3171 Owasp Jobs - Page 2

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Associate Job Description & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively. *Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary : We are seeking a highly skilled and experienced Cybersecurity/Risk Consulting Senior Associate to join our Risk Consulting team. As a Cybersecurity Senior Associate, you will be responsible for leading and managing a team of consultants to deliver high-quality cybersecurity and risk management services to our clients. Responsibilities: Key Responsibilities: Good interpersonal skills (written and oral communication) and ability to articulate complex issues Ability to communicate technical information clearly and concisely, commensurate with the audience Conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates. Good communicator (written and verbal) and listener. Must be a team player and motivated self-starter with ability to work independently with limited supervision. Must be assertive, methodical and detail oriented Technical Experience: Experience in Web and Mobile Application Security Testing, Vulnerability Assessment and Penetration testing Analyze scan reports and suggest remediation / mitigation plan for security vulnerabilities Should be aware of tools like Qualys, HP Fortify, IBM Appscan, Burpsuite, Kali Linux suite of tools Expertise in mobile apps reverse engineering and in-depth knowledge of Android and iOS ecosystems. Knowledge of industry standard tools for mobile pentest. Thorough understanding of OWASP Top 10 vulnerabilities and their mitigations. Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Conduct penetration test and launch exploits using Nessus, Metaspoilt, kali linux penetration testing distribution tools sets Conduct Vulnerability Assessments of Network Devices using various open source and commercial tools Map out a network, discover ports and services running on the different exposed network and security devices Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption. In-depth understanding on Common Vulnerability Exposure (CVE)/ CERT advisory database. Broad background of networks, operating systems (Window, Unix, Linux), firewalls and security engineering concepts. Knowledge of scripting languages (Perl, Python, Shell etc) will be added advantage Knowledge of Open-Source Security Testing Methodology Manual (OSSTMM) Mandatory skill sets: CEH, ECSA, LPT (any one) Preferred skill sets: OSCP, OSWE Years of experience required: 1-10 Years Education qualification: B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills Vulnerability Assessments Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Azure Data Factory, Communication, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture, Security Compliance Management, Security Control, Security Incident Management, Security Monitoring {+ 3 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date

Overview The Information Security Assessment Lead is responsible for safeguarding PepsiCo's digital assets by assessing the cyber risk and compliance of new and changing systems against information security requirements and managing risks associated with IT and Information Security systems throughout the project lifecycle. The ISA Lead will collaborate with various security teams and businesses to facilitate compliance with Information Security standards, provide technical guidance for key strategic initiatives, and drive the secure delivery of technology solutions within PepsiCo. The role heavily focuses on security risk-based assessments, and data-driven decision-making and automation. Responsibilities Security Design Expertise: Proven track record in assessing security designs, including data flow diagrams, architectural blueprints, low-level designs, networking diagrams, authentication mechanisms, and authorization schemes. Must demonstrate experience in aligning these designs with industry standards such as NIST 800-53, ISO 27002, CIS, and OWASP to ensure robust security postures. Skilled at identifying potential security gaps and implementing best practices to fortify system architectures against emerging threats. Familiarity with the latest security tools and technologies, as well as experience in integrating security measures into complex IT environments, is essential. Compliance Assessment: Assess new and changing application designs and requirements to ensure compliance with PepsiCo information security standards. Risk Communication: Identify, quantify, and communicate technology risks impacting the business, recommending resolutions and identifying root causes. Explain scan results (infrastructure, applications, databases) and pen testing results to stakeholders. Threat Modeling: Utilize expert knowledge in threat modeling techniques and methodologies to proactively identify, assess, and prioritize security risks, enabling the organization to implement targeted mitigation strategies and maintain a robust information security posture. Project Lifecycle Reviews: Review IT and Information Security systems throughout the project lifecycle, identifying risks and security requirements, and recommending paths to eliminate identified risks and implement compensating controls. Automated Risk Assessments: Conduct risk-based assessments using automated tools and techniques to prioritize and address security risks. Collaboration and Education: Collaborate with various IT and Business teams to ensure they are knowledgeable about Information Security processes and requirements, influencing them to eliminate or reduce risks. ServiceNow Utilization: Experience using ServiceNow to gather necessary information and data, automating security assessment processes to enhance efficiency and effectiveness. Metrics Management and Reporting: Manage operational metrics related to the ISA and GRC processes, utilizing Power BI for advanced reporting, tracking project progress, and developing corrective action plans. Process Improvement and Proactive Security: Govern Information Security services from the ISA, tracking process metrics, identifying issues, and driving process improvement initiatives. Stay updated with threat intelligence, leverage Azure and cloud security knowledge, and implement Agile and DevSecOps methodologies to integrate security into the development process. Qualifications A minimum of 8 years of experience in Information Security, IT Risk Management, or a similar role. Mandatory Technical Skills: In-depth technical experience and knowledge of infrastructure technologies, networks, web, computing, cloud services, manufacturing equipment, mobile devices, and information (cyber) security. Strong understanding of information security frameworks, regulations, and standards such as NIST 800-53, CIS, and ISO 27002. Proficient in ServiceNow, with the ability to leverage its modules for information gathering, data analysis, and automation of the ISA service. Experience in threat modeling and applying threat modeling methodologies in previous roles. Proficient in Power BI for developing reports and dashboards to support data-driven decision-making. Strong skills in developing ad hoc reports and managing metrics. Knowledge of Azure and general cloud security principles. Ability to read and explain scan (infrastructure, applications, databases) and pen testing results to technical and non-technical stakeholders, guiding them on risk and vulnerability remediation. Mandatory Non-Technical Skills: Proficient in influencing and educating stakeholders on security best practices and policies, ensuring understanding and adherence to security standards. Established a reputation as a trusted adviser, providing expert guidance on information security matters. Strong presence to represent PepsiCo Information Security in complex situations with business and IT partners. Ability to collaborate with various stakeholders, including business units and product managers.

