employee Assistance Programs to help you in wellness and well being Company Description Publicis Sapient is a digital transformation partner helping established organizations get to their future, digitally-enabled state, both in the way they work and the way they serve their customers. We help unlock value through a start-up mindset and modern methods, fusing strategy, consulting, and customer experience with agile engineering and problem-solving creativity. United by our core values and our purpose of helping people thrive in the brave pursuit of the next, our 20,000+ people in 53 offices around the world combine experience across technology, data sciences, consulting and customer obsession to accelerate our clients’ businesses through designing the products and services their customers truly value.

Job Description Your Impact: You will work in the spirit of agile & a product engineering mindset - delivering the sprint outcomes, iteratively & incrementally, following the agile ceremonies You’re expected to write clean,modular,production ready code and take it through production and post-production lifecycle. You will groom the stories functionally & help define the acceptance criteria (Functional & Non-Functional/NFRs) You will have breadth of concepts, tools & technologies to address NFRs like security, performance, reliability, maintainability and understand the need for trade-offs You will bring in expertise to optimize and make the relevant design decisions (considering trade-offs) at the module / components level Manage the product lifecycle from requirements gathering and feasibility analysis through high-level and low-level design, development, user acceptance testing (UAT), and staging deployment. Integrate SAST,DAST in detecting OWASP vulnerabilities, thereby securing a robust and scalable product journey roadmap Qualifications Your Skills & Experience: A Bachelor’s degree in engineering with 3.5+ years of experience in building large-scale, large-volume services & distributed apps. Proficiency in Java, Spring/Springboot/Micronaut framework,NodeJs,React,K8(Container Orchestrator),Message Queues(Kafka/ActiveMQ,Rabbit MQ/Tibco/JMS) You are aware of Multi-Cloud Platforms like AWS, GCP, Azure, etc. You apply SOLID, DRY design principles, design patterns & practice Clean Code You are an expert at String Manipulation, Data/Time Arithmetic, Collections & Generics You build reliable & high-performance apps leveraging Eventing, Streaming, Concurrency, You design and build microservices from the ground up, considering all NFRs & applying DDD, Bounded Contexts You use one or more databases (RDBMS or NoSQL) based on the needs You understand the significance of security aspects & compliance to data, code & application security policies; You write secure code to prevent known vulnerabilities. You understand HTTPS/TLS, Symmetric/Asymmetric Cryptography, CertificatesYou use logging frameworks like Log4j, NLog, etc. You use Logging/Monitoring solutions (Splunk, ELK, Grafana) Set Yourself Apart With You understand infra. as code (cattle over pets via Terraform/Cloud-Formation/Ansible) You understand reactive programming concepts, Actor models & use RX Java / Spring React / Akka / Play, etc. You are aware of distributed tracing, debugging, and troubleshooting You are aware of side-car, service mesh usage along with microservices You are aware of gateways, load-balancers, CDNs, Edge caching You are aware of gherkin and cucumber for BDD automation You are aware of one distributed caching solution like Redis, MemCache, etc. Additional Information A Tip From The Hiring Manager Software Development Engineers (SDE-I) are bright, talented, and motivated young minds with strong technical skills, developing software applications and services that make life easier for customers. The SDE-I is expected to work with an agile team to develop, test, and maintain digital business applications. As an SDE-I you will get an opportunity to work with industry-leading clients and global teams to solve complex business problems and build your skills on the full stack of application development technologies Education Bachelor’s/Master’s Degree in Computer Engineering, Computer Science, or a related field Additional Information Gender Neutral Policy 18 paid holidays throughout the year. Generous parental leave and new parent transition program Flexible work arrangements Employee Assistance Programs to help you in wellness and well being Company Description Publicis Sapient is a digital transformation partner helping established organizations get to their future, digitally-enabled state, both in the way they work and the way they serve their customers. We help unlock value through a start-up mindset and modern methods, fusing strategy, consulting, and customer experience with agile engineering and problem-solving creativity. United by our core values and our purpose of helping people thrive in the brave pursuit of the next, our 20,000+ people in 53 offices around the world combine experience across technology, data sciences, consulting and customer obsession to accelerate our clients’ businesses through designing the products and services their customers truly value.

Hiring Application Security Exp: 5+ Years Notice Period : Preferring Immediate Joiners - 30 Days(If Serving and have LWD Confirmation) - Candidate who are in bench or not serving notice period dont apply Location: Marathahalli-Bangalore Mode Of Work : Hybrid Mandatory Skills Required : Application Security,Penetration Testing,SAST,DAST,IT Risk Assesment, Hands-on experience in penetration testing and tools like Apisan, WebInspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity CEH/SSCP/OSCP certified. Mode of interview - 1st technical virtual & 2nd technical face to face in Marathahalli - Bangalore location - If you're available for face to face discussions on weekdays - Apply for this role. Interested candidates share your updated resume to suvetha.b@twsol.com

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills And Attributes For Success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills And Attributes For Success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Job Description: Participate in team prioritization discussions with Product/Business stakeholders Estimate and own delivery tasks (design, dev, test, deployment, configuration, documentation) to meet the business requirements • Automate build, operate, and run aspects of software • Drive code/design/process trade-off discussions within their team when required Report status and manage risks within their primary application/service • Drive integration of services focusing on customer journey and experience Understands operational and engineering experience, actively works to improve experience and metrics in ownership area Develop complete understanding of end-to-end technical architecture and dependency systems Drive adoption of technology standards and opinionated frameworks, and review coding, test, and automation work of team members Identify opportunities to improve an overall process and trim waste. Skills: Net core, API Development, SQL Server DB, Windows Services.

