3171 Owasp Jobs - Page 4

We are seeking a passionate and proactive Security Engineer to join our team. You will play a critical role in ensuring the security of our infrastructure, applications, and overall environment. Responsibilities Be responsible for managing security across smallcase. Regularly check and test our applications and systems for security issues. Develop tools and practices to safeguard our applications. Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines. Track and address vulnerabilities, providing clear instructions for fixing issues. Assist in investigating, analyzing, and responding to security incidents related to applications. Requirements Have at least 2 years of proven experience as a Security Engineer or similar role. Have practical knowledge of web application security, secure coding, threat assessment, and incident management. Understand cloud systems and how to keep them secure. Are comfortable using programming languages like JavaScript, Python, or GO and familiar with security tools (e. g., Burp Suite, OWASP ZAP) and encryption techniques. This job was posted by Thirunarayan Sharma from smallcase.

Responsibilities Analyze, design, and develop user stories and modules as per specifications. Write clean, secure, and maintainable code adhering to best practices and coding standards. Perform peer code reviews and unit testing. Collaborate with QA and support teams to troubleshoot and fix bugs. Ensure application security, performance, and scalability. Requirements Strong in Core Java, OOP concepts, and Server-side scripting. Experience with Spring, Spring Boot, Struts, and Hibernate. Proficient in building and consuming REST APIs, managing Master URLs and Endpoints. Experience with JDBC, writing optimized SQL queries, and working with RDBMS. Knowledge of App Security standards, including OWASP vulnerabilities, XSS, and flooding prevention. Experience with encryption, encoding, hashing techniques, and secure file uploads. Hands-on with Schedulers (e. g., Quartz). Experience in front-end technologies: Angular, HTML5 CSS3 Bootstrap, jQuery, and JSON. Exposure to reporting tools(e. g., JasperReports, BIRT). This job was posted by Pavan Kolipaka from Bharuwa Solutions.

Requirements Node.js Mastery. Deep understanding of event loop, async patterns (Promises, async/await). Experience with frameworks like Express, NestJS, Fastify. Writing scalable APIs (REST), middleware, and modular code. SQL/Postgres - schema design, complex joins, indexing, query optimization. Knowledge of transactions, isolation levels, and migrations. Basic familiarity with ORMs (Sequelize/TypeORM/Prisma) and raw queries. Ability to design backend systems. Good understanding of API versioning, caching strategies (Redis). Frontend (Average Skill Expected). Comfortable with React (or Nuxt/Vue) for building and maintaining UIs. Basic understanding of state management (Redux, Vuex, Pinia). Familiarity with component-based architecture and UI libraries (Material UI, Tailwind). Can debug UI issues, but not expected to be a design/UX expert. Other Expectations Code Quality - Writing unit tests (Jest/Mocha), code reviews, and maintaining clean architecture. Problem-Solving - Strong data structures and algorithmic skills (not as intense as SD3/Architect). Collaboration - Able to mentor juniors, break down tasks, and work closely with product and QA. Performance & amp; Security - Understands security best practices (OWASP) and performance profiling. This job was posted by Poonam J Singh from Knowmax.

