3229 Owasp Jobs - Page 24

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SailPoint Identity Mgmt and Governance. Experience: 3-5 Years. >

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SailPoint Identity Now. Experience: 5-8 Years. >

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Microsoft Threat Protection. Experience: 3-5 Years. >

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Archer. Experience: 3-5 Years. >

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Vulnerability Scanning. Experience: 3-5 Years. >

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Platform Engineering Good to have skills : NA Minimum 5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: We are seeking a skilled Security Engineer with expertise in Google Chronicle SIEM, parser development, and foundational knowledge of cybersecurity. The ideal candidate will be responsible for analyzing security data and logs, ensuring accurate aggregation, normalization, tagging, and classification. You will work closely with log sources, particularly security and networking devices, to enhance our security monitoring capabilities. Roles & Responsibilities: Conduct security and data/log analysis, focusing on the aggregation, normalization, tagging, and classification of logs. Research, analyze, and understand log sources for security monitoring, with a particular focus on security and networking devices such as firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems. Validate log sources and indexed data, optimizing search criteria to improve search efficiency. Utilize automation tools to build and validate log collectors for parsing aggregated logs. Professional & Technical Skills: Proficiency in log analysis and SIEM tools, including but not limited to Google Chronicle, Splunk, ArcSight, and QRadar. Experience in SIEM content creation and reporting is essential. Strong experience in manual security log review and analysis, such as Windows Event Log and Linux Syslog, including incident classification, investigation, and remediation. Solid understanding of multiple attack vectors, including malware, Trojans, exploit kits, ransomware, phishing techniques, and APTs, as well as familiarity with attack techniques outlined in the OWASP Top 10. Knowledge of security and networking devices, including firewalls, routers, antivirus products, proxies, IDS/IPS, and operating systems. TCP/IP networking skills for packet and log analysis. Experience working with Windows and Unix platforms. Familiarity with databases is an advantage. Experience in GCP, AWS and Azure environments is a plus. Additional Information: - The candidate should have minimum 5 years of experience in Security Platform Engineering. - This position is based at our Pune office. - A 15 years full time education is required.

Job Description WHAT YOU’LL DO We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong background in penetration testing to join our cybersecurity team. The successful candidate will be responsible for identifying potential security risks and vulnerabilities in our organization's systems, applications, and networks, performing penetration testing, and facilitating and managing third-party penetration testing engagements. Who You’ll Work With Attack Surface Reduction team helps and contribute to improve the security posture of H&M by operating within an Agile model. We play a crucial role in proactively identifying and help in mitigating potential security risks and vulnerabilities across H&M's systems, applications, and networks, with the aim of preventing unauthorized access, data breaches, and other security incidents. Key Responsibilities: Conduct comprehensive vulnerability assessments (VA) and penetration tests (PT) on H&M's systems, networks, and applications. Utilize industry-standard tools and methodologies to identify potential vulnerabilities and weaknesses in our attack surface. Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities in a timely manner. Experience in designing, implementing, and managing vulnerability management processes and workflows. Facilitate and manage penetration testing engagements with third-party vendors. Collaborate with other members of the cybersecurity team to develop and implement strategies to reduce our attack surface. Develop and maintain security policies and procedures for our organization's systems, applications, and networks. Monitor our organization's systems, applications, and networks for unauthorized access, suspicious activity, and other security threats. Stay up to date with the latest trends and developments in the field of cybersecurity, specifically related to attack surface reduction techniques. Who You Are We are looking for people with… Bachelor's degree in computer science, information security, or a related field. 3-5 years of experience in vulnerability scanning, vulnerability management, and penetration testing. Solid knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Strong knowledge of security assessment tools, vulnerability scanning, and penetration testing. Proficient in using industry-standard vulnerability assessment and penetration testing tools (e.g., Kali Distro, Qualys, Burp Suite, etc.). Familiarity with industry frameworks and standards, such as NIST, OWASP, and CIS. Effective communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders. Excellent analytical, problem-solving, and communication skills. Relevant certifications, such as SANS, OSCP, OSEP, CompTIA Security+ or CREST are a plus. WHY YOU’LL LOVE WORKING HERE At H&M, we are proud to be a vibrant and welcoming company. We offer our employees attractive benefits with extensive development opportunities around the globe. We offer all our employees at H&M attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program – HIP. You can read more about our H&M Incentive Program here. In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment types and countries. JOIN US Our uniqueness comes from a combination of many things – our inclusive and collaborative culture, our strong values, and opportunities for growth. But most of all, it’s our people who make us who we are. Take the next step in your career together with us. The journey starts here. We are committed to a recruitment process that is fair, equitable, and based on competency. We therefore kindly ask you to not attach a cover letter in your application. Additional Information This is a full-time position, starting in August 2025 . Apply by sending in your CV in English as soon as possible, but no later than the 30th of June 2025 . Due to data policies, we only accept applications through the SmartRecruiters or career page

We are looking for a detail-oriented and proactive Junior Cyber Security Analyst to join our security team. This is a remote position ideal for recent graduates or early-career professionals passionate about cybersecurity and eager to build a career in protecting digital systems and data. Key Responsibilities: Monitor security systems and respond to alerts and incidents. Assist in analyzing security breaches to identify root causes. Conduct vulnerability assessments and basic penetration testing. Support the implementation of security tools, protocols, and procedures. Work closely with senior analysts to investigate and mitigate threats. Document incidents, resolutions, and best practices. Stay updated with the latest security trends and threat intelligence. Required Skills: Basic understanding of firewalls, intrusion detection systems, and antivirus software. Familiarity with SIEM tools and log analysis. Good grasp of network protocols and operating systems (Windows/Linux). Knowledge of OWASP Top 10 vulnerabilities. Strong analytical and problem-solving skills. Excellent communication and teamwork abilities. Preferred Qualifications: Bachelor’s degree in Computer Science, Information Security, or a related field. Certifications like CompTIA Security+, CEH, or Cisco CyberOps (preferred but not mandatory). Hands-on experience via internships, bootcamps, or personal cybersecurity projects.