Role Summary: We are looking for a skilled and hands-on Mid-Level Penetration Tester to join our offensive security team. The ideal candidate should have strong manual testing skills and experience assessing diverse environments including web applications, APIs, mobile apps, wireless networks, infrastructure, and thick client applications. You’ll be responsible for identifying vulnerabilities, exploiting them ethically, and delivering actionable insights to help improve the organization’s security posture. Key Responsibilities: Perform manual penetration tests on: Web applications (OWASP Top 10, business logic flaws) REST/SOAP APIs Mobile applications (Android/iOS) Wireless networks (WPA2/Enterprise, rogue APs) Internal/external network infrastructure Thick client applications (custom-built software) Simulate real-world attack scenarios, leveraging custom scripts, payloads, and tools to bypass defenses. Document detailed findings with proof-of-concept, risk ratings, and tailored mitigation recommendations. Assist with threat modeling and scoping of penetration tests with relevant stakeholders. Collaborate with developers, system admins, and IT teams during remediation and retesting phases. Stay current on emerging threats, techniques, and exploits through continuous research. Contribute to the improvement of internal testing methodologies and reporting templates. Required Skills & Experience: Hands-on experience in penetration testing with a strong emphasis on manual testing techniques. In-depth understanding of web technologies (HTML, JavaScript, HTTP/S, cookies, sessions). Familiarity with OWASP Top 10, MITRE ATT&CK, and CWE/SANS 25. Experience with tools like Burp Suite Pro, OWASP ZAP, Postman, Wireshark, Nmap, and custom scripts. Knowledge of common authentication/authorization mechanisms (OAuth2, JWT, SSO). Hands-on experience in testing mobile apps using tools like MobSF, Frida, or JADX. Proficiency in scripting (Python, Bash, PowerShell) for custom exploit development or automation. Ability to manually analyze application logic and chain vulnerabilities creatively.

Job Title: Mobile Application Security Lead (AppSec) Location: Mumbai Experience Required: 4 5 Years Job Type: Full-time, On-site Job Overview: Talakunchi Networks Pvt Ltd is seeking a skilled and motivated Mobile Application Security Lead to oversee and deliver comprehensive security assessments across Android and iOS platforms. The ideal candidate will have a strong background in mobile app penetration testing and will serve as both a technical lead and client-facing expert, ensuring high-quality delivery across multiple engagements. Key Responsibilities: Lead and execute mobile app security testing for Android and iOS platforms. Perform both automated and manual penetration testing including: Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Runtime instrumentation and analysis Reverse engineer APKs/IPAs to identify vulnerabilities such as hardcoded secrets and logic flaws. Identify and report security issues based on OWASP Mobile Top 10, insecure storage, transport layer issues, and platform-specific flaws. Use advanced tools: Frida, Objection, MobSF, Burp Suite, Jadx, APKTool, Xposed, Postman, etc. Prepare detailed technical reports with: Risk ratings (CVSSv4/custom) Proof of Concept (PoC) Practical remediation recommendations Interact with client-side stakeholders such as AppDev, QA, and InfoSec teams. Review and validate deliverables prepared by junior team members. Assist in pre-sales efforts: scope definition, effort estimation, and technical discussions. Mentor and train junior security analysts in mobile AppSec practices. Stay up-to-date with the latest mobile vulnerabilities, trends, and tools. Required Skills: Strong understanding of mobile security architecture, Android/iOS internals, and sandboxing In-depth knowledge of OWASP Mobile Top 10 and MASVS Proficient in tools such as: Frida, Objection, Burp Suite, MobSF, Charles Proxy, APKTool, Jadx Postman/Insomnia for API testing Experience with Jailbreaking/Rooting, SSL pinning bypass, and secure coding practices Familiarity with software development life cycle (SDLC) and CI/CD environments Experience in ticketing systems like Jira, ServiceNow, etc. Preferred Certifications: CEH eMAPT eWPTXv2 Bonus Points For: Knowledge of mobile CI/CD security pipeline Familiarity with banking/fintech security standards (RBI, PCI DSS, etc.) Experience in effort estimation and VAPT project planning

By continuing to use our website, you consent to the use of cookies. Please refer our Join Our Clan Sr. Cyber Security Analyst Description Job Description We re looking for a seasoned and proactive Sr. Cyber Security Analyst to join our Information Security Group (ISG) at Grazitti Interactive. In this role, you ll take charge of advanced threat detection, incident response, and strategic cybersecurity initiatives to safeguard the organization s digital assets. If you have hands-on experience in network security, SIEM tools, and a deep understanding of cybersecurity frameworks, this is a great opportunity to elevate your career in a fast-paced, tech-driven environment. Skills Key Skills 3+ years of experience in cybersecurity or a related technical role. Bachelor s degree in Computer Science, Information Security, or a relevant field. Expertise in network security, firewalls, intrusion detection/prevention systems. Proficiency in SIEM platforms and security monitoring tools. Strong understanding of frameworks like OWASP Top 10, SANS Top 25. Knowledge of industry standards and regulations. Excellent problem-solving, analytical, and communication skills. Advanced certifications like CISSP, OSCP, or equivalent (preferred). Experience mentoring junior analysts or leading security projects (preferred). Familiarity with cloud security, forensic analysis, and emerging cyber threats. Responsibilities Roles and Responsibilities Detect, investigate, and respond to cybersecurity incidents and alerts. Lead technical investigations and contribute to root cause analysis. Implement and enhance threat detection tools and automation processes. Assist in drafting and enforcing security policies and procedures. Perform internal security reviews, audits, and compliance checks. Maintain documentation for incident handling, risk assessments, and controls. Communicate security updates and incident reports to internal stakeholders. Mentor and guide junior analysts in security protocols and tools. Collaborate with cross-functional teams to drive cybersecurity best practices. Continuously monitor and improve the organization s security posture. Position: Sr. Cyber Security Analyst Thank you for submitting your application. We will contact you shortly! Stay updated with us Life at Grazitti Share Your Profile We are always looking for the best talent to join our team * Skills Upload Your CV Thank you for sharing your profile with us. If it aligns with our requirements, we will reach out to you for the next steps in the process. Marketo Forms 2 Cross Domain request proxy frame This page is used by Marketo Forms 2 to proxy cross domain AJAX requests.