Company Overview: Leading with our core values of Quality, Integrity, and Opportunity, MedInsight is one of the healthcare industry’s most trusted solutions for healthcare intelligence. Our company purpose is to empower easy, data-driven decision-making on important healthcare questions. Through our products, education, and services, MedInsight is making an impact on healthcare by helping to drive better outcomes for patients while reducing waste. Over 300 leading healthcare organizations have come to rely on MedInsight analytic solutions for healthcare cost and care management. MedInsight has been ranked #1 for Payer Quality Analytics by clients for the last three years in the Best in KLAS report. MedInsight is a subsidiary of Milliman; a global, employee-owned consultancy providing actuarial consulting, retirement funding and healthcare financing, enterprise risk management and regulatory compliance, data analytics and business transformation as well as a range of other consulting and technology solutions. Position Summary: As a Penetration Tester, you will play a vital role in safeguarding our information systems by proactively identifying and mitigating security vulnerabilities. Working under the guidance of senior security professionals, you will assess the effectiveness of our cybersecurity infrastructure through simulated attacks and vulnerability assessments. This role offers the opportunity to build hands-on experience while contributing to the design and implementation of secure systems and processes. Key Responsibilities: Conduct penetration tests on networks, web and mobile applications, APIs, and cloud environments to identify security vulnerabilities and risks. Support security architects in assessing potential weaknesses in system designs and contribute to defining secure architecture and infrastructure requirements. Identify and exploit vulnerabilities in applications and infrastructure to simulate real-world cyber threats. Facilitate and coordinate vulnerability assessments and scans, review assessment results, and oversee remediation activities for network and infrastructure devices. Document and communicate findings clearly, translating technical risk into business risk for non-technical stakeholders. Participate in educating users and new employees on security best practices, policies, and procedures. Research and stay current on emerging cybersecurity threats, attack methods, and industry best practices. Recommend improvements to enhance system security and align with internal standards and regulatory requirements. Ensure testing activities and remediation efforts align with compliance standards and privacy laws (e.g., OWASP, NIST, ISO 27001). Collaborate with senior team members to provide technical guidance and support for security initiatives. May assist in reviewing third-party security controls, especially for cloud services. Qualifications: Minimum 4 years of experience in Application Security and Penetration Testing across networks, web/mobile apps, APIs, and cloud environments to identify vulnerabilities and risks. Familiarity with penetration testing methodologies, tools (e.g., Burp Suite, Nmap, Metasploit), and scripting languages (e.g., Python, Bash, PowerShell). Basic understanding of networking protocols, web technologies, and operating systems. Exposure to cybersecurity frameworks such as OWASP Top 10, NIST, or CIS Controls. Strong problem-solving skills, attention to detail, and ability to work as part of a team. Willingness to learn and grow within a structured, closely supervised environment. Preferred Experience: Experience related to ethical hacking or vulnerability assessments. One (or more) relevant certifications, or ability to pass exam: GPEN, GWAPT, OSCP CTF experience (HackTheBox, VulnHub, OverTheWire, etc) Educational Requirements Bachelor’s degree in computer science, Information Security, or related field or equivalent work experience. What makes this a great opportunity? Join an innovative, high growth company with a solid industry track record Bring your expertise and ideas to directly impact and help build the next generation of MedInsight products and solutions Enjoy significant visibility in your work and be recognized for your wins Work for a company that values your wellbeing and professional growth, offering a flexible work environment, generous benefits package, and investment in the development of your career Milliman Benefits: We offer competitive benefits which include the following based on plan eligibility: Supportive work culture focused on continuous learning, growth, and team collaboration Exposure to international teams and projects for broader professional experience Flexible working hours with hybrid/remote options to support work-life balance Annual health check-ups and employee wellness programs for a healthier lifestyle Employee Assistance Program (EAP) offering confidential mental health support Paid time off including vacation, sick leave, and recognized public holidays

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute to achieving the teams goal. Responsibilities Direct Responsibilities Strong expertise in application security concepts and activities like Source Code Review (SAST) & Dynamic application vulnerability scanning (DAST). Good understanding of Information Security concepts and strategies. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like Apisan, WebInspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Experience in Process Improvement, Controls Enhancement and Reporting. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Providing independent expert advice to the IT areas on application & data risk issues. Engaging with organization wide risk and control groups, including internal audit and territory control teams. Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulate appropriate remediation strategies based on a full understanding of business exposure and compensating controls. Contributing Responsibilities Monitoring and oversight of existing IT risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate. Managing relationships with Business and IT teams, chairing periodic meetings and being a point of contact for escalating to wider team members. Assistance with drafting of risk acceptance statements and coordinating sign-off from business and IT stakeholders. SPOC for security architecture meetings. Technical & Behavioral Competencies Excellent Interpersonal and presentation skills Strong in verbal and written communication Ability to liaise with cross-functional stakeholders globally Clear understanding of application and data security Must be flexible, independent, self-motivated Good analytical skills. Specific Qualifications (if required) CEH, SSCP, OSCP certified. Technical Graduate (Computer Science) Preferable.

