3229 Owasp Jobs - Page 27

Team Product Security is Shifting Everywhere and holistically improving the maturity of the security program. The Secure Software Development Lifecycle (SSDL) team helps the organization measure and improve security activities. The team leads product threat modeling, helps to improve security behaviors, and manages a highly visible security champions program. The team is both highly technical and strategic. Role As a Senior Product Security Engineer on the ServiceNow SSDL team, you will collaborate with developers and software architects on highly technical solutions and help the organization build secure and resilient software. You will be threat modeling software products and services to identify potential risk and participate in architectural reviews of products in development. A key part of this position is to ensure the continued success of a large and growing security champions program. You will help mentor security champions and assist them in secure software design. As a Senior Product Security Engineer, you will help security champions be successful. What you get to do in this role: Work on a wide range of technologies Work on complex architectural and technical challenges Participate in threat modeling activities Mentor and collaborate with development teams to adopt secure coding practices Work on strategic and highly visible security activities across the organization Be an advocate for security and participate in a security champions program To be successful in this role you have: Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools,

Apenetration testing (PenTest) and disaster recovery (DR) test job description typically requires candidates to have expertise in both cybersecurity and business continuity. The role involves conducting authorized simulated attacks to identify vulnerabilities in systems and infrastructure, developing and testing DR plans, and providing recommendations for improvement. Penetration Testing (PenTest) Responsibilities : Vulnerability Assessment: Identify weaknesses in computer systems, networks, and applications. Simulated Attacks: Perform ethical hacking exercises to mimic real-world attacks. Reporting and Recommendations: Document findings and provide actionable recommendations for remediation. Staying Updated: Keep abreast of the latest cybersecurity threats and trends. Disaster Recovery (DR) Testing Responsibilities: DR Plan Development: Contribute to the development and maintenance of DR plans. Testing and Validation: Conduct DR tests to validate the effectiveness of the plan and identify gaps. Communication: Communicate with stakeholders regarding DR testing procedures and results. Improvement: Suggest improvements to the DR plan based on testing findings. Key Skills and Requirements : Technical Expertise: Strong understanding of operating systems, networking, and programming languages. Security Knowledge: Familiarity with cybersecurity best practices, threat models, and security tools. Communication Skills: Ability to communicate findings and recommendations to both technical and non-technical audiences. Analytical Skills: Ability to analyze root, identify trends, and develop solutions. Problem-solving Skills: Ability to troubleshoot issues and implement fixes. Additional Information: Certifications: Relevant certifications like CompTIA PenTest+, CEH, or CISSP can be beneficial. Experience : Experience in cybersecurity,penetration testing, and/or disaster recovery is usually required

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title And Summary Senior Software Engineer-6 Who is Mastercard? Mastercard is a global technology company in the payments industry. We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. Overview Transfer Solutions is responsible for driving Mastercard’s expansion in payments from two key strategic flows: Disbursements & Remittances and Bill Payments. The Product & Engineering teams within Transfer Solutions are responsible for designing, developing, launching, and maintaining products and services designed to capture these flows from a wide range of Customer segments. Do you like to be part of a team that creates and executes strategic initiatives centered around digital payments? Do you look forward to developing and engaging with high performant diverse teams around the globe? Would you like to be part of a highly visible, strategically important global engineering organization? The Role What’s it all about and what we expect you to do day to day? Own software delivery tasks (code development, test, deployment, release, configuration and documentation) at an application/software component level Able to troubleshoot and refactor existing code for exceptional code quality. Adopt new languages and architecture patterns needed for the work. Participate and contribute to team’s agile process and decisions. Understand and contribute to Prioritization. Pull from backlog and deliver work after seeking guidance from experienced team members and in partnership with full scrum team. Automate build, operate, and run aspects of software. Drive code/design/process trade-off discussions within their team when required. Drive integration of services focusing on customer journey and experience. Perform demos/acceptance discussions in interacting with Product owners. Understands operational and engineering experience, actively works to improve experience and metrics in ownership area. Develop complete understanding of end-to-end technical architecture and dependency systems. Drive adoption of technology standards and opinionated frameworks, and review coding, test, and automation work of team members. Mentor and guide new and less-experienced team members. Identify opportunities to improve an overall process and trim waste. Share and seek knowledge within their Guild/Program to drive reuse of patterns/libraries/practices and enhance productivity. All About You And What You Need To Bring Has ability to write secure code in three or more languages (e.g., Java, JavaScript, SQL) Familiar with secure coding standards (e.g., OWASP, CWE, SEI CERT) and vulnerability management Infrastructure as code and cloud first software development knowledge experience preferred. Understands and implements standard branching (e.g., Gitflow) and peer review practices. Move the team towards trunk based development Apply tools (e.g., Sonar, Zally, Checkmarx ) and techniques to scan and measure code quality and anti-patterns as part of development activity Has skills in test driven and behavior driven development (TDD and BDD) to build just enough code and collaborate on the desired functionality. Ability to keep the full testing pyramid healthy - Has skills to author test code with lots of smaller tests followed by few contract tests at service level and fewer journey tests at the integration level Understands the use of basic design patterns (e.g., factory, adaptor, singleton, composite, observer, strategy, inversion of control) Understands use cases for advanced design patterns (e.g., service-to-worker, MVC, API gateway, intercepting filter, dependency injection, lazy loading, all from the gang of four) to implement efficient code Understands and implements Application Programming Interface (API) standards and cataloging to drive API/service adoption and commercialization and effort estimation Experienced in agile and modern SDLC practices (Scrum/Kanban/Continuous Delivery/DevOps/Quality engineering) and the delivery situations they are used for Has skills to elaborate and estimate non-functional requirements, including security (e.g., data protection, authentication, authorization), regulatory, and performance (SLAs, throughput, transactions per second) Has skills to orchestrate release workflows and pipelines, and apply standardized pipelines via APIs to achieve CI and CD using industry standard tools (e.g., Jenkins, AWS/Azure pipelines, XL Release, others). Familiar with different application patterns to implement different types of business processes (e.g., APIs, event-driven-services, batch-services, web-applications, big data) Experience in Continuous Integration (CI) and Delivery (CD) concepts, and capabilities to support automation, pipelines, virtualization, and containerization Able to perform debugging and troubleshooting to analyze core, heap, thread dumps and remove coding errors Has skills to conduct product demos and co-ordinate with product owners to drive product acceptance signoffs Has skills to Understands customer journeys and ensure a Mastercard good experience by continuously reducing Mean time to mitigate (MTTM) for incidents and ensuring high availability (99.95% as a starting point) Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines. R-249881