About Northern Trust Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889. Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service. Job Profile Summary Expert responsible for developing and administering solutions that meet system expectations relative to scalability, performance, fault tolerance, usability, and data integrity for the Information Security Operations and Architecture function. This position will collaborate extensively with business, technology, risk and other corporate teams to establish and strengthen adoption of security by design. We operate within a complex landscape driven by client expectations and the diverse needs that comes with operating in countries across the globe. This role is part of the Information Security organization, aligning to Business Information Security Officer (BISO) for Asset Servicing and Chief Operating Office. This role will report to the BISO who reports to the Global Chief Information Security Officer (CISO). Responsibilities Works with management and the architecture team to develop the security strategy and plan and ensures objectives are met. Provides leadership and guidance to staff, fostering an environment that encourages employee participation, teamwork, and communication. Participate in Architecture Review Boards and help teams create secure design. Evaluates proposals to determine if proposed security solutions effectively address enterprise requirements. Displays a balanced, cross-functional perspective, constantly liaising with the business to improve efficiency, effectiveness and productivity. Work with Enterprise Security Architecture team to develop Security blueprints and patterns. Good understanding of vulnerability management. Interfaces frequently with information security industry groups to stay abreast of emerging security trends. Focus of role is on execution of strategic direction of business function activities. Identifies alternative functional security strategies to balance organizational IT security concerns and business requirements. Description Guides the development, specification and communication of application or infrastructure architectures used by business or application systems. Security architect primarily focused on technologies related to authentication, authorization, access management, governance, controls, regulatory requirements etc. As a key member of Workforce authorization and authentication team this candidate will play a vital role in ensuring the secure and compliant implementation of various solutions (Hybrid and Cloud). Provides extensive, in-depth, technical consultation to the clients, partners, and IT Management to develop plans and directions to assure the integration of corporate business area requirements. Thoroughly understands decision process issues of technology choice, such as design, data security, client server communication, etc. Evaluates and selects from existing and emerging technologies those options best fitting business/project needs Promotes sharing of expertise through consulting, presentations, and documentations, etc. Experienced, functional expert with technical and/or business knowledge and functional expertise Carries out complex initiatives involving multiple disciplines and/or ambiguous projects Displays a balanced, cross-functional perspective, liaising with the business to help improve efficiency, effectiveness, and productivity Qualifications Knowledge of network architecture concepts including topology, protocols, components and the application of Defense-In-Depth principles Ten years of experience in the Information Security roles preferred; wide range of technical experience across multiple Cyber Security domains. Five years of experience as a Security Architect In-depth knowledge and experience on Entra ID, EPM, Sentinel, Azure, M365, AWS Security is required Excellent communication skills with the ability to convey complex technical and non-technical concepts in verbal products & excellent writing skills Thoroughly understands and provides solutions considering Security technology choices, such as design, protocols support, secrets management, data security, client server communication, token handling, Session management, credential vaulting, OIDC/ OAuth flows, Okta usage and implementations, authorization patterns, identity federation, cloud architectures, cryptography, cloud native services, cloud security etc. Good understanding of Cloud Infrastructure Entitlement Management solution (CIEM) to ensure continuous improvement in Security Posture by providing consultations to application teams Exposure to API Management, Firewalls, DLP, VPNs, DNS, Azure Defender, MCAS, Sentinel, WAFs, Application Gateways, NSGs, App Proxy, Radius clusters, CDN etc. Deep understanding of Applications security, OWASP standards, security best practices, browser compatibilities/storages/cookies Displays a balanced, cross-functional perspective under information security, liaising with other towers and business to help improve Security centric designs Strong knowledge on Identities management on Azure AD with OAuth, OIDC, SAML, SSO, MFA, Conditional access policies, MFA, Kerberos, LDAP, Identity Federations etc. Strong knowledge of: Security architecture patterns, requirements, and security controls; Security controls like Authentication, Authorization, Data Security, IAM; Threat modeling frameworks and methodologies Secure code reviews and utilizing outputs Common frameworks and standards such as CRI and NIST Knowledge of penetration testing tools and techniques (e.g., metasploit, neosploit, etc.) Working With Us As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas. Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose. We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater Reasonable accommodation Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com. We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people. Apply today and talk to us about your flexible working requirements and together we can achieve greater.

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Technical and Professional Requirements: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Preferred Skills: Technology-Security Testing-Security Testing - ALL

Job Summary This position is a Contractor at Senior Specialist Cyber Security role for performing Application Security Testing in Cyber Security Organization. This profile will be passionate in preventing risk by performing remediation validation of vulnerabilities identified during the testing process. While doing so they will also be identifying vulnerabilities in the applications of the enterprise by configuring scan settings for effective vulnerability enumeration, Identify and document findings, approve false positives and define/document approved mitigations used by AppSec Testers. Experience Level: 8 years Location: Hyderabad or Bengaluru Roles and Responsibilities: ¿ Perform SAST/SCA/DAST scans using industry vulnerability scanner ¿ SAST/SCA ¿ Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE¿s as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. ¿ DAST ¿ Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. ¿ This person will be primarily tasked to execute scan retest by performing revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams. ¿ During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities. ¿ Tester must ensure results from scanner are present in Vulnerability reporting platforms and visible to approved app users. ¿ Perform manual validation and false positive analysis on the automated scan results.¿ ¿ Provide remediation support will analyze the top rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks. Primary / Mandatory skills: Overall ¿ 8+ years of IT experience ¿ 7+ years of application security Experience ¿ 5+ years of Application Security testing Experience ¿ Bachelor's degree required. ¿ Deep familiarity with the OWASP Top 10 and other security concerns for web applications ¿ Deep Understanding of OWASP Application Security Verification Standards (ASVS) ¿ Deep understanding of SAST, DAST, SCA Scanning practices ¿ Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. ¿ Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools. ¿ Understanding of SAST, DAST tools and dependency scanning tools ¿ Experience working/integrating with secret management systems. ¿ Advanced knowledge of front end and back end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) ¿ Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications. ¿ Strong documentation skills ¿ Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) ¿ Team oriented thinking with demonstrated ability to produce high quality work as part of a fast paced, dynamic team. ¿ Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas. Technical Skills: SAST, DAST, SCA