Knowledge of scripting languages (Perl, Python, HTML, Java, Shell). Hands-on experience in dynamic analysis, container testing, fuzzing, OWASP top 10 and vulnerability scanning if have any certificate ( CEH, ethical hacking

Summary : As a Senior Product Security Engineer, you will join our team of talented professionals dedicated to embedding continuous and seamless security into our engineering processes. You will contribute to the development and implementation of our Secure Software Development Lifecycle (S-SDLC), working across multiple technical teams to enhance our security posture. About the role : Promote secure-by-design architectures and implementations across all phases of our S-SDLC. Define product security standards, best practices, and processes with built-in governance and metrics. Develop new security capabilities, patterns and automation to integrate security throughout our development practices. Lead threat modeling sessions and secure code reviews (including of AI-based systems and products). Collaborate with cross-functional teams, including software engineering, platform engineering, QA, and operations. Accelerate security remediation through data analysis and support for product engineering teams. This central role will allow you to have maximum impact ensuring our products and applications meet the highest security standards to protect our customers. About you : Bachelor's degree in computer science or equivalent education experience. 7+ years of hands-on experience in software engineering or application security. Experience conducting security-focused threat modeling and code reviews across multiple technology stacks and programming languages. Experience with security tools (SAST, SCA, DAST, fuzzers a plus) and analyzing their findings. Proven analytical skills with ability to develop innovative solutions to complex security challenges. Both defensive and offensive mindset. Strong understanding of security principles (cryptography, authentication, authorization, etc.) and common vulnerabilities applicable to applications (web, desktop or mobile), APIs and cloud environments. Ability to identify, analyze, and mitigate common security vulnerabilities at both design and implementation levels. Knowledge of software engineering principles with experience designing and implementing secure systems, aligned with secure by design and secure by default principles Proficiency in writing code, tests, deployment logic, and API integrations. Any language welcomed. Python, GoLang, Java preferred. Excellent written and verbal communication skills with ability to articulate complex security concepts to diverse and cross-functional audiences. Preferred Qualifications Experience with a major cloud provider (AWS, Azure, Oracle Cloud or GCP). Experience with Infrastructure as Code (e.g., CDK, Terraform, ). Experience securing or developing systems using Large Language Models, RAG, and AI Agents. Experience with common authentication and authorization standards (SAML and OAuth). Experience with containerized application and container orchestration (Kubernetes, ECS, ). Knowledge of industry security frameworks and maturity models such as OWASP Application Security Verification Standard, CIS Benchmarks, NIST Cybersecurity Framework, OWASP SAMM or BSIMM. Relevant security certifications (e.g., OSCP, OSWE). Experience contributing to open-source security projects. Experience in security research, presenting at conferences, or publishing articles. #LI-SP1 Whats in it For You Hybrid Work Model Weve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected. Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, empowering employees to achieve a better work-life balance. Career Development and Growth: By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrows challenges and deliver real-world solutions. Our Grow My Way programming and skills-first approach ensures you have the tools and knowledge to grow, lead, and thrive in an AI-enabled future. Industry Competitive Benefits We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing. Culture: Globally recognized, award-winning reputation for inclusion and belonging, flexibility, work-life balance, and more. We live by our valuesObsess over our Customers, Compete to Win, Challenge (Y)our Thinking, Act Fast / Learn Fast, and Stronger Together. Social Impact Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and Environmental, Social, and Governance (ESG) initiatives. Making a Real-World Impact: We are one of the few companies globally that helps its customers pursue justice, truth, and transparency. Together, with the professionals and institutions we serve, we help uphold the rule of law, turn the wheels of commerce, catch bad actors, report the facts, and provide trusted, unbiased information to people all over the world. Thomson Reuters informs