Job Description: UI Automation Test Engineer Experience: 2 to 4 years Salary budget: upto 8 LPA Notice: immediate to 30 days Location; chennai Key Responsibilities:  Develop, maintain, and execute automated tests for user interfaces (UI) using industry-standard tools and frameworks (e.g., Playwright, Selenium, Cypress, Appium). (Preferable - Playwright)  Design test plans and test cases based on functional and non-functional UI requirements.  Collaborate with software developers, product managers, and quality assurance team members to identify test scenarios and ensure comprehensive UI test coverage.  Implement test automation scripts using scripting languages such as Java, Python.  Integrate automated tests into continuous integration/continuous deployment (CI/CD) pipelines for efficient and reliable UI testing.  Perform manual testing as needed, especially for exploratory testing or scenarios where automation is not yet feasible.  Identify, report, and track UI bugs and defects using issue tracking systems (e.g., Jira, Bugzilla), working closely with development teams to ensure timely resolution.  Participate in code reviews and provide feedback on the UI's testability, maintainability, and accessibility.  Stay updated on emerging trends, tools, and technologies in UI testing and automation, incorporating best practices into the testing process.  Contribute to the improvement of UI testing processes, methodologies, and tools within the organization. Qualifications:  Bachelor's degree in computer science, software engineering, or a related field (or equivalent experience).  Proven experience (2 to 4 years) in software testing, with a focus on UI automation.  Strong understanding of web development concepts (HTML, CSS, JavaScript).  Proficiency in at least one scripting language commonly used in UI test automation (e.g., Java, Python).  Experience with UI automation frameworks like Playwright, Selenium, Cypress, Appium, or similar. (Preferable - Playwright)  Familiarity with continuous integration/continuous deployment (CI/CD) practices and tools (e.g., Jenkins, GitLab CI/CD).  Excellent problem-solving skills and a keen eye for detail.  Strong communication and collaboration skills, with the ability to work effectively in a team environment.  Ability to prioritize tasks and manage time efficiently in a fast-paced environment.  Experience with agile software development methodologies (e.g., Scrum, Kanban) is a plus Preferred Qualifications:  Certification in software testing (e.g., ISTQB Certified Tester) or relevant API testing certifications.  Experience with performance testing and load testing of APIs using tools like JMeter or Gatling.  Knowledge of containerization technologies such as Docker and orchestration tools like Kubernetes.  Familiarity with cloud computing platforms (e.g., AWS, Azure, Google Cloud) and their respective API services.  Experience working with microservices architectures and distributed systems.  Understanding of security testing principles and techniques for APIs (e.g., OWASP API Security Top 10).

Company Overview: We specialize in developing highly scalable computer software and enterprise SaaS-based products, leveraging cutting-edge technologies to tackle complex business challenges effectively. Why Choose Us: We don’t just offer jobs; we provide career opportunities. With our rapid year-on-year growth, you’ll not only have the chance to advance professionally but also reap financial rewards annually. Job Description: We’re on the lookout for an enthusiastic Security Intern (Information Security & Compliance) dedicated to strengthening our organization’s security posture. Join our dynamic, fast-paced environment and work alongside cross-functional teams to implement robust security practices, ensure ISO compliances, and support audits and risk assessments aligned with the company’s security vision and regulatory obligations. Responsibilities: Assist in implementing and maintaining ISO 27001:2022 standards. Develop and maintain information security policies and procedures. Monitor compliance with security policies and support regular internal audits. Support risk assessments and recommend remediation plans. Coordinate security training and awareness programs for internal teams. Track and report on the resolution of vulnerabilities and compliance issues. Help maintain security documentation, evidence repositories, and access logs. Collaborate with DevOps, IT, and engineering teams to review and improve security configurations. Stay current with emerging threats, vulnerabilities, and regulatory updates. Requirements: Preferably pursuing or recently completed a Master’s degree in Information Security, Cybersecurity, IT, or related fields Strong understanding of security frameworks, including ISO 27001, SOC 2, OWASP, etc. Familiarity with security tools (e.g., vulnerability scanners, SIEM platforms). Excellent documentation and analytical skills. Good verbal and written communication abilities. High attention to detail and organizational skills. Ability to collaborate across teams in a fast-paced environment. Prior internship or academic experience in security, risk, or compliance is advantageous. Compensation: Initial six-month training stipend: ₹12,500/- per month Working Days: Monday - Saturday Working Hours: 10 AM - 7 PM Post successful completion of training : Based on performance during the internship, Full-time CTC starting from ₹4 LPA Interview Process: Telephonic Screening Assignment Face-to-Face Rounds Location: Noida (No Remote) Address: BCN 10,12 Logix Infotech Park, D Block Plot No: D - 5, Vishwakarma Rd, Sector 59 Noida, Uttar Pradesh, 201301 Landmark: Sector 59 Metro Station Job Types: Full-time, Internship Contract length: 6 months Pay: ₹100,000.00 - ₹150,000.00 per year Benefits: Leave encashment Work Location: In person Expected Start Date: 01/08/2025

Summary Position Summary Job Description: Cyber Risk Application Security Consultant Attack Surface Management (ASM) Services Overview Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to deliver Attack Surface Management (ASM) services, identifying vulnerable IT assets and weak security configurations in real time? If you thrive in dynamic environments and are passionate about cybersecurity, Deloitte’s ASM team could be the place for you. Deloitte’s ASM business is committed to transparency, innovation, collaboration, and sustainability. We deliver industry-leading services through fresh thinking and creative approaches, collaborating across the organization to support our clients. Our goal is to be the premier integrated services provider transforming the cybersecurity marketplace. Role: Cyber Risk Attack Surface Consultant As a Consultant, you will: Work with global teams to identify vulnerabilities and rogue assets (e.g., shadow IT). Help clients achieve business growth while managing risk. Key Responsibilities Conduct vulnerability assessments and manual penetration testing for web, API, thick client, and mobile applications. Perform secure code reviews and analyze false positives from industry-standard tools. Respond to ad-hoc reporting and research requests. Develop and implement application security policies and procedures. Identify and prioritize security vulnerabilities. Coordinate with development and operations teams on remediation plans. Quickly understand and deliver on company and client requirements. Participate in regular reporting for clients, partners, and internal teams. Adhere to internal operational security and Deloitte policies. Required Qualifications Bachelor’s degree or higher in Computer Science, or equivalent experience. 3–5 years of hands-on experience in: Application security Vulnerability assessment Penetration testing Mobile application security Thick client and Web API security assessments Strong understanding of OWASP Top 10 and related vulnerabilities. Experience in manual assessment and exploitation (e.g., Blind SQLi, XXE, SSRF, Insecure Deserialization, HTTP Request Smuggling). Understanding of OAUTHv2/OpenID standards and business logic vulnerabilities. Experience with secure code review (OWASP Secure Coding Practices). Proficiency with tools: Burp Suite, Fiddler, Sysinternals, Veracode, DnSpy, OllyDbg, IDA Pro, EchoMirage, Wireshark, Apktool, Jadx-gui, Frida, etc. Ability to perform manual penetration testing and use automated tools. Excellent technical report writing skills. Knowledge of web application components (frontend, backend, databases, application servers). Understanding of web development technologies (HTML, CSS, JavaScript, PHP, Java, .NET, backend databases). Experience with application security architecture review and threat modeling. Basic concepts of reverse engineering and memory analysis. Understanding of networking protocols (TCP/IP, DNS, HTTP/S). Familiarity with vulnerability classification (CVE/CVSS). Certifications: CISSP, OSCP, OSWE, BSCP, GWAPT. Preferred Qualifications Proficiency in web and mobile application security assessments, penetration testing, and secure code review. Relevant publications (blogs, tools, conference presentations, CVEs). Preferred certifications: OSWE, BSCP. Experience with automation and scripting (Python). Outstanding English written and oral communication skills. Strong understanding of web, mobile, and microservices vulnerabilities. Knowledge of malicious code operation and exploitation. Strong analytical and problem-solving skills. Self-motivated and eager to learn new attack vectors. Desire to deeply understand the what, why, and how of security vulnerabilities. If you are passionate about cybersecurity and ready to make an impact, Deloitte’s ASM team offers a collaborative and innovative environment to grow your career. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 302277