**About REA Group:** In 1995, in a garage in Melbourne, Australia, REA Group was born from a simple question: “Can we change the way the world experiences property?” Could we? Yes. Are we done? Never. Fast forward 30 years, REA Group is a market leader in online real estate in three continents and continuing to grow rapidly across the globe.The secret to our growth is staying true to that ‘day one’ mindset; the hunger to innovate, the ambition to change the world, and the curiosity to reimagine the future. Our new Tech Center in Cyber City is dedicated to accelerating REA Group’s global technology delivery through relentless innovation. We’re looking for the best technologists, inventors and leaders in India to join us on this exciting new journey. If you’re excited by the prospect of creating something magical from scratch, then read on. **While no two days are likely to be the same, your typical responsibilities will include:** + Lead, recruit, coach, and develop a high-performing Security Engineering team, building an inclusive and collaborative culture aligned with REA’s values and commitment to diversity. + Act as a mentor for both junior and senior engineers, fostering a growth mindset, curiosity, and technical excellence. + Collaborate with product and design teams to transform user needs into technical specifications. + Contribute to REA’s technical strategy and roadmap, aligning with business goals and stakeholders. + Embed secure-by-design principles in all aspects of system, platform, application, and identity architecture spanning cloud, enterprise, and product environments. + Coach teams to embed security practices throughout the full DevSecOps lifecycle, including code reviews, threat modelling, vulnerability management, and incident response. + Define, advocate and exemplify best practices within the team like writing clean and reusable code using TDD, pair programming, and design patterns. + Champion innovation adopting and adapting next-gen approaches such as AI-driven security, zero trust, and “paved road” patterns to stay ahead of the threat landscape. + Actively collaborate with Product, Engineering, Platform, and other business units to ensure security is embedded and enables speed, quality, and trust. **Who we’re looking for:** + 8-13 years of progressive experience in software engineering, security engineering, or product / application security. + Demonstrated experience leading, mentoring, and managing security engineering or product security teams in a high-scale, agile technology environment (preferably SaaS, cloud-native, or platform-centric). + Track record of successfully delivering security programs, initiatives, or platforms in partnership with engineering leadership and technical program managers. + Strong technical skillset (across one or more of) product / application security, enterprise IAM, endpoint security, cloud security, DevSecOps, vulnerability management, and security automation. + Solid understanding of relevant security frameworks (e.g. OWASP Top 10, ASVS, NIST, MITRE ATT&CK), CI/CD security integration, and modern infrastructure-as-code. + Practical knowledge of secure cloud services (e.g. AWS, Azure), with ability to design “paved roads” and security guardrails for developers. + Is committed to lifelong learning, staying updated on the latest web development trends to tackle complex challenges. + Collaborative, open-minded and experienced in scaling healthy team culture and contributing to diversity and inclusion. + Networking or Endpoint Security. + Knowledge of delivery approaches such as TDD, CI and infrastructure automation. + Skilled communicator, able to influence and explain complex technical risks to diverse audiences, including engineers, business leaders, and executives. **As a Bonus:** + Well-versed in two or more languages (JavaScript, TypeScript, React, and Node.js.) + Advocate for code quality and security. Lead code reviews, unit testing, and deployments to ensure users trust the reliability and security of the code. **What we offer:** + A hybrid and flexible approach to working. + Transport options to help you get to and from work, including home pick-up and drop-off. + Meals provided on site in our office. + Flexible leave options including parental leave, family care leave and celebration leave. + Insurance for you and your immediate family members. + Programs to support mental, emotional, financial and physical health & wellbeing. + Continuous learning and development opportunities to further your technical expertise. **The values we live by:** Our values are at the core of how we operate, treat each other, and make decisions. We believe that how we work is equally important as what we do to achieve our goals. This commitment is at the heart of everything we do, from the way we interact with colleagues to the way we serve our customers and communities. **Our commitment to Diversity, Equity, and Inclusion:** We are committed to providing a working environment that embraces and values diversity, equity and inclusion. We believe teams with diverse ideas and experiences are more creative, more effective and fuel disruptive thinking be it cultural and ethnic backgrounds, gender identity, disability, age, sexual orientation, or any other identity or lived experience.We know diverse teams are critical to maintaining our success and driving new business opportunities. If you’ve got the skills, dedication and enthusiasm to learn but don’t necessarily meet every single point on the job description, please still get in touch. **REA Group in India** You might already recognise our logo. The REA brand does have an existing presence in India. In fact, we set up our new tech hub in Gurugram to be their neighbours! REA Group holds a controlling interest in REA India Pte. Ltd., operator of established brands Housing.com, Makaan.com and PropTiger.com, three of the country’s leading digital property marketplaces.Through our close connection to REA India, we’ve seen first-hand the incredible talent the country has to offer, and the huge opportunity to expand our global workforce.Cyber City Tech Center is an extension of REA Group a satellite office working directly with our Australia HQ on local projects and tech delivery. All our brands, across the globe, connect regularly, learn from each other and collaborate on shared value initiatives.

Key Responsibilities Technical Leadership Lead Python development teams on enterprise-grade projects Own and drive architectural decisions and code quality Conduct design and code reviews, and ensure adherence to best practices Backend Development Build and maintain robust, scalable backend services using Python frameworks (Django, FastAPI, Flask) Design APIs, background workers, and data pipelines Team Mentoring Mentor and guide junior and mid-level developers Provide training, performance feedback, and career guidance DevOps and Deployment Work with DevOps to define CI/CD pipelines and deployment strategies Collaborate on containerization using Docker, orchestration with Kubernetes Client and Stakeholder Interaction Translate business requirements into technical solutions Participate in client calls for requirement gathering, demos, and feedback sessions Required Skills 7+ years of Python development experience Strong command over frameworks like Django, FastAPI, Flask Proven experience in API development and integration (REST, GraphQL) Experience with relational (PostgreSQL, MySQL) and NoSQL (MongoDB, Redis) databases Solid understanding of system architecture, design patterns, and scalability Familiarity with asynchronous programming (e.g., Celery, asyncio) Hands-on experience with Docker, Git, and CI/CD pipelines Exposure to cloud platforms (AWS/GCP/Azure) Good understanding of security best practices (OWASP, data protection) Preferred Skills Experience with AI/ML pipelines, data engineering, or microservices Prior experience in leading Agile/Scrum teams Familiarity with front-end technologies (React/Angular) is a plus Contributions to open-source projects or technical blogs Soft Skills Strong problem-solving and decision-making abilities Excellent communication and stakeholder management skills Ability to multitask and manage priorities in a fast-paced environment Team-oriented with a proactive and collaborative approach