the way forward by bringing together the trusted content and technology that people and organizations need to make the right decisions. We serve professionals across legal, tax, accounting, compliance, government, and media. Our products combine highly specialized software and insights to empower professionals with the data, intelligence, and solutions needed to make informed decisions, and to help institutions in their pursuit of justice, truth, and transparency. Reuters, part of Thomson Reuters, is a world leading provider of trusted journalism and news. We are powered by the talents of 26,000 employees across more than 70 countries, where everyone has a chance to contribute and grow professionally in flexible work environments. At a time when objectivity, accuracy, fairness, and transparency are under attack, we consider it our duty to pursue them. Sound excitingJoin us and help shape the industries that move society forward. As a global business, we rely on the unique backgrounds, perspectives, and experiences of all employees to deliver on our business goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under applicable law. Thomson Reuters is proud to be an Equal Employment Opportunity Employer providing a drug-free workplace. We also make reasonable accommodations for qualified individuals with disabilities and for sincerely held religious beliefs in accordance with applicable law. More information on requesting an accommodation here. Learn more on how to protect yourself from fraudulent job postings here. More information about Thomson Reuters can be found on thomsonreuters.com.

About the role Whilst specific responsibilities will be dependent upon the changing needs of the Tesco business, the following provides an overview of the role’s key responsibilities and measures: Build Responsive UI screens according to the requirements/mockups defined by the Product Managers Integration of user-facing elements with server-side logic / REST API’s Ability to independently design and execute the layout of the website and individual screens. Ensure that the website is optimized for various form factors / devices. Participate in Peer Code reviews and contribute to the overall aim of a clean code. Integrate analytics for every critical user paths and constantly evaluate the end-user engagement. Take a defined problem and come up with the design / implementation with minimal guidance Have good domain knowledge and deliver with more autonomy Continuously Learn and apply technologies, techniques and methodologies that add value to the team and the overall portfolio. Fully participate in retrospectives and other team ceremonies The role expects high standard of engineering excellence with practical experience in building and maintaining internet-scale applications and services. Nurture highly effective relationships with internal business partners such as product management, technical teams, systems operations, and service and support. Comfortable working in an Agile environment Acquiring a level of design and business understanding to not compromise on business goals and design intents Willingness and ability to take up and respond to production incidents at priority and support it based on the need which will have appropriate incentives. Required Technical Skills · In depth knowledge of Javascript, css, html Deep expertise in building single page applications using JavaScript frameworks especially with React JS / RsPack . Knowledge of Micro Frontend architecture is a plus. Familiarity with TypeScript and its integration with React. Versatile with various state management techniques especially Redux . Design and implementation of low-latency, high-availability, and performant applications Experience with cross-browser, cross-platform and design constraints on the web. Experience with test automation: TDD, unit/e2e/integration/functional testing using the frameworks like ViTest / Playwright . Solid understanding of object-oriented design and programming concepts. Have a passion for quality and writing clean, solid, readable code that scales and performs well. Proficient in Git and familiarity with continuous integration. Implementation of security and data protection with basic understanding of the top 10 OWASP security vulnerabilities in web development Exceptional debugging ability and good understanding of the developer tools like Postman, Fiddler, Browser Developer Tools. Experience with front-end monitoring tools like New Relic Experience in tracking end user journeys with User Analytics tooling like Google Analytics or Adobe analytics Behavioral Elements · Flexibility, ability to plan and organise, responsiveness, creativity, self-starter · Able to build solid working relationships with peers and work across teams You will be responsible for · In depth knowledge of Javascript, css, html