Basic Knowledge Required: Comprehensive knowledge of firewalls, load balancers, and Secure Network Access Control (NAC) operations. Solid understanding of both static and dynamic routing protocols. Fundamental skills in packet capture and analysis. Work Experience: At least 3 years of experience exclusively with Fortigate Firewalls. Experience with at least one other firewall platform, such as Cisco or Palo Alto. At least 3 years of experience exclusively with F5 Load Balancers. Proficient in F5 LTM/GTM implementation, design, and L2/L3 troubleshooting, with experience in the APM module of F5. Roles and Responsibilities : Regularly engage with customers via voice calls, emails, and remote screen sharing to resolve issues within the SLA. Document solutions provided to customers in the ticketing tool. Troubleshoot P1/P2 incidents by collaborating with different teams to ensure timely resolution within the SLA. Prepare RCA documentation using the appropriate RCA template. Implement best practices or preventive measures based on RCA action items. Be willing to work in a 24/7 environment

Basic Knowledge Required: Comprehensive knowledge of firewalls, load balancers, and Secure Network Access Control (NAC) operations. Solid understanding of both static and dynamic routing protocols. Fundamental skills in packet capture and analysis. Work Experience: At least 3 years of experience exclusively with Fortigate Firewalls. Experience with at least one other firewall platform, such as Cisco or Palo Alto. At least 3 years of experience exclusively with F5 Load Balancers. Proficient in F5 LTM/GTM implementation, design, and L2/L3 troubleshooting, with experience in the APM module of F5. Roles and Responsibilities : Regularly engage with customers via voice calls, emails, and remote screen sharing to resolve issues within the SLA. Document solutions provided to customers in the ticketing tool. Troubleshoot P1/P2 incidents by collaborating with different teams to ensure timely resolution within the SLA. Prepare RCA documentation using the appropriate RCA template. Implement best practices or preventive measures based on RCA action items. Be willing to work in a 24/7 environment

What You'll Do Avalara is looking for a security risk specialist to join our team reporting to the Senior Manager, Governance Risk & Compliance. We are looking for the ability to conduct risk analysis at a systemic level, working with engineers and architects as they develop Avalaras next-generation services. You understand technical controls and be able to analyze application / product security within Avalara, including internal processes and reporting, and risks identified through code and design reviews of both internal and customer-facing software products and solutions. You will report to Senior Manager. What Your Responsibilities Will Be You will perform comprehensive risk assessments aligned with Avalaras risk management framework and develop applicable remediation plans. You will analyze and identify risks across technical environments, with a focus on application design, software architecture, and security tooling configurations. Guide the identification, management, and mitigation of risks within security infrastructure and technical control implementations. Collaborate with teams, including system owners, developers, and architects, to integrate risk management practices into the development lifecycle. Ensure risk and compliance controls are accomplished across teams and within defined Service level agreements. Coordinate the documentation and migration of control information into Avalaras GRC platform. What You'll Need to be Successful Bachelors degree in Information Technology, Computer Science, or equivalent experience. 3+ years of experience in IT Audit, IT Security, or IT Risk Management. Experience conducting systemic risk analysis in, including reviewing application design and architecture. Familiarity with standards and frameworks such as ISO 27001, SOC 1, SOC 2, SOX, NIST. Experience with application security principles, including the ability to assess risk through code and design review processes.

Nizzcorp is hiring a skilled Cybersecurity Specialist who is hands-on with Web & Android Pentesting , SOC operations , and threat detection. If you're passionate about ethical hacking, security automation, and defending digital infrastructures — join our team. Responsibilities: Perform web and mobile application pentesting Conduct manual and automated vulnerability assessments Monitor, analyze, and respond to security alerts (SIEM, Wazuh, etc.) Develop and maintain red/blue team strategies Generate detailed security reports and recommend remediations Stay updated with emerging cyber threats and tools Requirements: Minimum 1 year of professional experience in cybersecurity Strong knowledge of: Web and Android pentesting techniques OWASP Top 10, MITRE ATT&CK SOC operations, SIEM tools, and incident response Kali Linux, Burp Suite, Wireshark, ADB, Metasploit, etc. Understanding of network protocols, firewalls, and log analysis Bonus: Experience with threat hunting, malware analysis, or bug bounty platforms What We Offer: Diverse projects in offensive & defensive security Access to premium tools and labs Collaborative team and skill-focused growth Flexible working hours, remote/hybrid options Job Type: Full-time Pay: ₹15,000.00 - ₹25,000.00 per month Supplemental Pay: Performance bonus Experience: Cybersecurity: 1 year (Required) Burp Suite: 1 year (Required) SIEM: 1 year (Required) SoC: 1 year (Required) Penetration testing: 1 year (Required) Work Location: In person Expected Start Date: 23/07/2025