Noida 5+Years As per Industry Standards At Acompworld, we are trusted technology partners to leading enterprises, transforming their most complex challenges into scalable, intelligent, and secure software solutions. We are looking for a seasoned Senior Full Stack Engineer who is passionate about building high-impact products and thrives in a client-facing, collaborative environment. Job Responsibilities Solution Architecture: Lead the design,development, and deployment of sophisticated, secure, and scalable applicationsusing modern front-end and back-end technologies. AI-Powered Innovation: Integrate and leverageAI/ML services (e.g., OpenAI, Azure AI, Google Vertex AI) to build intelligentfeatures and automate business processes for our enterprise clients. Cloud & DevOps: Architect and managerobust solutions on AWS, Azure, or GCP. Champion a strong DevOps culture bybuilding and maintaining automated CI/CD pipelines using Infrastructure as Code(IaC), Docker, and Kubernetes. Observability & Performance: Implement and manage monitoring, logging, and alertingsolutions (e.g., using Datadog, Prometheus, Grafana, ELK Stack) to ensure highavailability and performance of production systems. Data-Driven Systems: Design and implementsolutions that involve complex data models and integrate with large-scaledatabases and data pipelines. Client Partnership: Collaborate directlywith enterprise stakeholders to translate complex business requirements intodetailed technical specifications, lead solution demos, and iteratively refineproducts based on feedback. Team Mentorship & Quality Advocacy: Mentor junior engineers, conduct rigorous code reviews, andenforce best practices in testing, security (OWASP Top 10), and accessibility(WCAG/ADA) to ensure enterprise-grade quality. Required Skills Frontend: Expert proficiency inat least one modern framework (React, Angular, or Vue) with TypeScript. Deepunderstanding of state management (e.g., Redux, Zustand, NgRx), modern CSS, andbuilding responsive, accessible UIs. Backend: Proven experience withone or more server-side languages (Node.js, Python, .NET Core, Java), includingdesigning and building secure RESTful and/or GraphQL APIs. Databases: Advanced proficiencywith both SQL (e.g., PostgreSQL, SQL Server) and NoSQL (e.g., MongoDB,DynamoDB, Cosmos DB) databases, including data modeling and performance tuning. Cloud Platform: Demonstrable experiencedeploying and managing production applications on AWS, Azure, or GCP (includingserverless, containers, IAM, and networking). DevOps & IaC: Hands-on experience withCI/CD tools (e.g., GitHub Actions, Jenkins, Azure DevOps) and Infrastructure asCode (e.g., Terraform, CloudFormation). Strong knowledge of Docker andcontainer orchestration with Kubernetes. Architecture & Integration: Solid understanding of microservices and event-drivenarchitecture. Proven experience integrating with enterprise systems (e.g., SAP,Salesforce, Oracle) and third-party services (e.g., Auth0, Stripe). Soft Skills: Exceptionalcommunication, problem-solving, and leadership skills. Ability to workautonomously and translate ambiguous client needs into concrete technicalsolutions. Nice-to-Have Skills Experience within aspecific enterprise domain (e.g., Energy, Manufacturing, Supply Chain,Healthcare). Relevant cloudcertifications (e.g., AWS Certified Solutions Architect, Azure DeveloperAssociate). Experience with datavisualization libraries or tools (e.g., D3.js, Power BI, Tableau). Educational Qualifications: B.Tech / M.Tech / MCA

Application Security Risk Classification Analyst Project description Do you have the know-how to apply business analysis techniques to deliver process and control execution in Application Security area? Are you a committed and collaborative team player with an analytical and logical mind-set? Are you motivated to work in a complex, diverse and global environment? ASCA (Application Security Risk Classification (ASCA) is part of a global organization within Technology Information Security Office (TISO). Our services focus on Cyber Hygiene for applications and infrastructure, detecting/remediating/governing measures for cyber threats. . You'll be working as part of our global Application Security team. As an ASCA Analyst, you'll play an important role in ensuring the on-going cyber-security of our client. We offer flexibility in the workplace and equal opportunities to all our team members. Our team is global, diverse and collaborative as we work across organizations to keep our technology, applications and the businesses they support secure. Responsibilities We're looking for a ASCA business analyst to: On-board applications to Application Security Framework (ASF) in cooperation with the Software Component Manager (SWCM) Management of applications in scope of control processes and execution Management of the pipeline of the applications to be onboarded Coordinating entries to Application Security Management System Compliance reporting to stakeholders, including risk and compliance teams. Production Tollgate verification for releasing applications into Production environment. Skills Must have Your expertise Ideally 2-3 years of experience in applying cyber security analysis or administration, preferably in IT Security or Risk Management projects (Application Security area preferred). Experience with data analysis proficiency with Excel is a must. Ability to work independently on assigned tasks and driving them from start to completion. Ability to challenge and propose possible improvements (in various areas, e.g. process, reporting) Ability to explain complex concepts in a clear and concise manner Use to work with stakeholders on different levels of the organization Use to work in a demanding and variable environment Excellent written and verbal communication skills Fluent in English Nice to have Experience within Application Security area preferred

Location: IN - Hyderabad Telangana Goodyear Talent Acquisition Representative: M Bhavya Sree Sponsorship Available: No Relocation Assistance Available: No Required Job Description: 9+ years of experience with AWS (EC2, ECS/EKS, Lambda, IAM, VPC, CloudTrail, CloudWatch). Proven use of GitHub Actions, GitHub Enterprise, Terraform, Ansible. Strong expertise in SonarQube, code quality, and static analysis tooling. Experience with Datadog, APM tools, log aggregation, metrics dashboards. Strong foundation in testing strategies (unit, contract, performance, integration, E2E). Security automation experience (e.g., secrets management, container/image scanning). Proficient in scripting (e.g., Bash, Python) and YAML-based configuration. Preferred Experience with OWASP, threat modeling, or policy-as-code (e.g., OPA). Familiarity with container orchestration (e.g., Kubernetes on EKS). Knowledge of service mesh, API gateways, and secure networking principles. Goodyear is an Equal Employment Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to that individual's race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender identity, age, physical or mental disability, ethnicity, citizenship, or any other characteristic protected by law. Goodyear is one of the world’s largest tire companies. It employs about 68,000 people and manufactures its products in 53 facilities in 20 countries around the world. Its two Innovation Centers in Akron, Ohio and Colmar-Berg, Luxembourg strive to develop state-of-the-art products and services that set the technology and performance standard for the industry. For more information about Goodyear and its products, go to www.goodyear.com/corporate