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders" cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell's underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell's mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats. In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Developer, Application Security. The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers" security journey with tried and true best practices. We are a Java, Python, and React shop combined with world-class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It's challenging and rewarding! If you are up for the challenge, come join us. You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities. Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure). Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk. Bachelor's degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python. Must have prior in-depth demonstrable experience developing in JAVA and Python; Basically you are developer first and a security engineer second. Applicants that do not have this experience will not be considered. Experience developing in, and securing, Javascript and React a plus. Experience securing integrations and code that utilizes Elasticsearch, Snowflake, Databricks, RDS a big plus. Detail-oriented with problem-solving, communication, and analytical skills. Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation. Excellent understanding and utilization of OWASP. Demonstrated ability to secure API; Techniques, patterns, will be assessed. Experience designing and implementing application security solutions for web and or mobile applications. Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects. Experienced in application penetration testing; and understanding of remediation techniques for common misconfigurations and vulnerabilities. Demonstrable experience in understanding patching and library upgrade paths including interdependencies. Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus. Capability to deploy, provide maintenance for, and operationalize scanning solutions. Hands-on ability to conduct scans across application repositories and infrastructure. Must be willing to work extended hours and weekends as needed. Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts. Preferred Qualifications: You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE. Proficient with penetration testing tools such Burp suite, Metasploit or ZAP. You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better. As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation. Capability to develop operational process from scratch or improve current processes and procedures through well-thought-out hand-offs, integrations, and automation. Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications. Understanding of modern endpoint security technologies/concepts. Adept at working with distributed team members. What Cowbell brings to the table: Employee equity plan for all and wealth enablement plan for select customer-facing roles. Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours, and much more. Professional development and the opportunity to learn the ins and outs of cyber insurance, cybersecurity as well as continuing to build your professional skills in a team environment. Equal Employment Opportunity: Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE Transparency, Resiliency, Urgency, and Empowerment, we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk. At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards. We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.,

Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it's not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders. We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies including Siemens, Airbus, SalesForce, Stellantis, Adidas, Wal-Mart, and Sanofi. Checkmarx, a leader in the application security testing market, actively seeks talented application security engineers (AppSec Eng.) to support Checkmarx Global Services and our customers. The perfect candidate has a robust background in software development and application security. Support some of our strategic/top-tier customers in conducting security-focused code reviews using the Checkmarx Platform. Support customer's AppSec and Dev Teams with mitigation advice for identified vulnerabilities. Create proof-of-concept based on identified vector attacks. Daily and monthly responsibilities include conducting security-focused statical code analysis on top of a broad range of development languages and open-source libraries. Support customer AppSec/Dev teams with mitigation strategy/advice for identified vulnerabilities. When required, create proofs-of-concept that can illustrate a given vulnerability exploitability. When needed, support AppSec/Dev teams in analyzing applications. Requirements: - Bachelor's degree in computer science or another highly technical scientific discipline. - +3 years experience in development using one or more high-level programming languages like Java, .Net, Javascript, Go, Python, etc. - +3 years experience in security-focused code review covering some market standards AppSec Frameworks like OWASP Web/API/Mobile Top 10, PCI-DSS, etc. - A proactive approach to spotting problems, areas for improvement, and performance bottlenecks. - Strong technical aptitude - being able to pick up technical concepts rapidly is required. - Highly motivated self-starter. - Fluent in English (++ for other languages). The fine print: - Work from office/home (hybrid). - Some international travel required (less than 10%). If you have the skillset we're looking for, we will get you up-to-speed with Checkmarx Platform solutions and invest in you to improve your knowledge and technical skills. Your new title will be Checkmarx Experienced Application Security Engineer.,

The role will involve the following responsibilities: - Performing Web Application Security Testing - Conducting Mobile Application Security Testing - Scanning Networks for Security Vulnerabilities - Coordinating with clients for Project-related queries - Participating in meetings with client teams to discuss security issues and recommendations - Generating detailed security reports - Monitoring project progress and providing regular updates - Researching Open Source security tools and new security topics - Developing a Security Knowledge base for the team The ideal candidate should possess a strong understanding of application security concepts, including mitigation techniques in the following areas: - Web Application Security (OWASP Top 10) - Mobile Application Security (Mobile OWASP Top 10) - Threat Modelling - Risk Rating Frameworks - Web Traffic Interception (for Web/Mobile apps) - SSL - Network Concepts - Web Development Basics (HTTP/HTML/JavaScript) - Basic Mobile Application Concepts (either Android or iOS) Skills required for this role include proficiency in: - Web application security - Mobile security - Nessus - Burp Suite - OWASP - Reporting and Presentation Skills,

As a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients" systems and networks. This position offers an exciting opportunity to work on challenging projects, collaborate with talented professionals, and contribute to the advancement of cybersecurity practices. You will perform end-to-end Vulnerability Assessment and Penetration Testing (VAPT) for clients" IT infrastructure, applications, and networks. Conduct thorough security assessments using industry-standard tools and methodologies, including but not limited to, Nmap, Nessus, Metasploit, Burp Suite, and OWASP. Identify and exploit security vulnerabilities to assess the potential impact on clients" systems and data. Prepare detailed assessment reports outlining findings, risk levels, and recommended remediation measures. Collaborate with clients" IT teams to prioritize and address identified security issues in a timely manner. Develop and implement custom scripts or tools to enhance testing capabilities and automate repetitive tasks. Stay abreast of emerging security threats, vulnerabilities, and industry best practices to continually improve testing methodologies. Provide guidance and mentorship to junior security engineers, fostering a culture of knowledge sharing and skill development within the team. Requirements: - Bachelor's degree in Computer Science, Information Technology, or related field. - 2+ years of experience in cybersecurity, with a focus on Vulnerability Assessment and Penetration Testing. - Proficiency in using tools such as Nmap, Nessus, Metasploit, Burp Suite, and OWASP. - Hands-on experience with various operating systems, including Windows, Linux, and Unix. - Strong understanding of network protocols, web application architecture, and common security vulnerabilities. - Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar certifications preferred. - Excellent analytical skills and attention to detail, with the ability to prioritize and manage multiple tasks effectively. - Effective communication skills, both verbal and written, with the ability to convey technical concepts to non-technical stakeholders. - Proven track record of delivering high-quality security assessments and actionable recommendations.,