Job Title: Cybersecurity Consultant – VAPT Specialist Location: Riyadh Experience Level: Mid to Senior Employment Type: Full-time Job Summary We are seeking a highly skilled and passionate Cybersecurity Consultant with deep expertise in Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, and API platforms . The ideal candidate will have a strong background in identifying and remediating high-risk vulnerabilities, collaborating with cross-functional teams, and implementing robust security strategies tailored to diverse industries. This role requires a proactive approach to threat mitigation, excellent technical capabilities, and a commitment to continuous learning. Roles & Responsibilities Conduct in-depth Vulnerability Assessment and Penetration Testing (VAPT) for web, mobile, and API platforms, addressing OWASP Top 10, identifying business logic flaws, and uncovering complex attack vectors. Collaborate with IT and development teams to remediate vulnerabilities effectively and within defined SLAs. Design and implement yearly cybersecurity plans aligned with regulatory standards including SAMA CSF, SAMA ITGF, NCA CSCC, NCA ECC , and PCI-DSS . Perform advanced threat hunting, source code reviews , and SIEM audits to detect integration flaws and hidden threats. Carry out network and server configuration reviews in line with NIST, CIS benchmarks , or customized Minimum Baseline Security Standards (MBSS) . Utilize advanced security tools such as: Core Impact, Tenable SC, Nessus, Nmap, Metasploit, Acunetix, AppScan, Splunk, QRadar, Volatility, Hydra, Burp Suite, SonarQube, SQLMap, Fortify , etc. Conduct risk assessments, compromise assessments , and provide tailored recommendations to strengthen the organization’s security posture. Demonstrate strong communication and interpersonal skills , ensuring seamless collaboration across departments and with clients. Stay ahead of evolving threats by researching the latest technologies and attack vectors , and apply this knowledge to secure client environments. Required Qualifications Bachelor of Science Deep understanding of security frameworks, methodologies, and risk-based prioritization. Certifications (Preferred) Certified Information Security Manager (CISM) Certified Red Team Professional (CRTP) eLearn Certified Threat Hunting Professional (eCTHP) eLearn Web Penetration Tester (eWPT) Certified Ethical Hacker (Practical) (CEH) NSE1 – Network Security Associate Key Skills VAPT (Web, Mobile, API) Threat Hunting & Compromise Assessment Source Code & Network Configuration Review Regulatory Compliance (PCI-DSS, NCA, SAMA) Security Tool Proficiency (BurpSuite, Nessus, Metasploit, etc.) Risk Analysis & Communication Skills Report Writing & Executive Summarization

We are hiring Senior Security Consultant -VAPT Specialist for our client located in Kozhikode. Position Summary As a Senior VAPT Specialist, you will be responsible for conducting comprehensive security assessments, managing client relationships, and delivering high-quality penetration testing services. You will also conduct client-side vulnerability checks for your diverse clients. These will include assessing their security postures and offering actionable recommendations to fortify their cybersecurity defenses. As a senior VAPT specialist, you will engage in tasks that include: Client Management & Communication Be the trusted security expert and advisor for your assigned clients in undertaking security assessments. Lead engaging briefings, provide status updates, and prepare effective presentations. Convert complex technical findings into insights that drive decision-making for our clients. Build relationships that not only last, but also ensure client satisfaction, trust, and value for your service-oriented projects. Document findings that guide you to derive solutions. Threat Modeling & Risk Assessment Develop comprehensive threat models for client applications and infrastructure Conduct risk assessments and prioritize security findings based on business impact Design attack scenarios and security test cases based on threat intelligence Collaborate with development teams to integrate security into SDLC processes Red Team Operations Plan and execute red team exercises to simulate real-world attack scenarios Develop custom tools and exploits for specific client environments Conduct social engineering assessments and physical security testing when required Provide post-exercise debriefings and improvement recommendations Documentation & Reporting Contribute to internal knowledge base and best practices documentation Create detailed technical reports documenting vulnerabilities, exploitation methods, and remediation steps Develop executive summaries tailored for C-level audiences Maintain accurate project documentation and testing methodologies Required Qualifications Experience & Background 3-5 years of hands-on experience in vulnerability assessment and penetration testing Proven track record of successful client engagements and project delivery Experience with enterprise-level security assessments across various industries Demonstrated ability to work independently and manage multiple projects simultaneously Technical Expertise Deep understanding of security frameworks and standards: Penetration Testing Execution Standard (PTES) OWASP Top 10 and OWASP Testing Guide SANS Top 25 Most Dangerous Software Errors NIST Cybersecurity Framework CIS Critical Security Controls MITRE ATT & CK Framework Development & Programming Experience Software Development Background: Hands-on experience in application development and an understanding of secure coding practices are highly recommended. Programming and Scripting Languages: If you’re proficient in Python and Bash, that would be an added advantage. Additional experience in PowerShell is highly appreciated. Basic knowledge in at least one compiled language (C/C++, Go, Java, or C#) Custom Tool Development: You can efficiently develop custom security tools, exploits, and automation scripts Security Tools Expertise: You’re the person who can confidently leverage security tools with expert-level proficiency, such as Burp Suite Professional, OWASP ZAP, Nmap, Nessus, OpenVAS, Metasploit, Cobalt Strike, Wireshark, tcpdump, Static analysis tools (SonarQube, Checkmarx, and Veracode), and Custom exploit development tools. Social Engineering & Phishing Expertise Social Engineering Assessments: Design social engineering tests to trigger human response to various threat scenarios. Phishing Simulations: Run phishing simulations ethically. Physical Security Testing: Perform on-site assessments through tailgating, badge cloning, and facility penetration. Awareness Training: Provide security awareness training based on assessment findings OSINT (Open Source Intelligence): Gather and analyze publicly available information for reconnaissance and social engineering preparation. Communication & Language Skills Excellent communication skills (both written and spoken) Effectively communicate complex technical concepts to non-technical stakeholders Strong presentation and public-speaking abilities Can professionally draft technical documentation and reports Professional Attributes Strong analytical and problem-solving abilities Attention to detail with a methodical approach to testing Ability to think like an attacker and anticipate security threats Commitment to ethical hacking principles and professional conduct Continuous learning mindset to stay current with emerging threats and technologies Research-Oriented Mindset: Can deep research in all efficacy to understand emerging vulnerabilities, attack vectors, and security trends. Innovation and Tool Development: Proactive approach to developing custom security tools, scripts, and methodologies for enhancing testing capabilities Creative thinking for developing novel attack scenarios and bypassing security controls Preferred Qualifications Certifications: OSCP (Added Advantage), GPEN, CRTO, and CRT Additional Experience (If any applicable) Experience with DevSecOps practices and CI/CD pipeline security Background in software development or system administration Knowledge of compliance frameworks (PCI DSS, HIPAA, GDPR, SOC2, ISO 27001) Experience with threat intelligence platforms and indicators of compromise Familiarity with containerization security (Docker, Kubernetes) Previous consulting or client-facing experience Location: Govt. Cyberpark, Calicut Experience: 3 – 5 Years Be it undertaking vulnerability assessment or performing in-depth penetration testing, your role as a senior VAPT consultant highly counts when it comes to safeguarding our clients’ critical assets by detecting threats and closing security gaps – proactively and efficiently. Where confidence, knowledge, and aptitude combine to effectively undertake high-profile security tests like ethical hacking, it is these qualities that we expect from you for the concerned role. Contact us if you believe you aptly fit in this role.