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Ping Identity Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We need skilled Ping Identity Engineer with strong experience implementing and supporting customer identity and access management (CIAM) solutions using the Ping Identity suite, including PingOne, Ping DaVinci, and PingFederate. You will design, deploy, and maintain modern CIAM capabilities, working closely with business stakeholders, developers, and security teams to deliver secure and seamless customer authentication experiences. Roles & Responsibilities:-Develop customer authentication and authorization workflows-Integrate with third-party identity providers, directories, and social logins-Configure PingOne platform (PingOne MFA, PingOne Risk, PingOne DaVinci orchestration)-Set up policies for adaptive authentication, step-up authentication, and user journeys-Implement PingFederate for SSO and federation use cases-Support provisioning and lifecycle management via PingOne-Ping DaVinci:Design and build drag-and-drop workflows for identity verification, fraud detection, and progressive profiling-Integrate DaVinci flows with APIs, third-party tools, and identity proofing services Professional & Technical Skills: - Must To Have Skills: Proficiency in Ping Identity.- Strong understanding of cloud security principles and practices.- Experience with identity and access management solutions.- Knowledge of security frameworks such as NIST, ISO 27001, or CIS.- Familiarity with risk assessment methodologies and compliance requirements. Additional Information:- The candidate should have minimum 5 years of experience in Ping Identity.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Technical Architect – Hybrid Infrastructure, Cloud & Security As enterprises operate in hybrid environments—balancing legacy systems with public cloud adoption—the need for a security-aware infrastructure architect has become mission-critical. This role ensures that architectural decisions are secure by design, scalable, and compliant across on-prem, cloud, and emerging AI-driven ecosystems. The position exists to enable governed transformation while aligning IT infrastructure and cloud strategies with enterprise risk posture, regulatory compliance, and AI/GenAI governance principles. Reporting Line Reports To: AVP – Global IT Security and Compliance Works Closely With: Cloud Engineering, Infrastructure Operations, Cybersecurity, Compliance, Enterprise Architecture, and Data Governance Teams What We Are Looking For We are looking for a strategic Technical Architect with a deep understanding (hands-on not mandatory) of: - Hybrid infrastructure design principles (on-prem and cloud) - Cybersecurity best practices (Zero Trust, segmentation, data protection) - Enterprise governance frameworks (TOGAF, COBIT) - AI/ML platform governance, including GenAI tool oversight, risk assessment, and policy alignment The ideal candidate should be able to evaluate, influence, and architect platforms that align with the organization's security, compliance, and digital transformation goals. Technical & Governance Focus Areas - Cloud Architecture (Azure/AWS/GCP): Understanding of services, architectural patterns, IAM, encryption, and secure connectivity - Infrastructure Design: DC/DR, segmentation, SD-WAN, perimeter design, and HA models - Cybersecurity Alignment: Security zones, threat modeling, CSPM, CNAPP, and DLP strategies - DevOps & Automation Governance: IaC awareness, CI/CD pipeline oversight, policy-as-code understanding - AI/ML & GenAI Governance: - Familiarity with model lifecycle management, data privacy, auditability, and usage control - Alignment to ISO 42001, NIST AI RMF, and enterprise AI/GenAI policy frameworks Governance & Framework Alignment - Strong knowledge of TOGAF, COBIT, ISO 27001, and risk-driven architecture - Participates in Architecture Review Boards, Cloud Governance Councils, and AI oversight groups - Aligns with DSPM, Cloud Compliance Posture, and Zero Trust strategies Preferred Certifications - Cloud: Azure Solutions Architect, AWS SA-Professional, or GCP Architect - Architecture: TOGAF Certified, COBIT 2019 Foundation - Security: CISSP, CCSP (preferred) - AI Governance (Nice to Have): Familiarity with ISO 42001, NIST AI RMF Expanded Cybersecurity Alignment (Updated with OWASP) - Zero Trust and Segmentation: Familiarity with secure network and identity architecture patterns - Data Protection Lifecycle: Understanding of encryption, tokenization, DLP, and secure access - Threat Modeling: Awareness of techniques such as STRIDE, DREAD, and OWASP Top 10 risks, especially relevant for APIs, cloud-native apps, and AI-driven interfaces - API and Web Security: Ensures compliance with OWASP API Security Top 10 and Secure Coding Guidelines - Collaborates with AppSec teams to embed secure architecture practices into CI/CD pipelines AI/ML & GenAI Governance (Extended) - Ensures that GenAI tools and APIs adhere to secure integration principles, including OWASP AI Security & Privacy Guidelines - Participates in defining secure usage boundaries, input sanitization, and output validation frameworks - Collaborates with data scientists and ML engineers to map AI flows to threat models and control objectives Qualifications [Some qualifications you may want to include are Skills, Education, Experience, or Certifications.] Example: Excellent verbal and written communication skills