You will be responsible for defining and communicating a shared architectural vision for a complex product built on the Salesforce platform, focusing on Service Cloud, Manufacturing Cloud, and Field Services Lightning. Your role involves collaborating with Agile teams to evaluate solutions, validate technology assumptions, and drive platform direction aligned with business needs. Additionally, you will work closely with Enterprise and Solution Architects to deliver solutions that adhere to broader architecture guardrails. Your key responsibilities include setting the strategic direction and roadmap for Service Capabilities, leading the planning and high-level design of complex product solutions, enabling a continuous delivery pipeline, defining system interfaces and data structures, and establishing critical nonfunctional requirements. You will also participate in solution planning, develop architectural runways, provide technical oversight, and negotiate with the business to prioritize nonfunctional work effectively. To qualify for this role, you must hold a Bachelor's degree from an accredited institution and have over 12 years of experience in the software industry, with a strong track record of shipping high-quality products. You should possess at least 8 years of experience with the Salesforce Platform, particularly focusing on Service Cloud, and experience with Manufacturing Cloud and Field Service Lightning is advantageous. Additionally, you should have extensive knowledge of best practices in software engineering. As for skills, you should have an expert level understanding of Salesforce, Lightning Web Components, Apex, and associated development platforms, along with experience in developing enterprise-grade applications and distributed systems. Proficiency in software design principles, DevSecOps, CI/CD principles, modern software development practices, cybersecurity concepts, Agile methodologies, and cloud services is essential. Moreover, experience with multiple cloud service providers, such as Azure, AWS, and GCP, is beneficial, as well as advanced verbal and written communication skills, good judgment, and the ability to work collaboratively with diverse teams. In summary, this role requires a seasoned professional with a solid technical background, extensive experience in Salesforce and software engineering, strong communication skills, and the ability to drive architectural decisions in alignment with business objectives.,

At Capgemini Invent, you will play a crucial role in driving transformation by blending strategic, creative, and scientific capabilities to deliver cutting-edge solutions for our clients. Your expertise in Vulnerability Management tools such as Rapid7, Qualys, and Tenable will be instrumental in implementing and managing security vulnerabilities both on-premises and in the cloud. You will also be responsible for setting up vulnerability scanning profiles and demonstrating a strong understanding of the vulnerability management lifecycle. In addition, your role will entail in-depth knowledge across various core domains including Vulnerability Management, External Attack Surface Management, Container Scanning, Cloud Security Compliance scanning, and Security Configuration Management. It is essential for you to possess knowledge of system security vulnerabilities, remediation techniques, and tactics, as well as the ability to effectively communicate testing findings to managers and network administrators. Your proficiency in simplifying complex technology concepts for non-technical audiences will be highly valued. Your profile should showcase a good understanding of the risk score acceptance process for vulnerabilities, the ability to generate customized reports, and support in mitigating vulnerabilities. Automation knowledge in existing processes, familiarity with Zero Day Vulnerabilities, and understanding of TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques are also important aspects of this role. Moreover, your comprehension of operating systems, applications, infrastructure, cloud computing services, OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle will be beneficial. Strong oral, verbal, and written communication skills are essential for effective collaboration and sharing of insights. Working at Capgemini offers a supportive environment with flexible work arrangements that prioritize work-life balance. You will have access to career growth programs and diverse professional opportunities tailored to your development. Additionally, you can enhance your skills with valuable certifications in cutting-edge technologies like Generative AI. Capgemini is a global leader in business and technology transformation, empowering organizations to navigate the digital and sustainable world with tangible impact. With a diverse team of over 340,000 members in more than 50 countries, Capgemini leverages its 55-year heritage to unlock the value of technology for clients worldwide. From strategy and design to engineering, the company delivers end-to-end services and solutions driven by market-leading capabilities in AI, cloud, and data, complemented by deep industry expertise and a robust partner ecosystem. In 2023, Capgemini reported global revenues of 22.5 billion, reflecting its commitment to addressing the comprehensive business needs of its clients.,

At Capgemini Invent, we believe difference drives change. As inventive transformation consultants, we blend our strategic, creative and scientific capabilities, collaborating closely with clients to deliver cutting-edge solutions. Join us to drive transformation tailored to our client's challenges of today and tomorrow. Informed and validated by science and data. Superpowered by creativity and design. All underpinned by technology created with purpose. Your role involves expertise in Vulnerability Management tools such as Rapid7, Qualys, and Tenable. You should have hands-on experience in implementing and managing security vulnerabilities both on-premises and in the cloud. Additionally, setting up vulnerability scanning profiles and a strong knowledge and understanding of the vulnerability management lifecycle are essential. It is crucial to have in-depth knowledge across all core domains including Vulnerability Management, External Attack Surface Management, Container Scanning, Cloud Security Compliance scanning, and Security Configuration Management. Understanding system security vulnerabilities, remediation techniques, and tactics is required. You should be able to comprehend vulnerability testing methodology and effectively communicate testing findings to managers and network administrators. Furthermore, the ability to communicate complex technology to non-tech audiences in a simple and precise manner is essential. Your Profile should include a good understanding of the risk score acceptance process of vulnerabilities, ability to create customized reports, support in the mitigation of vulnerabilities, and knowledge of automation in the existing process. Understanding of Zero Day Vulnerabilities and their process, TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques are also important. You should have knowledge of operating systems, applications, infrastructure, and cloud computing services, along with an understanding of OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle. Good oral, verbal, and written communication skills are necessary for this role. What you will love about working here is the recognition of the significance of flexible work arrangements to provide support. Whether it's remote work or flexible work hours, you will have an environment that allows for a healthy work-life balance. Career growth is at the heart of our mission, with an array of career growth programs and diverse professions crafted to support you in exploring a world of opportunities. Equip yourself with valuable certifications in the latest technologies such as Generative AI. Capgemini is a global business and technology transformation partner, helping organizations accelerate their dual transition to a digital and sustainable world while creating tangible impact for enterprises and society. With a responsible and diverse group of 340,000 team members in more than 50 countries, Capgemini is trusted by clients to unlock the value of technology to address the entire breadth of their business needs. The Group reported 2023 global revenues of 22.5 billion.,