Experience: Essential Qualifications Minimum of 5-9 years of experience in Quality Assurance, with at least 2 years focused on test automation. Proven experience leading QA efforts for at least one major software project. Demonstrated experience in a full-stack environment, preferably with a strong understanding of MEAN/MERN architecture. Technical Skills: Expertise in designing, developing, and maintaining robust and scalable test automation frameworks from scratch. Proficiency in at least one modern programming language relevant to the project's stack, such as JavaScript or TypeScript . In-depth knowledge of test automation tools for both front-end and back-end testing: Front-end (UI) automation: Strong experience with frameworks like Cypress, Playwright, or Selenium . Back-end (API) automation: Hands-on experience with tools like Postman (with scripting), Newman, or a framework using libraries like Mocha and Chai. Experience with performance testing tools for API and front-end performance (e.g., JMeter, Lighthouse). Solid understanding of testing methodologies, including unit testing, integration testing, end-to-end testing, and regression testing. Experience with version control systems, specifically Git . Leadership & Soft Skills: Ability to create, document, and manage comprehensive test plans, strategies, and test cases. Experience in leading and mentoring a small team of QA engineers. Excellent analytical and problem-solving skills to identify, reproduce, and report defects. Strong communication and collaboration skills to work effectively with developers, product managers, and other stakeholders. Knowledge of the entire Software Development Life Cycle (SDLC) and its various methodologies, particularly Agile/Scrum. Experience: Desirable Qualifications Prior experience as a developer (even for a short period) is a significant plus, as it provides a deeper understanding of the codebase. Experience with security testing (e.g., OWASP, penetration testing). Experience with a non-functional testing, such as accessibility testing. Technical Skills: Experience with continuous integration/continuous deployment (CI/CD) pipelines to integrate automated tests (e.g., Jenkins, GitLab CI/CD, CircleCI). Knowledge of cloud platforms like AWS, GCP, or Azure, and how they relate to the application's infrastructure. Experience with containerization technologies like Docker . Familiarity with other testing frameworks and tools like Jest (for unit testing), Mocha, or Chai. Knowledge of monitoring and logging tools (e.g., ELK stack, Prometheus, Grafana). Certifications & Soft Skills: Relevant certifications, such as ISTQB (International Software Testing Qualifications Board) Foundation Level or Agile Tester. Strong attention to detail and a proactive approach to quality. Experience with defect tracking and project management tools (e.g., Jira, Trello, Asana).

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : ServiceNow Governance, Risk, and Compliance (GRC) Good to have skills : Security Architecture DesignMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular assessments of cloud security measures to ensure they align with business objectives.- Collaborate with cross-functional teams to integrate security practices into the development lifecycle. Professional & Technical Skills: - Must To Have Skills: Proficiency in ServiceNow Governance, Risk, and Compliance (GRC).- Good To Have Skills: Experience with Security Architecture Design.- Strong understanding of risk management frameworks and compliance standards.- Experience in implementing security controls and monitoring solutions.- Familiarity with cloud service models and their security implications. Additional Information:- The candidate should have minimum 3 years of experience in ServiceNow Governance, Risk, and Compliance (GRC).- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

As a member of the ShipBob Team, you will... Grow with an Ownership Mindset: We champion continuous learning and proactive innovation. Team members are encouraged to identify challenges and take ownership of initiatives that drive merchant, company and personal growth. By tackling complex problems and exploring creative solutions, you won’t just follow a playbook, you’ll be actively building the future of ShipBob. Collaborate with Peers and Leaders Alike: ShipBob values collaboration and support, where team members and leaders alike are committed to helping each other succeed. We all set high standards and understand the importance of transparency at all levels. We’ve created an environment where trust, open communication, and mutual respect motivate our teams to reach new heights. Experience a High-Performance Culture and Clear Purpose: Our commitment to delivering results creates a goal-driven, high-performance culture where everyone is empowered to contribute to our mission with a clear understanding of their direct impact and accountability. We measure success in tangible ways, allowing each team member to see the positive outcomes of their work and celebrate shared victories. Location: Remote in India Role Description As a Software Development Engineer II - Full Stack at ShipBob, you will be primarily responsible for the development of production level software in coordination with your team. You will work very closely with Product Owners and your Engineering Manager. This role reports to the Senior Manager, Software Development. What You’ll Do Become a go-to expert in one area of the codebase; understand the broad architecture of the entire system. Provides technical advice and weighs in on technical decisions that impact other teams or the company at large. Research and propose new technologies. Scopes and stages work into well-defined milestones to avoid a monolithic deliverable. Regularly delivers software on time and is constantly working to make accurate estimates and delivers on those estimates. Known for drama-free launches. Owns the technical testing and performance plan for their projects. Takes initiative to identify and solve important problems, coordinating with others on cross-cutting technical issues. Sets direction at the project/service level and consistently influences decision-making at the Pillar level. Identifies and proactively tackles technical debt before it grows into debt that requires significant up-front work to resolve. Makes others better through code reviews, thorough documentation, technical guidance, and mentoring or serving as a Tech Lead on a project. Sits on the Architectural Review Board, provides feedback on projects outside of their core area. Understands the tradeoffs between technical, analytical and product needs and leads to solutions that take all of these needs into account. Identifies and proposes strategies around technical problems affecting their team, communicates standards and gets buy-in on solutions. Additional duties and responsibilities as necessary. What You’ll Bring To The Table 3+ years of experience. Excellent problem-solving skills. Excellent programming skills. Excellent communication skills. Object oriented mindset. Ability to work quickly and collaboratively in a fast-paced, entrepreneurial environment. Ability to own small well scoped features and implementation. A hands-on coding approach to engineering mentorship. Ability to own medium sized features from design to implementation. A defensive coding mindset with knowledge of OWASP. Ability to own large features from design to implementation. Ability to own service level system design. Experience in the following: SQL JSON REST .NET C# ASP.NET MVC Javascript Relational DB Concepts Relational DB Design Agile software development methodologies Team building expertise Automating infrastructure Automating build process Nice to have: A passion for QA and an understanding that testing is not someone else’s responsibility. A passion for DevOps and an appreciation for continuous integration/deployment. Ability to own cross service level system design. Experience with Microsoft Azure Experience with event-driven (EDA) architectures Experience with service-oriented (SOA) architectures Experience with Vue.js Experience with Azure DevOps Experience with Azure Functions Experience with Azure Webjobs Experience with App Services Experience with Service Bus Experience with Storage Queues Perks & Benefits Medical, Term & Accidental Insurance All Purpose Leave (casual & sick time): 12 days Earned Leave: 15 days Public Holiday: 12 days Generous Maternity & Paternity Leave Quarterly Wellness Day Work From Home Allowance See Our High-Performing Culture >>> Check us out on Instagram (@lifeatshipbob) We recognize that people come with a wealth of experience and talent beyond just the technical requirements of a job. If your experience is close to what you see listed here, please still consider applying. Diversity of experience and skills combined with passion is a key to innovation and excellence; therefore, we encourage people from all backgrounds to apply to our positions. About You The work we do at ShipBob is both challenging and rigorous, which means our environment isn’t the right fit for everyone, and that’s okay. We welcome energetic high performers who thrive in a dynamic, collaborative, results-driven environment. We value individuals who embrace accountability and humility, push boundaries, and are motivated by challenging work. Every team member, no matter their role or tenure, is expected to roll up their sleeves and tackle the complex problems we face in today’s global supply chain. Learn more about our core values and how we perform at a high level in our day-to-day work on our Culture page (https://www.shipbob.com/careers/culture/). About Us ShipBob is a leading global supply chain and fulfillment technology platform designed for SMB and Mid-Market ecommerce merchants to provide them access to best-in-class capabilities and to deliver a delightful shopper experience. Merchants can outsource their entire fulfillment operations, utilize ShipBob’s proprietary warehouse management system for in-house fulfillment, or take advantage of a hybrid solution across ShipBob’s dozens of fulfillment center network in the United States, Canada, Mexico, United Kingdom, Europe, and Australia. ShipBob is backed by leading investors like Menlo Ventures, Bain Capital Ventures, Hyde Park Venture Partners, and SoftBank Vision Fund 2, and is one of the fastest-growing tech companies headquartered in Chicago. ShipBob provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Job Title: SOC – Information Security Location: Noida Experience: 4-6 Years Job Type: Full-Time Job Overview We are seeking a detail-oriented and technically proficient IT Security & Compliance Analyst with strong experience in Vulnerability Assessment & Penetration Testing (VAPT) , security audits , and IT controls . The ideal candidate will be responsible for evaluating IT systems, identifying gaps in compliance, performing security assessments, and ensuring alignment with regulatory and organizational security frameworks such as ISO 27001 and SEBI guidelines . Key Responsibilities Evaluate the adequacy and effectiveness of IT controls related to: Compliance & regulatory requirements Change management processes Information security policies System backup and recovery Business continuity and disaster recovery (BCP/DR) Monitor and assess control deficiencies, and provide recommendations to improve existing policies, documentation, and review processes. Work closely with external auditors to ensure alignment on in-scope systems and controls, and coordinate testing activities as required. Execute and manage multiple tasks efficiently, adhering to project timelines and allocated budgets. Conduct regular security audits and compliance assessments using frameworks such as: ISO 27001:2013, SEBI cybersecurity guidelines, OWASP Top 10, WASC TCv2, SANS Top 25, CWE 25 Perform manual security assessments using tools like: Burp Suite, Qualys, Netsparker, Nessus, NTO Spider or other industry-standard VAPT tools Provide insights on security system optimization and tuning based on alerts and real-time observations. Strong involvement in security incident response, malware handling, and vulnerability management. Work with SIEM tools for log correlation and threat detection. Required Skills & Experience Hands-on experience in VAPT (focus on manual testing) Deep understanding of information security principles Knowledge of data loss prevention (DLP), encryption, patch management, PGP, and anti-virus systems Proficiency in SIEM platforms and correlating security logs Strong documentation and communication skills Familiarity with security audit lifecycle and reporting Preferred Certifications (Optional) CEH, CISA, ISO 27001 Lead Auditor, or related certifications