We are hiring for Senior Security Engineer- Navi Mumbai Location (Belapur) for one of our project. Interested candidate can share resume to ankita.patari@happiestminds.com Experience: 4.8 to 8 Years Location: Navi Mumbai Location (Belapur) Office Timings: Monday to Friday (First Saturday and Third Saturday working) Looking for max 15 Days Joiners only Immediate Joiners please mentioned in Subject Line(Immediate Joiner_AppSec) General Shift Exp Range-2-4 Years Primary Skills : Web App, API, Mobile App ,API Responsibility: API functional testing, Mobile functional testing ,API integration Thanks and Regards, Ankita Ghosh

Job Title : Solution/Software Architect Reports To : Project Manager Overview We are seeking a highly skilled Solution/Software Architect to lead the design and delivery of secure, scalable, and high-performing software solutions. This role involves engaging with clients, crafting architectural plans, and guiding development teams through implementation. Key Responsibilities Design and implement software architecture for complex business needs. Lead teams, provide technical leadership, and create architectural blueprints. Evaluate tools, technologies, and processes for best outcomes. Ensure solutions follow secure-by-design principles and modern DevOps practices. Collaborate across teams for integration, quality, and performance. Stay updated with technology and security trends. Support pre-sales, documentation, and risk mitigation efforts. Required Skills & Experience 8–12 years total experience, including 4+ years as an architect. Proficiency in Node.js, Python, PHP, JavaScript, and microservices. Hands-on with MySQL, MongoDB, Redis, Nginx/Apache. DevOps tools: Git, Jenkins, Docker; SonarQube (optional). Strong grasp of cloud (AWS, Azure, GCP) and security principles. Experience with secure SDLC, threat modeling, OWASP Top 10. Knowledge of DNS, BGP, Linux kernel settings is a plus. Security certifications (CISSP, CEH, CCSP) are a bonus.

About Netskope Today, there's more data and users outside the enterprise than inside, causing the network perimeter as we know it to dissolve. We realized a new perimeter was needed, one that is built in the cloud and follows and protects data wherever it goes, so we started Netskope to redefine Cloud, Network and Data Security. Since 2012, we have built the market-leading cloud security company and an award-winning culture powered by hundreds of employees spread across offices in Santa Clara, St. Louis, Bangalore, London, Paris, Melbourne, Taipei, and Tokyo. Our core values are openness, honesty, and transparency, and we purposely developed our open desk layouts and large meeting spaces to support and promote partnerships, collaboration, and teamwork. From catered lunches and office celebrations to employee recognition events and social professional groups such as the Awesome Women of Netskope (AWON), we strive to keep work fun, supportive and interactive. Visit us at Netskope Careers. Please follow us on LinkedIn and Twitter@Netskope. About The Position Netskope is looking for an analyst on the Threat and Vulnerability Management team. This position will focus on the identification and proactive mitigation of Netskope’s attack surface, threat landscape, security gaps , and cyber threats which could impact the business. In addition, this role will be responsible for performing the vulnerability management function such as finding, reporting, and supporting business units in their vulnerability remediation efforts. Roles & Responsibilities Continuous development and execution of the enterprise Threat and Vulnerability Management strategic plan to identify and reduce vulnerable attack surfaces Perform complex analysis to understand emerging threats, and continuously demonstrates awareness of current threat posture Reviews emerging and existing threat methodologies and exploit code / proof of concept code to develop mitigations, prioritize risks and navigating sources for identification of vulnerable assets. Execute on core team functions such as scanning, reporting, custom checks, asset tagging, as well as incorporating threat intelligence into vulnerability checks Automate security tasks using scripting languages such as python. Maintain and contribute to the threat models understanding emerging/existing threats and countermeasures to them. Partners with internal teams to lead, develop, test, and continuously validate detection signatures for various attacks Provide internal teams with hardening guidance and develop tooling for auditing Support teams by being a Remediation Champion giving them guidance on various strategies to remediate a vulnerability and supporting them in their testing and validation efforts. Provides expertise in incident response activities. Teach and understand CVSS, CVE, and additional vulnerability ratings and methodologies Qualifications/Requirements Experience 2 to 5 Yrs in Security Should possess relevant university degree and/or professional qualifications/certification (e.g. CEH, OSCP) Must have knowledge with tools Tenable, Qualys, NMAP, SCAPY, and other tools. Must have the ability to understand hardening guidelines for new technologies and applications being adopted by Netskope. Understanding of containerization and containerized applications, their security weaknesses and how to secure them Must have an understanding of patch automation, security orchestration, and management tooling for on premise, private cloud, and cloud infrastructure. Knowledge of OWASP Web and Mobile Top 10 vulnerabilities and identifying them. Knowledge of TCP/IP and other application and network level protocols. Knowledge of Cloud Applications like AWS, Azure and other SAAS Applications. Excellent written and verbal communication skills. Self-motivated, curious, knowledgeable pertaining to news and current events. Ability to be effective in a remote global work environment. Netskope is committed to implementing equal employment opportunities for all employees and applicants for employment. Netskope does not discriminate in employment opportunities or practices based on religion, race, color, sex, marital or veteran statues, age, national origin, ancestry, physical or mental disability, medical condition, sexual orientation, gender identity/expression, genetic information, pregnancy (including childbirth, lactation and related medical conditions), or any other characteristic protected by the laws or regulations of any jurisdiction in which we operate. Netskope respects your privacy and is committed to protecting the personal information you share with us, please refer to Netskope's Privacy Policy for more details.