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Palo Alto Networks Firewalls Good to have skills : NA Minimum 3 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: We are seeking a highly skilled Senior Network Security Engineer with proven experience in enterprise-grade security technologies including Palo Alto firewalls, IDS/IPS systems, VPN, WAF (Imperva), Cequence Bot Defense, Cloudflare DNS security, and Illumio Zero Trust microsegmentation. The ideal candidate will be responsible for designing, implementing, and maintaining network security controls to protect enterprise infrastructure, applications, and data from advanced cyber threats. Roles & Responsibilities: -Configure, deploy, and maintain Palo Alto Networks firewalls, including threat prevention, URL filtering, and App-ID policies. -Manage and monitor intrusion detection and prevention systems (IDS/IPS) for threat detection and response. -Configure and maintain VPN solutions (GlobalProtect or other IPsec/SSL-based systems) for secure remote access. -Analyze logs and events for unusual activity and support incident investigations. -Automate and optimize firewall rules and network segmentation for least-privilege access. -Deploy and manage Cequence Bot Defense for API security and bot mitigation. -Analyze bot traffic patterns and implement policies to block malicious automation. -Work with DevOps and application teams to integrate Cequence with key digital assets. -Configure and monitor Cloudflare DNS security services including threat blocking, filtering, and DoS mitigation. -Implement policies for DNS-layer protection and content filtering. -Ensure availability and resiliency of DNS infrastructure through Cloudflare edge network. -Implement and administer Illumio Zero Trust Segmentation for workload isolation and application-level segmentation. -Design and enforce microsegmentation policies to restrict lateral movement and reduce attack surface. -Continuously assess traffic flows to identify over-permissive access and optimize segmentation models. -Deploy and manage Imperva WAF to protect critical web applications from OWASP Top 10 and other application-level attacks. -Tune WAF rules to reduce false positives while maintaining effective security posture. -Work with application teams to ensure secure deployment pipelines and integrate security testing. Professional & Technical Skills: - Must To Have Skills: Proficiency in Palo Alto Networks Firewalls. - Strong understanding of cloud security principles and best practices. - Experience with security compliance frameworks such as ISO 27001, NIST, or CIS. - Familiarity with identity and access management solutions. - Knowledge of incident response and threat management processes. -Collaborate with SOC, DevOps, Infrastructure, and Application Security teams to improve detection and response. -Maintain security documentation, configuration baselines, and change control records. -Assist in incident response and forensic analysis during security events. -Stay current with emerging threats and recommend appropriate security controls. -Security certifications such as PCNSE, CCNP Security, GIAC (GCFW, GCIA), CISSP, or CEH. -Experience with REST APIs, automation/scripting (Python, Ansible), and infrastructure-as-code. -Understanding of Zero Trust architecture and NIST 800-207 principles -Rxperience in cybersecurity operations, with a focus on network and perimeter security. - Hands-on experience managing enterprise firewalls, preferably Palo Alto. - Experience in Bot protection and DNS security, including tools like Cequence and Cloudflare. -Proven track record in troubleshooting complex firewall and VPN issues in large-scale environments. -Experience conducting firewall audits, rule reviews, and implementing policy enhancements. -Demonstrated ability to manage incident response and change management processes. -Experience working in a global delivery model and collaborating with cross-functional teams. -Strong analytical and problem-solving skills with a continuous improvement mindset. Additional Information: - The candidate should have minimum 3 years of experience in Palo Alto Networks Firewalls. - This position is based at our Gurugram office. - A 15 years full time education is required.

JOB DESCRIPTION The Application Security Developer IV will work closely with both engineering (development) teams and the Information Security group to make sure that RealPage applications are developed with security in mind. Deep awareness of the OWASP Top 10 project and practices for preventing vulnerabilities when developing applications in any tech stack is a key success factor. This person will help to ensure Static Application Security Testing (SAST) occurs during the development lifecycle and that reported vulnerabilities are properly remediated. This person will also help train developers on how to remediate the vulnerabilities and what those vulnerabilities are when needed, Implement OWASP Application Security Verification Standards (ASVS). Additionally, this person role-models for a small team (1-5 others) of persons with similar responsibilities. Excellent communication skills and a good familiarity with DevOps pipelines are key success factors for this role. PRIMARY RESPONSIBILITIES • Shift-Left security in Software Development Life Cycle (SDLC) for various applications. • Provide guidelines, tooling, best practices and implement for: o SAST o Dynamic Application Security Testing (DAST) o Software Composition Analysis (SCA) o Runtime Application Self-Protection (RASP) • Provide guidance and coaching to teams regarding security remediation efforts • Provide guidance to teams on how to properly integrate SAST, DAST, SCA scans into their pipelines • Work with teams to ensure dependency scans are also part of their development process and pipelines • Provide ongoing improvements and awareness training on new application threats and remediation techniques • Provide guidance on OpenID Connect (OIDC) and OAuth2 and other identity-related best practices and practical approaches for client implementation • Help engineering teams plan long term remediation solutions when deep changes are required for remediation activities • Collaborate with the Information Security (InfoSec) team on prioritizing both applications and vulnerabilities based on risk • Provide guidance to teams on proper storage and retrieval of application secrets REQUIRED SKILLS AND EXPERIENCE • 5+ years C# .NET • Web API • SQL • Deep familiarity with the OWASP Top 10 and other security concerns for web applications • Familiarity with OWASP Application Security Verification Standards (ASVS) • Familiarity with SAST, DAST, SCA Scans • Preferred: python or java NICE TO HAVE SKILLS AND EXPERIENCE fortify on demand invicti net sparker

Company Description We are a consulting company with a bunch of technology-interested and happy people! We love technology, we love design and we love quality. Our diversity makes us unique and creates an inclusive and welcoming workplace where each individual is highly valued. With us, each individual is her/himself and respects others for who they are and we believe that when a fantastic mix of people gather and share their knowledge, experiences and ideas, we can help our customers on a completely different level. We are looking for you who is immediate joiner and want to grow with us! With us, you have great opportunities to take real steps in your career and the opportunity to take great responsibility. Job Description We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong foundation in penetration testing and vulnerability management to join our dynamic cybersecurity team. In this role, you will be instrumental in identifying and mitigating security risks across our systems, applications, and network infrastructure. You will also lead internal and third-party penetration testing initiatives and work closely with cross-functional teams to strengthen our overall security posture. Key Responsibilities Conduct comprehensive vulnerability assessments (VA) and penetration tests (PT) on systems, applications, and networks. Identify and assess security vulnerabilities using industry-standard tools and methodologies. Design and manage vulnerability management processes and drive effective remediation strategies. Coordinate and manage third-party penetration testing engagements and ensure alignment with security goals. Collaborate with IT and business teams to prioritize and remediate identified risks. Contribute to the development and maintenance of security policies, procedures, and standards. Continuously monitor systems for unauthorized access, suspicious activities, and emerging threats. Stay abreast of evolving cybersecurity trends, threat landscapes, and best practices in attack surface reduction. Required Qualifications Bachelors degree in Computer Science, Information Security, or related field. 4 to 5 years of hands-on experience in vulnerability scanning, penetration testing, and vulnerability management. In-depth knowledge of common vulnerabilities and exposures (CVEs) and attack vectors. Proficiency with tools such as Kali Linux, Qualys, Burp Suite, and other VA/PT platforms. Familiarity with security frameworks and standards (e.g., NIST, OWASP Top 10, CIS Controls). Strong analytical and problem-solving skills. Excellent written and verbal communication skills, including the ability to explain technical issues to non-technical stakeholders. Preferred Certifications (Certifications are a plus but not mandatory) OSCP, OSEP, SANS GIAC, CREST, CompTIA Security+, or similar. Start : Immediate Location : Bangalore Form of employment: Full-time until further notice, we apply 6 months probationary employment.