About this role: Wells Fargo is seeking Senior Information Security Engineer. In this role, you will: Manage security automation tools with main focus on SCA (i.e. Checkmarx One, BlackDuck) and other tools in the ecosystem along with supporting operational management with regularly scheduled upgrade of the tools. Interface with various internal teams ServiceNow AVR, DevOps and vulnerability operations team to make sure SCA vulnerabilities are identified and recorded per the application security policies and guidance. This role is part of application security engineering team responsible for scanning code following the Wells Fargo established guidelines, secure development policies and procedures. This role will focus heavily on building and enhancing Software composition analysis (SCA) practice, help software developers at various Wells Fargo CIO teams to build faster, more securely, fine-tuning the tools, leveraging AI where possible to improve processes and services for optimal developer experience Collaborate with security architecture teams to design vulnerability management workflow, establish best practices and design guidance to optimize experience for developers Security training and outreach as needed for internal development teams Adversarial security analysis on various application security requirements as requested from various CIO teams, research and recommend cutting-edge tools and industry best practices. Work with application security governance teams, risk & compliance partners on audits (e.g., SOC 2, PCI-DSS) and recommending relevant policies. Collaborate with CTO pipeline teams to improve code quality and vulnerability detection on Open Source, code signing and SBOM creation Analyze, enhance, architect and support container security tools and platforms Design and build advanced security solutions to strengthen open-source software supply chains for effective automation and management. Required Qualifications: 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications: Experience in Security automation tools with main focus on SCA (i.e. Checkmarx One, BlackDuck) Solid Experience in OWASP Top 10 or CWE Good Knowledge in software development, experience in one or more of programming languages, .Net C#, Java, RUST, C++ Ability to write automation scripts in Python, PowerShell to support internal projects Experience with CI/CD pipelines and related technologies (e.g., GitHub, Jenkins, Maven, Artifactory, Harness, Xray, Curation) Good understanding of Secure Software development lifecycle Demonstrated experience of communicating secure development concepts to non-technical audiences and the ability to achieve results through prolific communication skills. Demonstrated knowledge on Information Security related requirements in applications, secure development standards, and best practices. Demonstrated ability in publishing secure coding standards. Experience in Collaborating with cross functional teams to achieve results. Demonstrated experience in stakeholder management. Demonstrated experience of problem identification and solving skills. Superior Knowledge of AppSec security products. Job Expectations: Detailed oriented must be able to create documentation on different SCA procedures and tool configuration. Familiarity and experience with AI tools supporting false positives reduction, auto code remediation, open-source threat intelligence would be preferred. Experience with Jira/Confluence is required Strong problem-solving and analytical skills Certification in information security (CISSP, CISM, CEH, etc.) Experience with container security working with technologies like k8s and container technologies such as OpenShift Experience generating Software Bill of Materials (SBOMs) using CycloneDX or SPDX, managing or utilizing dependency track From an application security perspective, knowledge of AI/ML and GenAI is essential for building robust defenses Posting End Date: 25 Aug 2025 *Job posting may come down early due to volume of applicants. We Value Equal Opportunity Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic. Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements. Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process. Applicants with Disabilities To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo . Drug and Alcohol Policy Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more. Wells Fargo Recruitment and Hiring Requirements: a. Third-Party recordings are prohibited unless authorized by Wells Fargo. b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.