Job Description: We are looking for a Senior Java Developer who is passionate about building scalable backend systems and delivering high-performance applications. You will lead the development of robust software solutions, collaborate with cross-functional teams. This role requires a strong understanding of Java and Spring Boot.. Key Responsibilities: Backend Development & Architecture Design and develop multi-threaded, low-latency backend systems using JDK 21+ Architect and implement microservices with Spring Boot and Spring Cloud Build and integrate RESTful APIs, RPC protocols (gRPC, etc.), and event-driven architectures Write asynchronous processing logic using queues (RabbitMQ, Kafka) Data & Storage Design complex relational database schemas (MySQL/PostgreSQL) and write optimized SQL queries Use ORM frameworks (Hibernate/JPA) effectively Handle NoSQL databases such as MongoDB, Redis, or Cassandra for caching or distributed storage Implement data consistency strategies for distributed systems Security, Performance & Compliance Implement JWT/OAuth2-based authentication & authorization with Spring Security Write secure code following OWASP guidelines Perform profiling, JVM tuning, garbage collection optimization, and memory management Conduct load testing and bottleneck analysis (JMeter, Gatling, etc.) · Ensure GDPR, HIPAA, and other industry compliance standards for handling health data. Quality & Collaboration Practice TDD/BDD using JUnit, Mockito, Spock, or Cucumber Review and refactor code for SOLID principles, clean architecture, and design patterns Participate in architecture discussions, POC development, and technology evaluations Write technical documentation, API documentation (Swagger/OpenAPI) Required Skills and Qualifications: 8 – 10 years of experience in full-stack software development with a focus on Java . Proven experience in microservices architecture , using Spring Boot or similar frameworks. Expertise in designing and managing real-time data pipelines using technologies such as Apache Kafka , Flink , Spark , or RabbitMQ . Strong background in RESTful API design and implementation. Experience in architecting and optimizing NoSQL (MongoDB, Cassandra) databases for performance at scale. In-depth knowledge of cloud platforms – AWS and containerization tools (e.g., Docker , Kubernetes ). Proven experience working on real-time data systems in sports or similar domains (e.g., finance, telecommunications). Experience with CI/CD pipelines , automated testing, and deployment strategies. Understanding of data security , encryption, and compliance in handling sports data. Exceptional problem-solving skills with a focus on scalability, performance, and reliability. Nice to have experience with JavaScript frameworks like Angular , React.js or Vue.js . Soft Skills: Strong analytical and problem-solving skills Excellent communication and team collaboration abilities Self-motivated with the ability to work independently Attention to detail and a focus on quality Education: Bachelor's or Master’s degree in Computer Science , Software Engineering , or related technical field. Why Join Us? Chance to work with best tech-savvy people Best work culture and opportunity to work with US Client directly Be part of an exciting and dynamic project in the sports/healthcare domain. Work with cutting-edge technologies and large-scale data processing systems. Collaborative, fast-paced team environment with opportunities for professional growth. Competitive salary and benefits package.