Deep expertise in building single page applications using JavaScript frameworks especially with React JS / RsPack . Knowledge of Micro Frontend architecture is a plus. Familiarity with TypeScript and its integration with React. Versatile with various state management techniques especially Redux . Design and implementation of low-latency, high-availability, and performant applications Experience with cross-browser, cross-platform and design constraints on the web. Experience with test automation: TDD, unit/e2e/integration/functional testing using the frameworks like ViTest / Playwright . Solid understanding of object-oriented design and programming concepts. Have a passion for quality and writing clean, solid, readable code that scales and performs well. Proficient in Git and familiarity with continuous integration. Implementation of security and data protection with basic understanding of the top 10 OWASP security vulnerabilities in web development Exceptional debugging ability and good understanding of the developer tools like Postman, Fiddler, Browser Developer Tools. Experience with front-end monitoring tools like New Relic Experience in tracking end user journeys with User Analytics tooling like Google Analytics or Adobe analytics You will need Refer about the role Whats in it for you? At Tesco, we are committed to providing the best for you. As a result, our colleagues enjoy a unique, differentiated, market- competitive reward package, based on the current industry practices, for all the work they put into serving our customers, communities and planet a little better every day. Our Tesco Rewards framework consists of pillars - Fixed Pay, Incentives, and Benefits. Total Rewards offered at Tesco is determined by four principles -simple, fair, competitive, and sustainable. Salary - Your fixed pay is the guaranteed pay as per your contract of employment. Leave & Time-off - Colleagues are entitled to 30 days of leave (18 days of Earned Leave, 12 days of Casual/Sick Leave) and 10 national and festival holidays, as per the company’s policy. Making Retirement Tension-FreeSalary - In addition to Statutory retirement beneets, Tesco enables colleagues to participate in voluntary programmes like NPS and VPF. Health is Wealth - Tesco promotes programmes that support a culture of health and wellness including insurance for colleagues and their family. Our medical insurance provides coverage for dependents including parents or in-laws. Mental Wellbeing - We offer mental health support through self-help tools, community groups, ally networks, face-to-face counselling, and more for both colleagues and dependents. Financial Wellbeing - Through our financial literacy partner, we offer one-to-one financial coaching at discounted rates, as well as salary advances on earned wages upon request. Save As You Earn (SAYE) - Our SAYE programme allows colleagues to transition from being employees to Tesco shareholders through a structured 3-year savings plan. Physical Wellbeing - Our green campus promotes physical wellbeing with facilities that include a cricket pitch, football field, badminton and volleyball courts, along with indoor games, encouraging a healthier lifestyle. About Us Tesco in Bengaluru is a multi-disciplinary team serving our customers, communities, and planet a little better every day across markets. Our goal is to create a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility through technological solutions, and empowering our colleagues to do even more for our customers. With cross-functional expertise, a wide network of teams, and strong governance, we reduce complexity, thereby offering high-quality services for our customers. Tesco in Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 3,30,000 colleagues Tesco Technology Today, our Technology team consists of over 5,000 experts spread across the UK, Poland, Hungary, the Czech Republic, and India. In India, our Technology division includes teams dedicated to Engineering, Product, Programme, Service Desk and Operations, Systems Engineering, Security & Capability, Data Science, and other roles. At Tesco, our retail platform comprises a wide array of capabilities, value propositions, and products, essential for crafting exceptional retail experiences for our customers and colleagues across all channels and markets. This platform encompasses all aspects of our operations - from identifying and authenticating customers, managing products, pricing, promoting, enabling customers to discover products, facilitating payment, and ensuring delivery. By developing a comprehensive Retail Platform, we ensure that as customer touchpoints and devices evolve, we can consistently deliver seamless experiences. This adaptability allows us to respond flexibly without the need to overhaul our technology, thanks to the creation of capabilities we have built.