Company Description It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone. Job Description Team Product Security is Shifting Everywhere and holistically improving the maturity of the security program. The Secure Software Development Lifecycle (SSDL) team helps the organization measure and improve security activities. The team leads product threat modeling, helps to improve security behaviors, and manages a highly visible security champions program. The team is both highly technical and strategic. Role As a Senior Product Security Engineer on the ServiceNow SSDL team, you will collaborate with developers and software architects on highly technical solutions and help the organization build secure and resilient software. You will be threat modeling software products and services to identify potential risk and participate in architectural reviews of products in development. A key part of this position is to ensure the continued success of a large and growing security champions program. You will help mentor security champions and assist them in secure software design. As a Senior Product Security Engineer, you will help security champions be successful. What you get to do in this role: Work on a wide range of technologies Work on complex architectural and technical challenges Participate in threat modeling activities Mentor and collaborate with development teams to adopt secure coding practices Work on strategic and highly visible security activities across the organization Be an advocate for security and participate in a security champions program Qualifications To be successful in this role you have: Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI's potential impact on the function or industry. 4+ years of experience in software security (AppSec) 1+ years of experience in threat modeling software applications and services Proficient in threat modeling methodologies such as STRIDE or PASTA and their applied use in fast-moving, iterative development lifecycles In-depth knowledge of common web application vulnerabilities (OWASP Top 10) Developer-level proficiency in one or more languages - Python, Java, JavaScript, and Golang preferred Knowledge in authentication and authorization standards including OAuth, OIDC, SAML, JWT, and PASETO Knowledge of symmetric and asymmetric cryptography, digital signatures, PKI, TLS, and cryptographic hash functions Knowledge of cloud native technologies including containers, Kubernetes, and services provided by AWS, GCP, and Azure Knowledge of static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) security tools Knowledge of OWASP ASVS, SCVS, and related verification standards Ability to work collaboratively in a highly distributed team Ability to communicate technical concepts to business stakeholders A passion for security JV20 Additional Information Work Personas We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.

Offensive Security Professional Job Req ID: 49030 Posting Date: 15 Jul 2025 Function: Software Engineering Unit: Networks Location: Building No 14 Sector 24 & 25A, Gurugram, India Salary: Competitive Hiring Manager: Abhishar Balodhi Recruiter: Archana SM Location: Gurugram Carrer Level: E Why BT We’ve always been an organisation with a purpose; to use the power of communication to make a better world. You can trace this back to our beginning as pioneers of the world’s firs telecommunications company. At our heart we’re a technology company with research and innovation in our bones and a desire to be personal, simple, and brilliant for our customers - those are the values we live by whilst also creating an inclusive working environment where people from all backgrounds can succeed.Our pursuit of progress over the past 180 years has established BT as a strong, successful brand, with huge scale capable of achieving great things. From supporting emergency services, hospitals, banks and keeping economies around the world online, safe and secure, to delivering large scale technology infrastructure like the creation of BT Sport. Today in this fast-changing, always on, digital world our purpose remains true. Yet the market conditions, regulations and competition we face are tougher than ever before. So, if you have the drive, optimism and resilience to help propel us forward we’ll offer unrivalled personal development, a wealth of opportunities to learn, experience new things and pursue new careers. If that’s you and what you’re looking for, we’d love you to be part of our future. Why this job matters As an experienced Information Security Services provider we will help lead a highly motivated team laser-focused on analyzing, designing, developing and delivering solutions built to stop adversaries and strengthen your operations Our Competent individuals and Skilled leadership will provide you incident response, risk reviews and vulnerability assessments, identifying threats, all of which ladder up to driving secure solutions. What I’ll be doing – your accountabilities Accountable for delivering vulnerability assessments and penetration tests. Responsible for increasing individual technical skill whilst also delivering BAU. Accountable for increasing capability of the penetration testing team through web application, network & mobile skill acquisition. Accountable for support leadership in setting strategy for the team moving forward. Responsible for contributing to the positive research and technical capability of BT security. To support and maintain the BT Business Support – Protect BT ISO27001 certificate for Offensive Security team The skills you need Pentest Skills – Web application pentest (OWASP,NIST framework), Network pentest (Linux,windows),API & Mobile pentest. Networking Skills – TCP/IP packet level understanding,Routing,Switching,firewall understanding. Linux Skills – Linux directory structure & basic command line knowledge from pentest/vulnerability assessment standpoint. Vulnerability management- This requires understanding of vulnerability assessment framework(CVE/CVSS) and Security assessment tools (such as Nmap,Metasploit, Burp Suite, SQLmap, Nessus) Regulatory Understanding - PCI DSS guidelines, GDPR. Experience you would be expected to have Mandatory 2-4 Years experience in the field on pentesting. Mandatory Bachelor's Degree or higher preferred. CEH,OSCP,CREST,LPT certifications are highly preferred. Ability to understand packet level TCP/IP knowledge. Good scripting knowledge (e.g. Python) will be highly preferred. Capable of working successfully with end customers PREFERRED. Our leadership standards Looking in: Leading inclusively and Safely I inspire and build trust through self-awareness, honesty and integrity. Owning outcomes I take the right decisions that benefit the broader organisation. Looking out: Delivering for the customer I execute brilliantly on clear priorities that add value to our customers and the wider business. Commercially savvy I demonstrate strong commercial focus, bringing an external perspective to decision-making. Looking to the future: Growth mindset I experiment and identify opportunities for growth for both myself and the organisation. Building for the future I build diverse future-ready teams where all individuals can be at their best. About us BT is part of BT Group, along with EE, Openreach, and Plusnet. Millions of people rely on us every day to help them live their lives, power their businesses, and keep their public services running. We connect friends to family, clients to colleagues, people to possibilities. We keep the wheels of business spinning, and the emergency services responding. We value diversity and celebrate difference. ‘We embed diversity and inclusion into everything that we do. It’s fundamental to our purpose: we connect for good.’ We all stick to the same values: Personal, Simple, and Brilliant. From day one, you’ll get stuck in to tough challenges, pitch in with ideas, make things happen. But you won’t be alone: we’ll be there with help and support, learning and development. This is your chance to make a real difference to the world: to be part of the digital transformation of countless lives and businesses. Grab it. A FEW POINTS TO NOTE: Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch. We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us. DON'T MEET EVERY SINGLE REQUIREMENT? Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.