Are you a Product Security Analyst expert looking for a challenging opportunity? Join our Product Security team. We operate at the heart of the digital transformation of our business. Our team is responsible for Product Security including application security for our global organization. Partner with the best . We are looking for a Senior Product Security Analyst, with a focus in Product Security. In this role, you will work in a team and demonstrate working knowledge of systems and products and how they are secured in customers' businesses. As a Senior Product Security Engineer , you will be responsible for: Being responsible for providing technical leadership and defining, developing, and evolving security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure. Working with Cyber Security Leaders and SMEs to understand security requirements Performing penetration testing Collaborating with product and engineering teams to integrate security into the software development lifecycle (SDLC). Conducting threat modeling, design reviews, and code reviews to identify and mitigate security vulnerabilities. Performing static and dynamic application security testing (SAST/DAST), and manage results and remediation efforts. Leading security assessments of new and existing products, including third-party components and APIs. Developing and maintain secure coding guidelines and best practices. Supporting incident response and forensic investigations related to product security. Staying current with emerging threats, vulnerabilities, and security technologies. Assisting security champions in completing Threat Modeling and Architecture Risk Analysis on product features Providing guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project Understanding application security methodologies and frameworks Leveraging Baker Hughes Digital’s tailored Secure SDL practice into specific engineering engagements Researching new application security technologies and implement them to improve application security. Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development Promoting best practices based on OWASP, SANS Top 25, and the Baker Hughes Digital SDL. Fuel your passion To be successful in this role you will: Have Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math). A minimum 2 years of professional experience in STEM related degree, Political Science/Government/International Affairs. Desired Characteristics Have Detailed working knowledge of two modern programming languages, such as java, python, or ruby Have Strong written and oral communication skills and successful security consulting background. Have at least 2 years of security consulting involvement with development team(s) that delivered software-based services Have Experience in developing secure applications Have a high energy and a result-oriented attitude/approach, with an understanding of release timelines and the need to enable development teams, not slow them down Have experience with Security Development Lifecycle processes Have Contribute to and lead discussions and communications within the team and outside, including customers and other business units Have Strong knowledge of Object Oriented Analysis and Design, Software Design Patterns and coding principles Have Experience with penetration testing tools, ability to replicate security defects uncovered by groups such as red team Have Good understanding of security tools and technologies to facilitate secure development. Working with us Our people are at the heart of what we do at Baker Hughes. We know we are better when all our people are developed, engaged and able to bring their whole authentic selves to work. We invest in the health and well-being of our workforce, train and reward talent and develop leaders at all levels to bring out the best in each other. Working for you Our inventions have revolutionized energy for over a century. But to keep going forward tomorrow, we know we must push the boundaries today. We prioritize rewarding those who embrace change with a package that reflects how much we value their input. Join us, and you can expect: Contemporary work-life balance policies and wellbeing activities Comprehensive private medical care options Safety net of life insurance and disability programs Tailored financial programs. Additional elected or voluntary benefits About Us: We are an energy technology company that provides solutions to energy and industrial customers worldwide. Built on a century of experience and conducting business in over 120 countries, our innovative technologies and services are taking energy forward – making it safer, cleaner and more efficient for people and the planet. Join Us: Are you seeking an opportunity to make a real difference in a company that values innovation and progress? Join us and become part of a team of people who will challenge and inspire you! Let’s come together and take energy forward. Baker Hughes Company is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. R149646

What You Can Expect Zoom is seeking a highly qualified and experienced full stack senior software engineer (Java). Developing and maintaining IT cloud native solutions in our CPQ, Order to Cash and other business areas. This strategic position requires an engineer with exceptional initiative and precise attention to detail. The ideal candidate excels at complex challenges and shares our commitment to developing superior software. Furthermore, if you are dedicated to advancing Zoom's evolution into an agile, responsive, and customer-focused enterprise application organization, this role presents an optimal opportunity. About The Team This engineering position would play a pivotal role in architecting, designing, building and supporting the full-stack cloud-native solutions to address the channels business enablement targets. This includes the self-service experience supporting quoting and ordering for Zoom’s partner ecosystem. These range from software development and machine learning to quality assurance teams that work to create and maintain Zoom's user-friendly interfaces and robust infrastructure. If you are excited about the potential of leading Zoom’s continued evolution into a customer-obsessed enterprise application organization, then this role is for you! What We’re Looking For Have a BS/MS in Computer Science or equivalent. 12+ years of backend/full-stack development experience. Expert knowledge in Java and core technologies (JVM, multithreading, IO, network). Have mastery of Java Spring MVC, Spring Boot, RESTful APIs. Experience building low-latency microservices and API publishing. Have understanding of authentication/authorization (OAuth, JWT). Have expertise in SQL/NoSQL databases (MySQL, MongoDB, DynamoDB). Experience with caching systems (Redis, Memcache) - Knowledge of search technologies (ElasticSearch, Lucene, Solr). Cloud services experience (AWS, GCP, Azure) - Containerization and CI/CD (Docker, Jenkins) - Linux systems and application servers (nginx, Tomcat). Have design patterns and coding best practices. System reliability and scalability in cloud infrastructure. Experience with failover and circuit breaking patterns. Have application logging and performance monitoring experience. Proficiency with tools like Splunk, ELK, Datadog, Prometheus .System maintenance and troubleshooting. Have experience with version control (Git) and build tools (Maven/Gradle). Secure coding practices and OWASP guidelines - Localization/internationalization implementation. Have excellent verbal and written communication. Collaborative team player with consensus-building ability. Problem-solving skills for complex technical challenges Ways of Working Our structured hybrid approach is centered around our offices and remote work environments. The work style of each role, Hybrid, Remote, or In-Person is indicated in the job description/posting. Benefits As part of our award-winning workplace culture and commitment to delivering happiness, our benefits program offers a variety of perks, benefits, and options to help employees maintain their physical, mental, emotional, and financial health; support work-life balance; and contribute to their community in meaningful ways. Click Learn for more information. About Us Zoomies help people stay connected so they can get more done together. We set out to build the best collaboration platform for the enterprise, and today help people communicate better with products like Zoom Contact Center, Zoom Phone, Zoom Events, Zoom Apps, Zoom Rooms, and Zoom Webinars. We’re problem-solvers, working at a fast pace to design solutions with our customers and users in mind. Find room to grow with opportunities to stretch your skills and advance your career in a collaborative, growth-focused environment. Our Commitment At Zoom, we believe great work happens when people feel supported and empowered. We’re committed to fair hiring practices that ensure every candidate is evaluated based on skills, experience, and potential. If you require an accommodation during the hiring process, let us know—we’re here to support you at every step. If you need assistance navigating the interview process due to a medical disability, please submit an Accommodations Request Form and someone from our team will reach out soon. This form is solely for applicants who require an accommodation due to a qualifying medical disability. Non-accommodation-related requests, such as application follow-ups or technical issues, will not be addressed.