About Responsive Responsive (formerly RFPIO) is the global leader in strategic response management software, transforming how organizations share and exchange critical information. The AI-powered Responsive Platform is purpose-built to manage responses at scale, empowering companies across the world to accelerate growth, mitigate risk and improve employee experiences. Nearly 2,000 customers have standardized on Responsive to respond to RFPs, RFIs, DDQs, ESGs, security questionnaires, ad hoc information requests and more. Learn more at responsive.io. About the Role Responsive is looking for a Senior Quality Engineer (Security) to ensure the security, reliability, and compliance of applications and infrastructure. You will design and execute security tests, identify vulnerabilities, and drive remediation strategies while collaborating with cross-functional teams in an Agile environment. What You’ll Be Doing Security Testing & Risk Assessment: Conduct penetration testing, vulnerability assessments, and threat modeling to identify security risks across applications, APIs, and infrastructure. Automation & Tooling: Develop and maintain security testing automation using tools like Burp Suite, ZAP or similar tools. Integrate security testing into CI/CD pipelines. Incident Response & Remediation: Collaborate with development, QE, and DevOps, teams to investigate security incidents, perform root cause analysis, and validate security fixes. Collaboration & Agile Practices: Work closely with engineering, product, and DevOps teams to embed security in the SDLC. What We’re Looking For Education Bachelor’s degree in Computer Science, IT, or related field. Experience 5-8 years of experience in security testing, penetration testing, and vulnerability assessment. Knowledge, Skills & Ability Strong experience in web, API, and cloud security testing. Proficiency in SAST/DAST tools and security frameworks like OWASP Top 10, CWE, and CVSS. Hands-on experience with Burp Suite, ZAP or similar tools. Familiarity with network security, authentication mechanisms (OAuth, JWT, SAML), and cryptographic protocols. Knowledge of DevSecOps practices and integrating security in CI/CD pipelines. Ability to analyze security logs, interpret alerts, and perform root cause analysis. Excellent communication skills to collaborate with cross-functional teams and present security findings. Why Join Us? Impact-Driven Work: Build innovative solutions that redefine strategic response management. Collaborative Environment: Work with a passionate team of technologists, designers, and product leaders. Career Growth: Be part of a company that values learning and professional development. Competitive Benefits: We offer comprehensive compensation and benefits to support our employees. Trusted by Industry Leaders: Be part of a product that is trusted by world-leading organizations. Cutting-Edge Technology: Work on AI-driven solutions, cloud-native architectures, and large-scale data processing. Diverse and Inclusive Workplace: Collaborate with a global team that values different perspectives and ideas.

Description We are seeking a highly technical Lead Software Engineer to drive the architecture, scalability, and engineering excellence of our core platforms. This role is ideal for someone who thrives on solving complex engineering problems and scaling distributed systems in production. You will design, build, and optimize full-stack systems with a strong focus on microservices, event-driven architecture, and cloud-native DevOps. You’ll work across the stack, from backend services and frontend performance to CI/CD, observability, and security. Responsibilities 1. Architecture & Scalabilit y • Architect and implement highly scalable microservices-based systems using Python (Django) or Node.js. • Design event-driven architectures using Kafka, RabbitMQ, or AWS SQS/SNS. • Build low-latency, high-throughput APIs, utilizing Redis/Memcached and CDNs. • Apply distributed systems patterns (e.g., CQRS, Saga, Circuit Breaker) for resilience and consistency. • Use container orchestration (e.g., Kubernetes) and serverless platforms (AWS Lambda, Azure Functions) for scalable, cloud-native deployments. 2. Full-Stack Engineeri ng • Build RESTful or gRPC APIs with Python (Django), or Node.js (Express/NestJS). • Develop high-performance frontend applications with React.js (Next.js), TypeScript, and state management (Redux, Zustand). • Design optimized database schemas across PostgreSQL, MySQL, MongoDB, or Cassandra, with attention to indexing, replication, and sharding. • Implement real-time features using WebSockets (Socket.io) or GraphQL subscription s. 3. DevOps & Cloud Infrastructure • Build and automate CI/CD pipelines using GitHub Actions, GitLab CI, or Jenkins with IaC tools like Terraform or Pulumi. • Manage Kubernetes clusters (EKS, GKE, AKS) using Helm and service meshes (Istio, Linkerd). • Set up robust monitoring and observability stacks (Prometheus, Grafana, OpenTelemetry, ELK). • Deploy security-first infrastructure in AWS, GCP, or Azure, following DevSecOps best practices. 4. Code Quality & Security • Enforce engineering standards via linters (ESLint, Pylint), static analysis (SonarQube), and automated testing (Jest, Pytest). • Conduct security audits and integrate SAST/DAST tools (Snyk, OWASP ZAP, Trivy) into CI/CD. • Implement zero-trust architectures using OAuth 2.0, JWT, and RBAC for access control. • Ensure compliance with OWASP Top 10 and other secure development standards. Eligibility ✅ 6+ years of hands-on experience building scalable, distributed software systems. ✅ Deep backend experience in Python (Django) or Node.js (Express/NestJS). ✅ Strong frontend experience with React.js, TypeScript, and Next.js. ✅ Proven experienc e in microservices, event-driven architect ures, and message br okers like Kafka or RabbitMQ. ✅ Hands-on expertise in both SQL (PostgreSQL, MySQL) and NoSQL (MongoDB, Redis, Cassandra). ✅ Solid DevOps skills including Kubernetes, Docker, and cloud plat forms (AWS/GCP/Azure). ✅ Strong knowledg e of secure coding practices, API security, and web application hardening. Preferred (Nice to Have): 🔹 Knowledge of blockchain technologies (Ethereum, Hyperledger, Solidity). 🔹 Experience with Web3 libraries (Web3.js, Ethers.js). 🔹 Contributions to open-source, technical blogs, or whitepapers. Educational Qualifications: 🎓 B.Tech / M.Tech in Computer Science or related field (Mandatory). Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph.