Essential Qualifications Experience: Minimum of 5-9 years of experience in Quality Assurance, with at least 2 years focused on test automation. Proven experience leading QA efforts for at least one major software project. Demonstrated experience in a full-stack environment, preferably with a strong understanding of MEAN/MERN architecture. Technical Skills: Expertise in designing, developing, and maintaining robust and scalable test automation frameworks from scratch. Proficiency in at least one modern programming language relevant to the project's stack, such as JavaScript or TypeScript . In-depth knowledge of test automation tools for both front-end and back-end testing: Front-end (UI) automation: Strong experience with frameworks like Cypress, Playwright, or Selenium . Back-end (API) automation: Hands-on experience with tools like Postman (with scripting), Newman, or a framework using libraries like Mocha and Chai. Experience with performance testing tools for API and front-end performance (e.g., JMeter, Lighthouse). Solid understanding of testing methodologies, including unit testing, integration testing, end-to-end testing, and regression testing. Experience with version control systems, specifically Git . Leadership & Soft Skills: Ability to create, document, and manage comprehensive test plans, strategies, and test cases. Experience in leading and mentoring a small team of QA engineers. Excellent analytical and problem-solving skills to identify, reproduce, and report defects. Strong communication and collaboration skills to work effectively with developers, product managers, and other stakeholders. Knowledge of the entire Software Development Life Cycle (SDLC) and its various methodologies, particularly Agile/Scrum. Desirable Qualifications Experience: Prior experience as a developer (even for a short period) is a significant plus, as it provides a deeper understanding of the codebase. Experience with security testing (e.g., OWASP, penetration testing). Experience with a non-functional testing, such as accessibility testing. Technical Skills: Experience with continuous integration/continuous deployment (CI/CD) pipelines to integrate automated tests (e.g., Jenkins, GitLab CI/CD, CircleCI). Knowledge of cloud platforms like AWS, GCP, or Azure, and how they relate to the application's infrastructure. Experience with containerization technologies like Docker . Familiarity with other testing frameworks and tools like Jest (for unit testing), Mocha, or Chai. Knowledge of monitoring and logging tools (e.g., ELK stack, Prometheus, Grafana). Certifications & Soft Skills: Relevant certifications, such as ISTQB (International Software Testing Qualifications Board) Foundation Level or Agile Tester. Strong attention to detail and a proactive approach to quality. Experience with defect tracking and project management tools (e.g., Jira, Trello, Asana).

Job Title:- Penetration Tester We are looking for Penetration Tester to join our security team & who will be responsible for Web & Mobile VAPT. Job Description : Qualysec Technologies is seeking a skilled and highly motivated Penetration Tester to join our fabulous security team in Bhubaneswar. The Penetration Tester will be mainly responsible for performing security testing of Web & Mobile applications including identifying, evaluating, and exploiting vulnerabilities in various systems, networks, and applications. Qualification :- Bachelor's Degree in a related Cybersecurity/IT/Computer Science field. Experience :- 0 to 1 years Location :- Bhubaneswar Job Type :- Full Time Responsibilities Perform vulnerability assessments & penetration testing (VAPT) on Web, APIs and mobile applications Identify and exploit vulnerabilities in products under test prepare reports by documenting identified issues based on internal templates Collaborating with other team members to improve the overall security posture of our clients. Enhance technical skills & knowledge by Staying up-to-date with emerging threats and vulnerabilities Skills Required Knowledge in penetration testing, vulnerability assessment, and ethical hacking. Knowledge in Pentesting of various applications i.e Web, Mobile (Android & iOS), APIs, Cloud (AWS / Azur )etc. Strong knowledge of security assessment tools such as Metasploit, BurpSuite, ZAP, OWASP tools, Kali Linux tools and Fuzzing tools Hands-on experience with manual and automated penetration testing methodologies. Experience in working with Standards such as NIST, OWASP, MITRE CWE etc. Strong understanding of network protocols, operating systems, and web application technologies. Excellent written and verbal communication skills, with the ability to clearly document and communicate findings and recommendations. About Us Qualysec is a leading cybersecurity firm specializing in comprehensive penetration testing and risk assessment services. Our tailored solutions help businesses proactively defend against evolving cyber threats. With over four years of experience, we take pride in having served more than 150 clients across 21 countries—a testament to our commitment to quality and resilience. Our dynamic work environment and employee-focused culture drive our continuous growth and success. Job Type: Full-time Schedule: Day shift Job Types: Full-time, Permanent Work Location: In person

Experience : 6.00 + years Salary : Confidential (based on experience) Shift : (GMT+05:30) Asia/Kolkata (IST) Opportunity Type : Hybrid (Pune) Placement Type : Full time Permanent Position (*Note: This is a requirement for one of Uplers' client - SoHo Dragon) What do you need for this opportunity? Must have skills required: Java, Manual Testing SoHo Dragon is Looking for: Has ability to write secure code in Java language Technical skills in Java, Selenium, Cucumber, REST, JSON, Eclipse/IntelliJ, GIT, Spring framework Good SQL skills and capability of comprehending and writing complex queries. Experience testing RESTful APIs, integration testing of APIs , web user interface, and/or reports. Understands and implements standard branching (e.g., Gitflow) Has skills in test driven and behavior driven development (TDD and BDD) to build just enough code and collaborate on the desired functionality. Able to perform debugging and troubleshooting to analyze core, heap, thread dumps and remove coding errors Understands the use of basic design patterns (e.g., factory, adaptor, singleton, composite, observer, strategy, inversion of control) Understands and implements Application Programming Interface (API) standards and cataloging to drive API/service adoption and commercialization and effort estimation Experienced in agile and modern SDLC practices (Scrum/Kanban/Continuous Delivery/DevOps/Quality engineering) and the delivery situations they are used for Experience in Continuous Integration (CI) and Delivery (CD) concepts, and capabilities to support automation, pipelines, virtualization, and containerization Nice to Have Familiar with secure coding standards (e.g., OWASP, CWE, SEI CERT) and vulnerability management Java Has ability to write code (in languages such as Java, Python, Ruby, Bash, Perl, Groovy) to build automation tasks that are repeatable and efficient Apply tools (e.g., Sonar, Zally, Checkmarx ) and techniques to scan and measure code quality and anti-patterns as part of development activity How to apply for this opportunity? Step 1: Click On Apply! And Register or Login on our portal. Step 2: Complete the Screening Form & Upload updated Resume Step 3: Increase your chances to get shortlisted & meet the client for the Interview! About Uplers: Our goal is to make hiring reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant contractual onsite opportunities and progress in their career. We will support any grievances or challenges you may face during the engagement. (Note: There are many more opportunities apart from this on the portal. Depending on the assessments you clear, you can apply for them as well). So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

Our client, a leading bank in the Middle East, is seeking a Senior Architect to join their Group IT team within the Architecture Chapter. This is a high-impact role responsible for designing scalable, secure, and resilient technology platforms that support critical business domains. Key Responsibilities: Design and deliver end-to-end architecture solutions across mobile/web apps, microservices, and cloud-native platforms Collaborate with business stakeholders, product owners, and delivery teams to transform business needs into technology solutions Define and enforce architectural standards, patterns, and best practices Integrate security best practices in architecture to ensure data confidentiality, compliance, and regulatory alignment Mentor junior architects and contribute to reusable design assets such as blueprints and reference architectures Lead peer reviews, conduct internal workshops, and promote cross-team architectural alignment Required Skills and Experience: Minimum 5 years of experience in designing web/mobile applications, APIs, and microservices Strong experience with cloud-native technologies including Kubernetes, OpenShift, containers, and virtualization Minimum 3 years of hands-on experience in Cyber/Information Security Deep understanding of security concepts such as Authentication, Authorization, Encryption, Logging/Monitoring, and OWASP standards Experience working in agile environments and DevSecOps delivery models Knowledge of enterprise architecture tools (e.g., Sparx EA) and cloud platforms such as Azure, AWS, or OCI Strong analytical thinking, stakeholder management, and solution-driven approach Preferred Qualifications: Certifications such as TOGAF, AWS/Azure Architect, or CISSP Experience working in the banking or fintech domain Exposure to data modelling tools and security regulations related to financial services Why Apply? Opportunity to work with a major banking client leading digital transformation across the region Contribute to enterprise-scale architecture design in a modern, agile setup Gain exposure to secure, cloud-first platforms used by millions of end users Be part of a high-calibre architecture chapter focused on innovation, quality, and performance Access to continuous learning and mentoring initiatives