We are looking to hire a C ybersecurity Engineer with 2+ years of work experience with analytical mind and a detailed understanding of cybersecurity methodologies to identify threats and vulnerabilities in our systems and software, then apply the skills to developing and implementing security solutions. Responsibilities Planning, implementing, managing, monitoring, and upgrading security measures for the protection of the organization's data, system, and networks. Troubleshooting security and network problems. Testing and identifying network and system vulnerabilities. Daily administrative tasks, reporting, and communication with the relevant departments in the organization. Responding to all system and/or network security breaches. Ensuring that the organization's data and infrastructure are protected by enabling the appropriate security controls. Troubleshooting all network and security issues and incidents. Collaborate with IT and engineering teams to ensure secure software and infrastructure development. Routinely conduct penetration testing. Create and maintain documentation related to security policies, procedures, and incident reports. Taking appropriate security measures to ensure that the organization’s infrastructure and existing data are kept safe. Stay current with emerging threats and trends in cyber security. Skills Required Experience with Firewalls (functionality and maintenance), VSX, and Endpoint Security. Proficiency in Python,C,C#, C++. knowledge of protocols from different layers of the OSI model (HTTP, HTTPS, TCPIP,UDP, Web Socket, SSH, SFTP, RDP). Ability to work under pressure in a fast-paced environment. OWASP Great awareness of cybersecurity trends and hacking techniques. Hands-on experience in threat and vulnerability management as well as security advisory services. Experience with API standards (REST, SOAP, JSON, XML) Experience with SQL and NoSQL databases (DynamoDB) Expert and CI/CD practices and tools (Git, Gitlab) Experience in AWS . Qualification: OWASP Experience: 2+ years Location : Technopark, Thiruvananthapuram Skills: firewalls,threat and vulnerability management,osi model,security advisory services,sql,vsx,hacking techniques,c++,nosql databases (dynamodb),api standards,c#,nosql (dynamodb),ci/cd practices and tools (git, gitlab),osi model protocols (http, https, tcpip, udp, web socket, ssh, sftp, rdp),firewalls management,owasp,python,c,aws,endpoint security,cybersecurity,api standards (rest, soap, json, xml)

JOB DESCRIPTION KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. QUALIFICATIONS • IT Audit + SAP experience with knowledge of IT governance practices Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Preferred Certifications – CISA/CISSP//CISM Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information: KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

JOB DESCRIPTION KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. QUALIFICATIONS • IT Audit + SAP experience with knowledge of IT governance practices Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Preferred Certifications – CISA/CISSP//CISM Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information: KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

COMPANY OVERVIEW KKR is a leading global investment firm that offers alternative asset management as well as capital markets and insurance solutions. KKR aims to generate attractive investment returns by following a patient and disciplined investment approach, employing world-class people, and supporting growth in its portfolio companies and communities. KKR sponsors investment funds that invest in private equity, credit and real assets and has strategic partners that manage hedge funds. KKR’s insurance subsidiaries offer retirement, life and reinsurance products under the management of Global Atlantic Financial Group. References to KKR’s investments may include the activities of its sponsored funds and insurance subsidiaries. POSITION SUMMARY KKR is seeking an experienced Product Security Analyst. This role offers exciting opportunities for growth and impact as KKR scales its business and continues to innovate. As a Security Analyst, you will be responsible for designing, implementing, and maintaining security measures across our environment specific to our internally developed applications, external facing applications, and key Software as a Service (SaaS) applications. You must be proficient in troubleshooting, vulnerability management, cloud security, application security, and have a deep understanding of a wide range of systems, and be capable of leading other teams in these efforts. You will work closely with Enterprise Systems and other business units to ensure our security posture remains strong, aligned with industry best practices, and compliant with regulatory requirements. You will also be looking over the horizon, identifying future needs and exploring leading edge solutions. This position is a full time position and will be onsite in our Gurugram office. We are operating in a 4 day in office, 1 day flexible work arrangement. RESPONSIBILITIES Conduct application security assessments and penetration tests to identify vulnerabilities and security issues. Work closely with the software development team to ensure that secure coding practices are implemented throughout the application development lifecycle. Design and implement security solutions to protect applications from potential threats. Provide guidance and recommendations on application security best practices. Maintain knowledge of the latest security trends, threats, and countermeasures. Participate in incident response and handling activities related to application security incidents. Conduct security awareness and training sessions for the development team to promote secure coding practices. Develop and maintain application security standards, policies, and procedures. Report and document security findings and remediation activities. Integrate security tools and practices into the continuous integration/continuous delivery (CI/CD) pipeline. QUALIFICATIONS Bachelor's degree in Computer Science, Information Technology, or a related field. Atleast 5 years of proven experience as an Application Security Engineer or similar role. Strong understanding of software development life cycle (SDLC) and secure coding practices. Proficiency in conducting security assessments and penetration tests. Experience with security tools and technologies such as firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), and network access control (NAC). Knowledge of regulatory requirements and industry best practices related to application security. Experience with cloud security and DevSecOps practices. Familiarity with OWASP Top Ten and other security frameworks Team-player who enjoys working in a collaborative and collegial environment and is an active contributor as part of a global team Ability to work calmly under pressure and meet deadlines and solve problems requiring creativity, initiative and drive; self-motivated and enjoys a sense of pride in their accomplishments Ability to present ideas in a user-friendly, business-friendly and technical language Strategic self-starter with an innovative mindset and outstanding attention to detail KKR is an equal opportunity employer. Individuals seeking employment are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, sexual orientation, or any other category protected by applicable law.