Role: DevSecOps engineer Location: Hyderabad/Chennai- Hybrid Experience: 6+ About us: Conglomerate IT is a certified and a pioneer in providing premium end-to-end Global Workforce Solutions and IT Services to diverse clients across various domains. Visit us at https://www.conglomerateit.com/ Conglomerate IT mission is to establish global cross culture human connections that further the careers of our employees and strengthen the businesses of our clients. We are driven to use the power of global network to connect business with the right people without bias. We provide Global Workforce Solutions with affability. Job Summary: We are seeking a highly skilled and experienced DevSecOps Engineer to join our dynamic team. In this role, you will be responsible for integrating security into our DevOps pipelines, ensuring robust infrastructure, scalable deployment systems, and secure operations across our cloud environments. Key Responsibilities: Design, implement, and manage scalable and secure Infrastructure as Code (IaC) using tools like Terraform. Build, maintain, and support Kubernetes clusters across various environments. Develop and enhance CI/CD pipelines using tools such as Azure DevOps or equivalent. Collaborate with development, security, and operations teams to implement secure, efficient, and reliable DevSecOps practices. Automate routine processes and workflows to increase efficiency and reduce manual errors. Monitor and optimize system performance and ensure high availability, scalability, and security. Respond to security incidents and operational issues in a timely and effective manner. Implement and enforce security best practices across the software development lifecycle. Participate in a rotational on-call schedule, providing L3/L4 support during off-hours, weekends, and holidays. Develop and maintain system and process documentation. Stay current with emerging technologies, tools, and best practices in DevSecOps and cybersecurity. Required Qualifications: Bachelor’s degree in Computer Science, Engineering, Information Security, or a related field. 6+ years of experience in a DevSecOps or similar role. Strong hands-on experience with cloud platforms such as Azure and Google Cloud Platform (GCP), including security configurations. Deep understanding of the Software Development Lifecycle (SDLC) and DevSecOps practices. Expertise in CI/CD tools, especially Azure DevOps, GitHub Actions, or similar. Proficient in containerization tools including Docker and orchestration platforms like Kubernetes. Strong experience with Infrastructure as Code (IaC) and configuration management using tools like Terraform and Ansible. Familiarity with monitoring and observability tools and practices (e.g., SLO/SLA/SLI, Distributed Tracing). Solid experience with Git and other version control systems. Strong problem-solving, communication, and collaboration skills. Preferred Skills (Nice to Have): Knowledge of security standards (e.g., NIST, OWASP, CIS). Experience with policy-as-code tools like OPA/Gatekeeper. Familiarity with Secrets Management tools (e.g., HashiCorp Vault, Azure Key Vault). Experience in scripting languages such as Python, Bash, or PowerShell.

About Zeller At Zeller, we’re champions for businesses of all sizes, and proud to be a fast-growing Australian scale-up reimagining business banking and payments. We believe in a level playing field, where all businesses benefit from access to smarter payments and financial services solutions that accelerate their cash flow, help them get paid faster, and give them a better understanding of their finances. So we’re hard at work building the tools to make it happen. Zeller is growing fast, backed by leading VCs, and brings together a global team of passionate payment and tech industry professionals. With an exciting roadmap of innovative new products under development, we are building a supportive and high performing team to inspire change in the outdated banking solutions. If you are passionate about innovation, thrive in dynamic environments, embrace new possibilities, hate bureaucracy, and can’t think of anything more exciting than evolving the status-quo, then read on to learn more. Role description: As a Software Engineer (Payment Gateway) you will be responsible for developing, architecting, maintaining and supporting cloud native, highly available, robust and secure payment applications in the AWS environment. You will have the experience and engineering skills in multi-threaded Java backend, API, SQL database development. You will be familiar with cloud native architectures with mix utilisation of serverless (Lambda, DynamoDB) and container based (ECS, Docker) environments. With automation and maintenance being at the heart of our engineering principles, this position will have the enviable opportunity to adopt and promote best practices, bleeding edge technologies and trends. Not limited to a single product area or type, this role will work in a cross functional team with skill sets in full stack software engineering, devops, infrastructure, quality assurance and architecture. You will collaborate with a cross-disciplinary team to own product software development, contribute and promote standards and engineering best practices. You’ll be tasked with translating business or product requirements into technical designs, hands-on implementation of the designs to see through its testing and deployment into various environments such as; development, stress testing, integration testing, staging and production. You will enjoy the fun of development from scratch in some application components while adhering to the company engineering standards, frameworks and best practices. You will also be a collaborative engineer capable of observing and contributing to existing works by other team members. Automation and maintenance is key, you will be excited to see through your contributions into production and maintain their longevity in the mission-critical environment. Skills and Qualifications Minimum of a Bachelor degree in software engineering (or related) 3+ years of working experience in a technical hands on software engineering role Build to last and go production mindset versus build as proof-of-concept Strong and practical coding skills with Java Good knowledge and understanding of Spring FrameworkInstinctive desire to maintain code quality, tidiness and zero technical debt Good focus on test coverage (practice TDD, BDD)Good with API and its design/protocol e.g. Restful, Websocket, SOAP Can work with various databases to match query and storage requirements e.g. Aurora, DynamoDB, SQL, DocumentDB Experience in cloud native architectureKnowledge in secured coding e.g. OWASP, XSS, CORSAppreciation and know-how in CICD Experience in AWS Cloud environment (SNS, SQS; ElastiCache, Loading Balancing, ECS, ECR, Fargate, Auto-Scaling; AppMesh; S3, Aurora, RDS, DynamoDB, DocumentDB; CodePipeline, CodeBuild, CodeDeploy; CloudWatch logs, events, triggers; CloudTrail, X-Ray)