Job Description: Product Security Engineer Team: Cybersecurity Location: Bangalore, India About Zepto Zepto is revolutionizing e-commerce in India. As the country's fastest-growing quick-commerce company, we deliver groceries and essentials in 10 minutes flat. This speed is not just a promise; it's the result of a complex, high-throughput technology and operations backbone that operates at an unprecedented scale. Our environment is defined by rapid innovation, immense scale, and the challenge of solving complex problems that have never been solved before. We are building the future of commerce, and we need brilliant minds to help us build it securely. About the Team & The Role The Cybersecurity team at Zepto is a core part of the engineering organization. Our mission is to secure our products, platforms, and customers by embedding security into the DNA of everything we build. We aren't just a compliance function or a team that finds vulnerabilities; we are builders and problem-solvers who create foundational security solutions that allow Zepto to scale safely. We are looking for a Product Security Engineer who thinks like an engineer first and a security expert second. This is not a traditional pentesting role. You will not just be breaking things—you will be building the tools, systems, and processes to prevent them from breaking in the first place. You will be a trusted security partner to our product and engineering teams, shaping the future of our architecture and enabling developers to ship secure code at lightning speed. What You’ll Do (Responsibilities) As a Product Security Engineer, you will: Design & Architect: Act as a security subject matter expert for engineering and product teams. Conduct in-depth architecture reviews, threat modeling, and design reviews for new features and services. Automate Everything: Build and implement automated security solutions within our CI/CD pipelines (DevSecOps). You will be responsible for our SAST, DAST, SCA, and secret scanning infrastructure, focusing on reducing noise and providing actionable, high-fidelity alerts to developers. Build Security Tooling: Identify gaps in our security posture and build custom tools and platforms to solve them. Whether it’s a framework for secure service-to-service communication or a platform for managing secrets, you will own the solution from concept to production. Secure Code & Dependencies: Perform deep-dive manual and automated code reviews to identify complex security flaws. Drive our Software Composition Analysis (SCA) and secret management strategies, ensuring best practices are followed across the organization. Lead Security Initiatives: Own and drive large-scale security initiatives across the company, such as implementing a new authentication service, rolling out a web application firewall, or hardening our cloud infrastructure. Share Knowledge & Innovate: Mentor engineers on secure coding practices, write technical blog posts about the novel problems you're solving, present your work at conferences, and contribute back to the open-source community. What We’re Looking For (Qualifications) Engineering Mindset: A strong passion for solving complex problems with code. You are proficient in at least one programming language (e.g., Python, Go, Java, JavaScript) and are comfortable building security focused tools. Deep Security Expertise: A solid understanding of application security (AppSec) fundamentals. You know the OWASP Top 10 like the back of your hand but, more importantly, you understand the underlying vulnerabilities and how to mitigate them at scale. Hands-On Experience: Proven experience in areas like threat modeling, secure code review, and security automation. While you can perform a VAPT, you are more interested in automating the discovery and prevention of those vulnerabilities. DevSecOps Acumen: Experience integrating security tools into CI/CD pipelines and a strong belief in shifting security left. Excellent Communicator: You can clearly articulate complex security risks to both technical and non-technical audiences and can influence engineering teams without direct authority. Ownership & Drive: A proactive and self-driven attitude. You don't wait for tasks; you identify problems and take ownership of the solutions. Why Join Us? Unparalleled Impact: Zepto is growing at an explosive rate. The solutions you build will have a direct and immediate impact on the security of millions of users and will be critical to the company's success. Solve for Scale: The challenges we face are unique. You won't be applying off-the-shelf solutions; you will be building for a scale and speed that few companies can match. Culture of Engineering: We are a tech-first company that values deep technical expertise. You will be surrounded by a world-class team of engineers to learn from and collaborate with. Greenfield Opportunities: Our security function is young and growing. You will have the opportunity to build things from the ground up and shape the future of our security posture. Growth & Learning: We encourage our team to be thought leaders. You'll have the support to write blogs, speak at events, and contribute to open-source projects that elevate both your and Zepto's reputation in the security community. If you are an engineer who is passionate about security and wants to build resilient, scalable systems in a hyper-growth environment, we would love to hear from you.

R&D SECURITY ENGINEER We are currently looking to recruit R&D Security Engineer to be based at Nemetschek India, Hyderabad. WHAT WE DO BEST Nemetschek India Private Limited (formerly MCS Solutions Private Limited) is a global organization and with a legacy of over half a century. It is a public company listed on MDAX and TecDAX (Germany) stock exchanges. The Nemetschek Group is a forerunner of digital transformation in the AEC/O (Architecture, Engineering, Construction & Operations) industry and covers the entire life cycle of construction and infrastructure projects. With intelligent software solutions, we lead our customers into the future of digitalization. By using our solutions customers can plan, build, manage, and operate buildings and infrastructure projects. Responsibilities The R&D Security Engineer Customer Relations acts as part of the Nemetschek Shared Security Service Center and is responsible for validation of as false positives by developers, engineers or IT administrators classified vulnerabilities, which have been identified by Security tools or other input sources like penetration tests. • Check completeness of false positive classification and related documentation. • Check feasibility of documented reason, which explains why the identified vulnerability is a false positive. • Perform deep dive analysis and validation of vulnerabilities, which have been classified as false positives. • Explain your assessment results to developers, engineers or IT administrators. • Work closely with senior engineers and cross-functional teams. • Collaborate with Senior Security Manager. • Potentially other related topics. Qualifications Bachelor’s degree in computer science, Information Security, Engineering, or a related field (or equivalent work experience). At least 2 years of experience in cybersecurity, penetration testing, or ethical hacking, IT security, or a related field. • Development experiences in at least one language Good knowledge about vulnerabilities Basic understanding of networking, system architectures, and common security vulnerabilities (e.g., OWASP Top 10), vulnerability scoring systems and how to report and calculate those. Good collaboration and communications skills Structured working approach

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment & Consulting, Cybersecurity, Data Security Assessment & Consulting. Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies. Prepare detailed reports on findings from simulations and suggest improvements. Facilitate training sessions for internal teams on security awareness and breach response tactics.