About the Role: We are looking for a skilled and detail-oriented QA Engineer with over 2 years of experience in manual, automation, performance, and security testing . You will work closely with developers, product managers, and DevOps teams to ensure high-quality, secure, and scalable software products. This role is ideal for someone who is passionate about software quality and eager to take ownership of test planning and execution across functional and non-functional requirements. Key Responsibilities: Design and execute test cases for functional, regression, and integration testing. Develop and maintain automated test scripts using tools such as Selenium/TestNG. Conduct performance testing using tools like JMeter, LoadRunner, or similar. Perform basic security testing (e.g., input validation, authentication/authorization checks, session handling). Validate REST APIs and backend logic using tools such as Postman or Swagger. Document defects clearly and follow up with the development team until resolution. Analyze test results, identify patterns, and suggest improvements for stability and performance. Required Skills & Qualifications: Bachelor’s degree in Computer Science, Information Technology, or equivalent. 2+ years of experience in Quality Assurance, with exposure to both manual and automated testing. Hands-on experience in performance testing tools such as Apache JMeter, BlazeMeter, or LoadRunner. Familiarity with security testing concepts , OWASP Top 10, and tools like Burp Suite (basic level). Proficient in bug tracking tools (e.g., Jira). Understanding of API testing using Postman or similar tools. Basic understanding of SQL and database testing. Strong problem-solving, documentation, and communication skills. Job Type: Full-time Pay: ₹30,000.00 - ₹40,000.00 per month Benefits: Leave encashment Paid sick time Paid time off Provident Fund Experience: Functional testing: 2 years (Required) Performance testing: 1 year (Required) Location: Ahmedabad, Gujarat (Required) Work Location: In person

About the Role: We are looking for a skilled and detail-oriented QA Engineer with over 2 years of experience in manual, automation, performance, and security testing . You will work closely with developers, product managers, and DevOps teams to ensure high-quality, secure, and scalable software products. This role is ideal for someone who is passionate about software quality and eager to take ownership of test planning and execution across functional and non-functional requirements. Key Responsibilities: Design and execute test cases for functional, regression, and integration testing. Develop and maintain automated test scripts using tools such as Selenium/TestNG. Conduct performance testing using tools like JMeter, LoadRunner, or similar. Perform basic security testing (e.g., input validation, authentication/authorization checks, session handling). Validate REST APIs and backend logic using tools such as Postman or Swagger. Document defects clearly and follow up with the development team until resolution. Analyze test results, identify patterns, and suggest improvements for stability and performance. Required Skills & Qualifications: Bachelor’s degree in Computer Science, Information Technology, or equivalent. 2+ years of experience in Quality Assurance, with exposure to both manual and automated testing. Hands-on experience in performance testing tools such as Apache JMeter, BlazeMeter, or LoadRunner. Familiarity with security testing concepts , OWASP Top 10, and tools like Burp Suite (basic level). Proficient in bug tracking tools (e.g., Jira). Understanding of API testing using Postman or similar tools. Basic understanding of SQL and database testing. Strong problem-solving, documentation, and communication skills. Job Type: Full-time Pay: ₹30,000.00 - ₹40,000.00 per month Benefits: Health insurance Leave encashment Paid sick time Paid time off Provident Fund Schedule: Day shift Monday to Friday Experience: Performance testing: 2 years (Required) Location: Ahmedabad, Gujarat (Required) Work Location: In person Speak with the employer +91 8160197141

About the Role: We are looking for a skilled and detail-oriented QA Engineer with over 2 years of experience in manual, automation, performance, and security testing . You will work closely with developers, product managers, and DevOps teams to ensure high-quality, secure, and scalable software products. This role is ideal for someone who is passionate about software quality and eager to take ownership of test planning and execution across functional and non-functional requirements. Key Responsibilities: Design and execute test cases for functional, regression, and integration testing. Develop and maintain automated test scripts using tools such as Selenium/TestNG. Conduct performance testing using tools like JMeter, LoadRunner, or similar. Perform basic security testing (e.g., input validation, authentication/authorization checks, session handling). Validate REST APIs and backend logic using tools such as Postman or Swagger. Document defects clearly and follow up with the development team until resolution. Analyze test results, identify patterns, and suggest improvements for stability and performance. Required Skills & Qualifications: Bachelor’s degree in Computer Science, Information Technology, or equivalent. 2+ years of experience in Quality Assurance, with exposure to both manual and automated testing. Hands-on experience in performance testing tools such as Apache JMeter, BlazeMeter, or LoadRunner. Familiarity with security testing concepts , OWASP Top 10, and tools like Burp Suite (basic level). Proficient in bug tracking tools (e.g., Jira). Understanding of API testing using Postman or similar tools. Basic understanding of SQL and database testing. Strong problem-solving, documentation, and communication skills. Job Type: Full-time Pay: ₹30,000.00 - ₹40,000.00 per month Benefits: Leave encashment Paid sick time Paid time off Schedule: Monday to Friday Experience: Performance testing: 2 years (Required) Location: Ahmedabad, Gujarat (Required) Work Location: In person Speak with the employer +91 8160197141

WAF (Radware) L1 and L2 Analyst Location: Noida, India Experience Required: L1: 1–3 years L2: 3–5 years Job Type: Full-Time /On-site/Hybrid Key Responsibilities: L1 Responsibilities: Monitor Web Application Firewall (Radware) alerts and logs.Perform initial triage and basic troubleshooting of security incidents. Escalate complex issues to L2 team with detailed incident documentation. Regularly check policy violations and suggest tuning recommendations. Perform health checks of WAF systems and ensure uptime. Maintain shift handover logs and ensure seamless communication. L2 Responsibilities: Manage WAF policy configurations and rule tuning for Radware WAF. Analyze web traffic and logs to detect and mitigate application-layer attacks (OWASP Top 10). Collaborate with application and network teams to implement protection strategies. Conduct RCA (Root Cause Analysis) of incidents and fine-tune policies to reduce false positives. Lead WAF upgrades, patching, and performance tuning. Provide mentorship and support to L1 analysts. Skills & Qualifications: Strong understanding of Radware AppWall or equivalent WAF platforms.Familiarity with HTTP/HTTPS, SSL certificates, DNS, Load Balancers, and Web Servers. Experience with threat analysis and mitigation of SQLi, XSS, CSRF, etc. Working knowledge of ITIL processes and incident management tools (like ServiceNow). Hands-on with packet analysis tools (e.g., Wireshark) is a plus. Security certifications such as CEH, CompTIA Security+, or vendor-specific Radware certifications (preferred). Job Type: Full-time Pay: Up to ₹700,000.00 per year Schedule: Day shift Supplemental Pay: Performance bonus Application Question(s): How many years of experience in WAF (Radware)? Are you an Immediate Joiner? Experience: minimum: 1 year (Required) Location: Noida, Uttar Pradesh (Required) Work Location: In person