The VOC VI & ASM Analyst is responsible for:  Vulnerability Intelligence (VI): o Monitor new vulnerabilities and assess their criticality and risk severity based on threat, exploit availability, ease of exploit, impact, … o Communicate and publish an assessment on vulnerabilities related to software o Maintain timely, high-quality vulnerability bulletins, prioritizing issues against the Group’s asset exposure o Update on a regular basis our software inventory in the scope of Vulnerability Assessment Service o Keep the vulnerability database up to date; enrich each CVE and security bulletin with QDS, EPSS, CVSS metrics, …  Attack Surface Management (ASM): o Operate continuous monitoring of external assets via ASM Security tools o Update on a regular basis the coverage of ASM tools, by adding known domains and IP ranges o Assess the severity of the findings and confirm their presence review, challenge, FP assessment o Track and report exposure trends; escalate high-risk findings to Blue-Team remediation owners o Build and use the external footprint to proactively identify new threats and new vulnerabilities o Leverage ASM tools to proactively identify external assets subject to newly published vulnerabilities  BlackBox Pentesting: o Drive proactive follow-up on detected vulnerabilities, engaging system owners and tracking remediation to closure o Active follow up with Application managers to onboard new application in the BlackBox Pentesting service  Vulnerability Management: o Vulnerability review, recategorization, and false positive identification Skills  Bachelors degree in Computer Science, Information Security, EXTC or related field; relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are a plus  Experience on Penetration testing actions (web application, infrastructure, …)  Experience with VI and ASM tools  Experience in investigating newly published vulnerabilities and assessing their risks and severity  Experience with scripting languages (e.g., Python, Bash, Powershell, C#, …) for automation and customization of security processes is a plus  Experience with Pentester tools (Burp, SQLmap, Metasploit, Kali environment, …)  Strong technical skills with an interest in open-source intelligence investigations  Knowledge of NIST CVE database, OWASP Top 10, Microsoft security bulletins Additional Information  The position is based in Mumbai (India)

About the Role : We are looking for an experienced and detail-oriented QA Lead to lead our quality assurance team and ensure the delivery of high-quality software products. The ideal candidate should have a strong technical background in software testing, including automation and manual testing practices, and a passion for driving quality across the software development lifecycle. You will be responsible for building test strategies, managing QA engineers, collaborating with development teams, and implementing robust test processes. Key Responsibilities : - Lead the QA efforts across multiple projects by defining testing strategies, plans, and execution approaches. - Collaborate with product owners, developers, DevOps, and business stakeholders to understand requirements and drive test planning early in the development lifecycle. - Manage and mentor a team of QA engineers, helping them grow technically and professionally. - Design and implement comprehensive test suites for manual and automated testing. - Review and ensure full test coverage, including unit, integration, system, performance, and regression testing. - Drive the implementation of test automation frameworks and CI/CD pipeline integrations. - Ensure traceability of tests to business requirements and maintain detailed documentation for test cases and test results. - Identify, record, and track defects and work with cross-functional teams to resolve them. - Monitor QA metrics such as defect density, test coverage, test execution rate, and provide regular status reports. - Continuously improve QA processes, tools, and best practices in alignment with Agile/Scrum methodologies. - Support UAT and coordinate with end users and product teams for final product validation. Technical Skills Required : Manual Testing : - Functional, UI, regression, and exploratory testing - Test case creation, execution, and defect management - Good knowledge of STLC, SDLC, and Agile methodologies Automation Testing : - Strong hands-on experience with Selenium, Cypress, or Playwright - Knowledge of test automation frameworks like TestNG, JUnit, BDD (Cucumber) - Scripting skills in Java, Python, or JavaScript Performance Testing : - Familiarity with tools such as JMeter, LoadRunner, or Gatling (preferred) API Testing : - Proficiency in testing REST/SOAP APIs using tools like Postman, REST Assured, or SoapUI DevOps & CI/CD : - Experience integrating automation tests in pipelines using Jenkins, GitLab CI, Azure DevOps, or similar - Familiarity with Docker, Kubernetes, and cloud-based testing platforms (e.g., BrowserStack, Sauce Labs) Bug/Project Tracking Tools : - Hands-on with JIRA, TestRail, Zephyr, or similar QA/test management tools Key Qualifications : - Bachelors or Masters degree in Computer Science, Engineering, or a related field - 5-8 years of experience in software testing with at least 2 years in a QA Lead or Test Lead role - Proven experience in leading QA teams in Agile/Scrum environments - Expertise in both manual and automated testing of web and mobile applications - Strong analytical, organizational, and problem-solving skills - Excellent communication and leadership skills Nice to Have : - ISTQB or equivalent certification - Experience in testing cloud-native or SaaS applications - Exposure to security testing or tools like OWASP ZAP/Burp Suite - Familiarity with BDD and TDD development models - Knowledge of version control systems like Git

Job Summary We are seeking a skilled Software Engineer with strong proficiency in Python and distributed web application development. The ideal candidate will demonstrate technical expertise, an understanding of secure development practices, and a track record of delivering high-quality, scalable solutions in cloud-based environments. Essential Functions Technical Responsibilities Demonstrate self-sufficiency in at least one major area of the codebase. Exhibit mastery of one programming language (preferably Python) and actively develop proficiency in others, including frameworks and tools. Evaluate and present alternative technical solutions when solving problems. Possess strong understanding of: Relational databases and development frameworks Industry-standard libraries and tools Testing methodologies (unit, integration) Code quality and refactoring principles OWASP security principles and secure development practices Read and interpret existing code to identify improvements and enhancements. Understand interactions between major system components and sub-systems. Process & Agile Practices Adhere to SDLC and Agile processes, including: Scrum ceremonies Peer code reviews Sprint planning and release readiness Accurately estimate and prioritize assigned tasks. Understand and align with the product roadmap and team objectives. Champion secure software development practices and perform security reviews. Impact and Contributions Fix bugs of moderate complexity and demonstrate effective debugging skills. Independently develop new features and enhancements with minimal supervision. Participate in refactoring and modernization of existing code. Implement robust testing (unit and integration) as part of the development cycle. Contribute to internal documentation and technical knowledge bases. Deliver internal presentations and share technical knowledge with peers. Required Skills and Experience Minimum 4 years of experience in software engineering. Proficient in Python within distributed web application environments (e.g., microservices, APIs, DB integration, message queues, caching, containers, serverless architecture). Hands-on experience with AWS services and APIs (or equivalent cloud platforms like Azure or GCP). Strong development experience in OS X and Linux-based environments. Skilled in designing and building RESTful APIs and working with JSON. Familiarity with version control systems like Git. Experience with CI/CD pipelines and deployment processes. Working knowledge of Agile development methodologies (e.g., Scrum). Proven experience integrating with third-party APIs and external systems. Exposure to large-scale or distributed systems. Desirable Qualifications Experience in data engineering or data processing workflows. Familiarity with integrating AI/ML services, APIs, or models. Education Required: Bachelor’s degree in Computer Science, Engineering, or a related field Preferred: Master’s degree or relevant certifications (AWS, Scrum, Security)