JD:- Application Security Lead Education Criteria (Must): B.Sc (IT/CS) / B.Tech in any Engineering background, BCA, MCA & M.Sc. Information Technology, or related field. CEH, CISSP, CISA, CISM, CRISC (If any security related certification) 11-15 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. Lead and manage the AppSec team consisting of L1 and L2 resources. Serve as the primary point of contact between the Client and the team for all project-related activities. Monitor daily operations, ensure resource optimization, and address any issues that arise during the engagement. Application & Security Review - Oversee the review of application security including web, mobile, API, and other banking applications. Perform comprehensive reviews of Network Architecture, Source Code, VAPT reports, and configuration audits. Review deliverables from L1 and L2 resources, ensuring completeness and quality. Compliance and Risk Management Reporting Stakeholder Management Skill-Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, OWASP ZAP, Ethical Hacking, Static/dynamic testing of mobile applications, Vulnerability Mitigation.

💼 Job Title : Technology Lead – Java Full Stack 📍 Locations : Pune / Chennai / Hyderabad / Bangalore ⏰ Shift : General Shift 💰 Budget : ₹25 LPA 🧑‍💻 Experience : 5 to 8 Years 🔧 Role Overview We are looking for a highly skilled Java Full Stack Technology Lead with 5–8 years of hands-on experience in designing, developing, and managing robust enterprise applications. The candidate should have deep expertise in Java (1.8+), Spring Boot, Microservices, Angular (4+), Hibernate , and strong understanding of system architecture, design patterns, and secure coding practices. 🔹 Key Responsibilities Lead end-to-end software development and architecture design Own code reviews and enforce best practices Guide junior developers and collaborate with cross-functional teams Review application design and final user documentation Ensure secure development practices (OWASP, encryption, session handling) Troubleshoot performance and scalability issues Drive adoption of CI/CD, testing frameworks, and code repositories ✅ Mandatory Skills ✅ Java (1.8+) – 5 to 8 years ✅ Spring Boot / Spring MVC / Spring Framework – 5+ years ✅ Hibernate / Spring JPA – 4 to 6 years ✅ Microservices Architecture – 5+ years ✅ Microsoft SQL Server or other RDBMS – 4 to 6 years ✅ JavaScript & jQuery – 4+ years ✅ Angular (4+) & TypeScript – 3 to 5 years ✅ Proficient with JUNIT, ANT, MAVEN, HUDSON, SVN, Git ✅ Solid knowledge of Design Patterns, Distributed Architectures, and Multi-threaded Programming ✅ Security awareness: OWASP top 10, static/dynamic scans, session handling, encryption ✨ Good to Have Knowledge of JBPM Domain expertise in Financial Services / Life Insurance Skills: multi-threaded programming,spring jpa,git,architecture,technology,microsoft sql server,distributed architectures,owasp,java (1.8+),rdbms,junit,hibernate,ant,microservices architecture,spring mvc,java,javascript,spring,spring boot,design patterns,typescript,jquery,hudson,svn,angular (4+),spring framework,maven

💼 Job Title : Technology Lead – Java Full Stack 📍 Locations : Pune / Chennai / Hyderabad / Bangalore ⏰ Shift : General Shift 💰 Budget : ₹25 LPA 🧑‍💻 Experience : 5 to 8 Years 🔧 Role Overview We are looking for a highly skilled Java Full Stack Technology Lead with 5–8 years of hands-on experience in designing, developing, and managing robust enterprise applications. The candidate should have deep expertise in Java (1.8+), Spring Boot, Microservices, Angular (4+), Hibernate , and strong understanding of system architecture, design patterns, and secure coding practices. 🔹 Key Responsibilities Lead end-to-end software development and architecture design Own code reviews and enforce best practices Guide junior developers and collaborate with cross-functional teams Review application design and final user documentation Ensure secure development practices (OWASP, encryption, session handling) Troubleshoot performance and scalability issues Drive adoption of CI/CD, testing frameworks, and code repositories ✅ Mandatory Skills ✅ Java (1.8+) – 5 to 8 years ✅ Spring Boot / Spring MVC / Spring Framework – 5+ years ✅ Hibernate / Spring JPA – 4 to 6 years ✅ Microservices Architecture – 5+ years ✅ Microsoft SQL Server or other RDBMS – 4 to 6 years ✅ JavaScript & jQuery – 4+ years ✅ Angular (4+) & TypeScript – 3 to 5 years ✅ Proficient with JUNIT, ANT, MAVEN, HUDSON, SVN, Git ✅ Solid knowledge of Design Patterns, Distributed Architectures, and Multi-threaded Programming ✅ Security awareness: OWASP top 10, static/dynamic scans, session handling, encryption ✨ Good to Have Knowledge of JBPM Domain expertise in Financial Services / Life Insurance Skills: multi-threaded programming,spring jpa,git,architecture,technology,microsoft sql server,distributed architectures,owasp,java (1.8+),rdbms,junit,hibernate,ant,microservices architecture,spring mvc,java,javascript,spring,spring boot,design patterns,typescript,jquery,hudson,svn,angular (4+),spring framework,maven

Security Analyst/ Pen Tester Join us as a Security Analyst at Dedalus , one of the World’s leading healthcare technology companies, at our team in Chennai, India to do the best work of your career and make a profound impact in providing better care for a healthier planet. What you’ll achieve As a Security Analyst , you will be part of our highly successful team, utilising your skills for Security Vulnerability Analysis/ Penetration Testing where you will test, assess, exploit & report the security vulnerabilities in the software application, infrastructure and provide recommendations for the suitable solution/ remedy. Working with an extended highly skilled team, you will be making a profound impact throughout the healthcare sector. You will: Security Vulnerability Analysis/ Threat Modelling & Risk Assessment Executing static code review using automated SAST tools & False Positive Analysis Performing dynamic testing (DAST) using automated tools like Burp-suite, Invicti/ Nessus Manual Penetration Testing and Ethical Hacking technics to exploit vulnerabilities Prepare assessment & validation report on the vulnerabilities & risks with impact, artifacts, recommended solution/ mitigation and POCs Explain threats & present assessment reports to Developer/ Architect community Take the next step towards your dream career. At Dedalus Life flows through our software. Every day we do something special by helping caregivers and health professionals deliver better care to their served communities. Take the next step in your career that will make a profound impact. Here’s what you’ll need to succeed: Essential Requirements: Minimum four-year experience in security vulnerability analysis and Pen testing (VAPT) on cloud services, web products/ enterprise applications. Ability to execute Appsec tools; Mandatory to know industry standard tools like – Burp-suite, Invicti & Fortify (or any SAST tool), Cloud-Native tools and open-source tools like - Kali, Nmap, Wireshark, Metasploit, ZAP, Echo Mirage. Technical Knowledge on SDLC and implementation essentials of various application types - Desktop, Web, API, Mobile (Hybrid/ Native) & Cloud (AWS, Azure, or GCP). Ability to understand & review Java or .NET (must have), Angular (nice to have) code with respect to security vulnerability. Clear understanding on OWASP, GDPR/ ISO Security standards. Exposure to DevAppSec automation & scripting is preferred. Valid Certification in VAPT/ Ethical Hacking in Mobile /Web /Cloud security is must. Knowledge of AI tools & securing Docker containers like Kubernetes are advantages. Understanding of real world threats & data protection acts are preferred We are Dedalus, come join us Dedalus is committed to providing an engaging, rewarding work experience that reflects the passion our employees bring to our mission of helping clinicians and nurses deliver better care to their served communities. Our company fosters a culture where employees are encouraged to learn and innovate, and to enable and enhance clinical co-operation and processes while making a meaningful difference for millions of people around the world. Each person is the end point and the starting point of the Group’s activities and the ultimate beneficiary. For this reason, we are so proud of doing our very special jobs each day. Our company is enriched by a diverse population of 7,600 people in more than 40 countries that work together to innovate and drive better healthcare options for millions of patients around the world. We are the people of Dedalus. Application Closing date: 18th August 2025 Our Diversity & Inclusion Commitment sets out Dedalus’ approach to ensuring respect, inclusion and success for all our colleagues and the wider communities we operate in. It is imperative for us to share our commitment and dedication to ensure an inclusive and diverse workplace. We recognise that we have improvements to make and on this journey, we must remain authentic and realistic but also ambitious. Our diversity & inclusion commitment – Dedalus Global Life Flows Through Our Software