About Us Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com. Role Summary Sophos is seeking a talented, experienced Software Development Engineer in Test to join our Sophos Central team. As a member of the Sophos Central Software Development Engineer in Test team, you will be working directly with Development, UX, PM and other functional groups to ensure highest quality software development and releases for the Central product. We look forward to welcoming another fantastic member onto our team! What You Will Do Design, develop, and maintain scalable and reliable test automation frameworks to ensure thorough coverage of application features Create and execute comprehensive test plans, including unit, integration, functional, and end-to-end tests to ensure high-quality releases Implement and optimize test automation within CI/CD pipelines for faster feedback cycles, leveraging parallel test execution and intelligent test segmentation Continuously improve test coverage and maintain high-quality standards by identifying gaps and addressing flaky tests. Provide detailed reporting and metrics on test results and quality status Work closely with developers, product managers, and other stakeholders to understand requirements and deliver high-quality software with automated tests from the start Incorporate performance and security testing into the automation pipeline, using tools like JMeter and OWASP ZAP to ensure robust and secure applications What Will You Bring 3-8 years of experience in Java automation testing Proficiency in Java coding and experience in writing maintainable, efficient, and scalable Java test scripts Proven experience in test automation framework development (preferably using Selenium) Experience testing RESTful web services Strong knowledge of CI/CD pipelines and experience with automation in environments like Jenkins, GitLab CI, or similar Familiarity with performance testing tools (e.g., JMeter, Gatling) and security testing tools (e.g., OWASP ZAP, Burp Suite) Desired to have experience with version control systems (e.g., Git) and code coverage tools (e.g., JaCoCo, Istanbul) Solid understanding of Agile methodologies and test strategies (unit, integration, regression, E2E, TDD) Expertise in writing clear, maintainable, and scalable test scripts Familiarity with cloud environments (e.g., preferably AWS) and containerization technologies (e.g., Docker) for scalable test execution Strong problem-solving skills and the ability to troubleshoot complex test automation issues Ready to Join Us? At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply. What's Great About Sophos? · Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. Please refer to the location details in our job postings for further information. · Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit · Employee-led diversity and inclusion networks that build community and provide education and advocacy · Annual charity and fundraising initiatives and volunteer days for employees to support local communities · Global employee sustainability initiatives to reduce our environmental footprint · Global fitness and trivia competitions to keep our bodies and minds sharp · Global wellbeing days for employees to relax and recharge · Monthly wellbeing webinars and training to support employee health and wellbeing Our Commitment To You We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know. Data Protection If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Job Summary: We are seeking a highly experienced “Senior VAPT & Penetration Testing Specialist” to lead and ensure the quality and effectiveness of our vulnerability assessment and penetration testing operations. This role involves findings, validating findings, reviewing technical reports, ensuring compliance with standards (OWASP, PTES, NIST, etc.), and improving methodologies and tools. Key Responsibilities: Conduct in-depth vulnerability assessments and penetration tests on web, mobile, network, API, and cloud infrastructure using manual and automation. Utilize industry-standard tools like SQLMap, Burp Suite, Nessus, Nmap, and custom scripts for advanced exploitation techniques. Simulate various cyber-attacks including DDoS, Brute Force, XSS, SQL Injection, DNS attacks, and Social Engineering to identify system vulnerabilities. Perform peer reviews of technical deliverables and verify accuracy of findings and recommendations. Ensure that all assessments are aligned with industry standards such as OWASP, PTES, MITRE ATT&CK, and NIST. Act as a technical lead and mentor for junior VAPT team and QA team members. Identify gaps in the current testing methodologies and implement process improvements. Prepare detailed documentation and the VA report and ensure clear, actionable, and risk-rated reporting. Collaborate with clients and internal teams to understand scope and provide post-assessment clarifications. Present the client meeting for the future VAPT assignments. Stay updated with emerging threats, tools, techniques, and frameworks. Required Skills & Qualifications: Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field. 3 to 5 years of hands-on experience in VAPT and penetration testing. In-depth knowledge of web, network, mobile, cloud, and API security. Strong understanding of secure coding practices and vulnerability management. Expertise in tools like Burp Suite, Nmap, Nessus, Metasploit, Qualys, Kali Linux, Wireshark, etc. Familiarity with SIEM, IDS/IPS, EDR tools is a plus. Excellent report writing and documentation skills. Strong communication and overseas client-interaction skills. Preferred Certifications: OSCP (Offensive Security Certified Professional) – Highly preferred CEH (Certified Ethical Hacker) CREST / GPEN / GWAPT / CISSP – Optional but desirable ISO 27001 Lead Auditor or Lead Implementer – Added advantage

Job Summary Excellent understanding of Linux and cyber security attacks like SQL Injection risks. Hands on experience on secure APIs, Container and Kubernetes security, etc. Knowledge on SAST (Static Analysis), DAST (Dynamic Analysis) and SCA (Software composition Analysis) tools, Threat Modelling & Risk Assessment, PEN testing Implement and manage tools for scanning and monitoring - AquaSec, X-Ray, SonarQube, Coverity, etc. Hands on Github experience, ability to own manual and automated security testing, investigation and troubleshoot of any issues. Proactively work towards fix and mitigation of common vulnerabilities. Investigate and propose practical solutions Ability to clearly communicate security issues to tech and non tech stakeholders Perform code reviews from security perspective. Security Testing & Validation Evaluate security of open-source and third-party dependencies and recommend safer versions. Knowledge on web certifications and related risks. Work with DevOps to implement runtime security measures (e.g., WAF, logging, monitoring). Strong understanding of products security concepts. Ensures product security aligns with industry standards (OWASP, ISO, GDPR, Etc.) Help define security acceptance criteria for user stories. Collaborate with architects to mitigate design-level vulnerabilities Educate team on secure coding practices

Note : Face to face interview on 26 July - Saturday -Pune office - Hadapsar About the Position Reporting to the Software Engineering Manager as a member of the Development team in India, the Software Engineer is responsible for delivering quality and performant software and design to handle the vast array of use cases that our customers have today. This role is responsible for Developing Software Solutions by learning information needs, discussing with managers, studying systems flow, data usage, finding problem areas and coming up with solutions & following the software development lifecycle. Work Type: Hybrid (3 days a week in office) Office Address: 4th Floor, WeWork Amanora Crest, Amanora Park Town, Magarpatta, Hadapsar, Pune, Maharashtra 411028 We are looking for: 9+ years of experience in product development field 2+ years of recent experience in building products on cloud Strong understanding of data structures, algorithms, and designing for performance Strong knowledge in OOPS with .Net, Entity Framework, C# and SQL Server or any RDBMS Hands-on experience with Microservices Architecture Hands-on experience in building products for Unix systems in addition to Windows Hands-on experience with CI/CD pipelines and experience with any of the following cloud services (AWS/Azure/GCP/Private cloud) Knowledge of asynchronous programming and WebAPI development is required Knowledge and awareness of cloud/ application security is a must (OWASP at the minimum) Extensive experience in mentoring junior engineers to success Strong logical, analytics and problem-solving skills Must be able to work effectively across team boundaries Strong oral and written communication skills Good to have experience with either Angular, Vue or React Candidate Requirements & Qualifications: Graduate/Master's degree in Computer Science, Engineering, or a related discipline Strong logical, analytics and problem-solving skills Must be able to work effectively across team boundaries Attention to details Ability to work independentl