What You Will Do Technical Responsibilities Leverage 6+ years of hands-on software development experience to build, maintain, and enhance high-quality distributed web applications. Take full ownership of code quality, maintainability, and system performance, consistently identifying and driving technical improvements. Apply a deep understanding of OWASP guidelines and secure software practices. Demonstrate strong empathy for end users and use this insight to guide architectural and technical decisions. Proactively identify technical risks and present viable alternative solutions. Lead or participate in architectural design discussions and contribute to system-level planning and execution. Process & Collaboration Follow established SDLC and Agile development practices, including participation in stand-ups, sprint planning, retrospectives, and peer code reviews. Collaborate cross-functionally with product managers, analysts, and designers to ensure well-rounded, user-centric solutions. Ensure technical readiness for releases through planning, reviews, and quality assurance. Impact & Leadership Mentor and onboard junior developers, fostering a culture of learning and knowledge sharing. Lead small to moderately sized projects or components of larger initiatives. Write and maintain sophisticated, scalable code with minimal supervision. Troubleshoot and resolve complex bugs using advanced debugging techniques. Drive quality through robust API documentation, code reviews, and best practices. Actively contribute to internal technical documentation and knowledge-sharing sessions. Guide system design in areas of technical specialty and execute advanced code refactoring when needed. Experience Required: Minimum of 6 years of professional experience in software development, with exposure to project leadership or mentoring roles. Certifications Required: None Preferred: Relevant certifications in AWS, cloud architecture, or secure development (nice to have) Technical Skills Strong expertise in Python for distributed systems and web development (e.g., APIs, microservices, DB integration, message queues, caching, containers, serverless). Proficient in working with AWS services and APIs (or equivalent experience with Azure/GCP). Comfortable in Linux and macOS environments. Skilled in designing and building RESTful APIs using JSON. Proficient with Git and modern CI/CD pipelines . Experience in Agile/Scrum environments and working with 3rd-party APIs and integration workflows. Familiarity with large-scale or distributed web applications . Desirable: Experience with data processing, data engineering , or integration with AI/ML services and APIs.

Job Title : SDE 2 Full Stack Developer Responsibilities Lead design and delivery of complex end-to-end features across frontend, backend, and data layers. Make strategic architectural decisions on frameworks, datastores, and performance patterns. Review and approve pull requests, enforcing clean-code guidelines, SOLID principles, and design patterns. Build and maintain shared UI component libraries and backend service frameworks for team reuse. Identify and eliminate performance bottlenecks in both browser rendering and server throughput. Instrument services with metrics and logging, driving SLIs, SLAs, and observability. Define and enforce comprehensive testing strategies : unit, integration, and end-to-end. Own CI/CD pipelines, automating builds, deployments, and rollback procedures. Ensure OWASP Top-10 mitigations, WCAG accessibility, and SEO best practices. Partner with Product, UX, and Ops to translate business objectives into technical roadmaps. Facilitate sprint planning, estimation, and retrospectives for predictable deliveries. Mentor and guide SDE-1s and interns; participate in hiring. Qualifications & Skills 35 years building production Full stack applications end-to-end with measurable impact. Proven leadership in Agile/Scrum environments with a passion for continuous learning. Deep expertise in React (or Angular/Vue) with TypeScript and modern CSS methodologies. Proficient in Node.js (Express/NestJS) or Python (Django/Flask/FastAPI) or Java (Spring Boot). Expert in designing RESTful and GraphQL APIs and scalable database schemas. Knowledge of MySQL/PostgreSQL indexing, NoSQL (ElasticSearch/DynamoDB), and caching (Redis). Knowledge of Containerization (Docker) and commonly used AWS services such as lambda, ec2, s3, apigateway etc. Skilled in unit/integration (Jest, pytest) and E2E testing (Cypress, Playwright). Frontend profiling (Lighthouse) and backend tracing for performance tuning. Secure coding : OAuth2/JWT, XSS/CSRF protection, and familiarity with compliance regimes. Strong communicator able to convey technical trade-offs to non-technical stakeholders. Experience in reviewing pull requests and providing constructive feedback to the team. Qualities We'd Love To Find In You The attitude to always strive for the best outcomes and an enthusiasm to deliver high quality software. Strong collaboration abilities and a flexible & friendly approach to working with teams. Strong determination with a constant eye on solutions. Creative ideas with problem solving mind-set. Be open to receiving objective criticism and improving upon it. Eagerness to learn and zeal to grow. Strong communication skills is a huge plus. Work Location : Hyderabad (ref:hirist.tech)