We are looking for a candidate who is experience in leading and mentoring other developers and oversee and provide technical direction and leadership for a team of Java developers. Java Technical Lead Responsibilities: This is primarily a lead role, helping drive technical initiative forward with teams, given broad guidance and support. Need to have solid foundations in API exposure space. API life-cycle management (API design best practices, discovery, inventory management, governance) API Provider and Consumer journey REST fundamentals. API Security (AuthN, AuthZ, OpenID/OAuth 2.0/POP/PKCE etc) & OWASP OAS fundamentals too - API documentation, Error code's etc GraphQL is a plus. Must be able to write production quality code in Java / Open-Source technologies. Python is good to have, exposure to building sdks is strongly desired. Must have good hands-on experience on Microservices architecture, Kafka/Message Broker, and Event Driven Architecture. Must have good hands-on experience on Database technologies (SQL & NoSQL) and design expertise on database modelling etc Be able to take direction from tech leads and drive across teams (once teams are aligned) with minimal guidance. This is key, to not require too much granular guidance. Doesn't need to have telecom background, need to be able to pick up new concepts quickly Hands on Exposure to API Gateways is a strong plus (not a must-to have requirement) as is prior experience with API exposure to customers. Education Qualification: Bachelor's or master's degree in computer science or related field. 8+ years of Java development experience

Job Description We are looking for an experienced VAPT professionals to join our cybersecurity team. The ideal candidate will have a strong background in identifying, assessing, and mitigating security vulnerabilities in network and application environments through comprehensive penetration testing and vulnerability assessments. About Us ProTechmanize Solutions is an Information Technology product and services company, established by professionals with a cumulative experience of over 20 years in the field of Cyber Security, Information Technology, IT Security & Software Development. ProTechmanize team believes in providing a right set of solutions and services to their customer by tailored programs. Key Responsibilities Conduct regular vulnerability assessments of network infrastructure, applications, and systems to identify security weaknesses. Perform detailed penetration tests to simulate cyberattacks and exploit vulnerabilities, providing a clear understanding of potential risks. Prepare detailed reports of findings, including risk levels and recommended remediation actions, and present these to stakeholders. Work with IT and development teams to address and remediate identified vulnerabilities, ensuring effective implementation of security controls. Utilize and maintain various security tools and platforms (e.g., Nessus, Metasploit, Burp Suite) to conduct assessments and tests. Provide expert advice on improving security posture and implementing best practices for vulnerability management. Stay updated with the latest security trends, threats, and technologies to continuously enhance testing methodologies and tools. Ability to lead the team and provide Expert advice on client calls. Technical Skills And Requirements Bachelor's degree in Computer Science, Information Security, or a related field. 1.5+ to 4 years of hands-on experience in vulnerability assessment and penetration testing. Proficiency in various domains such as Application security OWASP, API security testing, Network security & Mobile app security. Exposure to Secure Code Review using Checkmarx or HP Fortify is preferred. Strong understanding of common attack vectors, vulnerability exploitation techniques, and security testing methodologies (OWASP,). Soft Skills Excellent analytical and problem-solving skills with a meticulous attention to detail. Strong verbal and written communication skills, with the ability to convey complex security issues to non-technical stakeholders. Ability to work collaboratively with cross-functional teams in a fast-paced environment Note : Only candidates with the required experience should apply. This position requires hands-on experience in VAPT. (ref:hirist.tech)

Hands-on experience with testing frameworks in line with Web App, Mobile, Web Services/APIs, Network & blockchain. Experience in both commercial and open source tools likeBurp Professional, Nmap, Kali, Metasploit, etc. Experience with Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. Experience in preparing a security threat model and associated test plans. Experience in translating the complex security threats to simpler procedures for web application developers, systems administrators, and management to understand security testing results. In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) is preferred. Knowledge of current information security threats Primary Skills Web App, Mobile, Web Services/APIs, Network & blockchain. Burp Professional, Nmap, Kali, Metasploit, etc. Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. Security threat model and associated test plans. Java, Scala, C#, Ruby, Perl, Python, PowerShell.

Conduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabilities. Stay Updated: Keeping abreast of the latest security threats, vulnerabilities, and industry best practices. Test Various Application Types: Performing security assessments on web applications, mobile applications, APIs (REST, SOAP, XML, JSON), and potentially cloud-based services. Understand Security Standards and Frameworks: Familiarity with OWASP, NIST, ISO 27001, PCI DSS, and other relevant standards is crucial. Use Security Testing Tools: Proficiency in tools like Burp Suite, OWASP ZAP, Nmap, Nessus, AppScan, Acunetix, Veracode, CheckMarx, etc. Responsibilities: The responsibilities cover the full range of testing work, from websites, mobile apps, and infrastructure testing to social engineering. In this role, the candidate is expected to: test software and hosted platforms, to identify vulnerabilities Carry out penetration testing of web applications, mobile applications, and internal infrastructure analyze code to assess its level of security and to find specific vulnerabilities Manage the security testing process perform complex simulated attacks on networks or systems Stay updated with the latest threats/vulnerabilities produce written technical reports along with an executive summary to a professional standard Research potential vulnerabilities formally brief clients and colleagues Understanding the role of AIML in cybersecurity Qualification: Minimum 3 to 5 years hands-on experience in SAST, DAST, VAPT Certifications like CEH, CompTIA Security+, and OSCP will be considered and added advantages. Familiarity with SAST, DAST, and IAST tools Understanding of Red/Blue teaming and threat hunting