Summary Position Summary Job title: DevSecOps - Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte's DevSecOps team is responsible for a transformational shift which incorporates secure culture, practices, and tools to drive visibility, collaboration, and agility of security, into each phase of the DevOps pipeline. The team collaborates closely with development, operations, quality assurance, and security stakeholders to deliver secure, scalable, and high-quality solutions at speed. Work you’ll do Roles & Responsibilities: As a Consultant, you are responsible for performing following activities as a DevSecOps professional: Understand and be compliant with the Service Level Agreements defined for the DevSecOps services; Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations; Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service; Perform manual and automated security assessment of the applications; Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets; Be a liaison between the Application development and infrastructure team, and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying, researching and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and Performing active monitoring and tracking of application related threat actors and tactics, techniques and procedures (TTPs), that could likely cause an impact to client organization Required Skills Minimum of 3-5 years’ experience in application security development, security testing, deployment and security management phases; Deep interest in application specific vulnerabilities, code development and infrastructure knowledge; Investigative and analytical problem-solving skills; Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.) Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles; Hands-on experience in performing code review of dot Net, Java and Swift and objective C code; Hands-on experience in running, installing and managing SAST, DAST , SCA and IAST solutions, such as Checkmarx, Fortify and Contrast in large enterprise Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk; Hands-on experience on at least one CI/CD tool set and building pipelines using Team city, Bamboo, Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; Hands on experience on container technology such as Kubernetes, Dockers, AKS, EKS. Knowledge of cloud environments and deployment solutions such as server less computing; Hands on experience in penetration testing of mobile, desktop and web applications; Must have experience in writing custom exploitation scripts and utilities; Possession of excellent oral and written communication skill; Knowledge of one or more scripting languages for automation and complex searches; Must have cloud security specialization in Security; and Certification such as EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc. are preferred. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. Experience in cloud service providers such as AWS, GCP, Azure, Oracle are preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case). Understanding of security essentials including; networking concepts, defense strategies, and current security technologies Experience with securing IaC templates (e.g., Terraform, CloudFormation) and integrating IaC scanning tools into pipelines to detect misconfigurations and vulnerabilities early in the provisioning process Familiarity with container security best practices, including image scanning, runtime protection, and orchestration security (e.g., Docker, Kubernetes) Ability to conduct threat modeling exercises to identify and mitigate potential risks in application and infrastructure design. Ability to research and characterize security threats to include identification and classification of application related threat indicators Good to have: Hands-on experience with industry-standard DevOps tools for automation, configuration management, and orchestration (e.g., Jenkins, GitLab CI/CD, Bamboo, CircleCI, Ansible, Terraform, Chef, Puppet) Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation and pipeline customization. Practical knowledge of cloud-native CI/CD services and deployment automation (e.g., AWS CodePipeline, Azure DevOps, Google Cloud Build). Ability to design and manage cloud-based deployment pipelines, leveraging Infrastructure as Code (IaC) tools (e.g., AWS CloudFormation, Azure Resource Manager, Google Deployment Manager) Experience tuning security tools and pipelines to reduce noise and improve actionable findings. Ability to collaborate with development and security teams to investigate, triage, and resolve false positives efficiently. How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 306773

Summary Position Summary Job title: API Security – Senior Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte’s API Security is aligned with the industry preferred practices and leverages security framework to address the API security challenges in a comprehensive manner. This process enables the client to address key vulnerabilities and risks associated with APIs at different stages of their development lifecycle. Deloitte plays a crucial role in identifying and remediating vulnerabilities in APIs accessible from within an organization, exposed to the internet, or in the client’s API infrastructure that may potentially become a threat to an organization. Work you’ll do Roles & Responsibilities: As a Senior Consultant in the API Security domain, you are responsible for adhering to the defined operating procedures and guidelines in the API security services, which includes the following: Support and consult with development and engineering teams in the areas of API security to discover and inventory all APIs and their exposed data across environments. Integrate automated security testing (e.g., SAST, DAST, API-specific scanners) into CI/CD pipelines.Provide remediation guidance and support to development teams for identified vulnerabilities. Implement and enforce security guardrails for API development, including authentication, authorization, and data protection. Collaborate with DevOps, cloud, and security teams to ensure consistent delivery of secure APIs and microservices. Stay current with emerging API security threats, tools, and best practices. Monitor API traffic for anomalous behavior and potential threats. Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection) Experience working with AWS or other cloud environments (development/architecture) Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20) Perform security risk assessments for all proposed application-related (APIs) changes. Required Skills 5+ years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go Experience with tools like OWASP ZAP, Veracode, Postman, etc. 3+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration) Experience with API security tools like Noname, Salt, Neosec, etc. Experience with API Management solutions like Mulesoft, Apigee, etc. Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography. Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus Strong understanding of authentication (OAuth2, JWT), authorization, and encryption for APIs. Familiarity with cloud-native environments, containers, and microservices architectures. Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods. Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. Experience with application monitoring, Managed Services business primarily on DevOps, Threat and Vulnerability Management for Application infrastructure, source code verification, link analysis, and threat modeling. Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case), OOAD notations, emerging threats, attacks, and vulnerability management. Experience with automated monitoring, alerting, and incident response for APIs. Knowledge of regulatory and compliance requirements relevant to API security. Ability to research and characterize security threats to include identification and classification of application related threat indicators. Certification such as SANS Secure Coding, Security Engineering, Web Application Security, ISC2 CSSLP, OSCP etc. are preferred. Good to have: Experience with integrating and operating SAST tools to identify code-level vulnerabilities early in the development lifecycle. Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs. Proficiency in using SCA tools to detect and manage risks from third-party and open-source components, CI/CD integration Hands-on experience embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301332

Summary Position Summary Job title: API Security – Senior Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte’s API Security is aligned with the industry preferred practices and leverages security framework to address the API security challenges in a comprehensive manner. This process enables the client to address key vulnerabilities and risks associated with APIs at different stages of their development lifecycle. Deloitte plays a crucial role in identifying and remediating vulnerabilities in APIs accessible from within an organization, exposed to the internet, or in the client’s API infrastructure that may potentially become a threat to an organization. Work you’ll do Roles & Responsibilities: As a Senior Consultant in the API Security domain, you are responsible for adhering to the defined operating procedures and guidelines in the API security services, which includes the following: Support and consult with development and engineering teams in the areas of API security to discover and inventory all APIs and their exposed data across environments. Integrate automated security testing (e.g., SAST, DAST, API-specific scanners) into CI/CD pipelines.Provide remediation guidance and support to development teams for identified vulnerabilities. Implement and enforce security guardrails for API development, including authentication, authorization, and data protection. Collaborate with DevOps, cloud, and security teams to ensure consistent delivery of secure APIs and microservices. Stay current with emerging API security threats, tools, and best practices. Monitor API traffic for anomalous behavior and potential threats. Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection) Experience working with AWS or other cloud environments (development/architecture) Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20) Perform security risk assessments for all proposed application-related (APIs) changes. Required Skills 5+ years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go Experience with tools like OWASP ZAP, Veracode, Postman, etc. 3+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration) Experience with API security tools like Noname, Salt, Neosec, etc. Experience with API Management solutions like Mulesoft, Apigee, etc. Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography. Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus Strong understanding of authentication (OAuth2, JWT), authorization, and encryption for APIs. Familiarity with cloud-native environments, containers, and microservices architectures. Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods. Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. Experience with application monitoring, Managed Services business primarily on DevOps, Threat and Vulnerability Management for Application infrastructure, source code verification, link analysis, and threat modeling. Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case), OOAD notations, emerging threats, attacks, and vulnerability management. Experience with automated monitoring, alerting, and incident response for APIs. Knowledge of regulatory and compliance requirements relevant to API security. Ability to research and characterize security threats to include identification and classification of application related threat indicators. Certification such as SANS Secure Coding, Security Engineering, Web Application Security, ISC2 CSSLP, OSCP etc. are preferred. Good to have: Experience with integrating and operating SAST tools to identify code-level vulnerabilities early in the development lifecycle. Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs. Proficiency in using SCA tools to detect and manage risks from third-party and open-source components, CI/CD integration Hands-on experience embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301329

Summary Position Summary Job title: DevSecOps - Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte's DevSecOps team is responsible for a transformational shift which incorporates secure culture, practices, and tools to drive visibility, collaboration, and agility of security, into each phase of the DevOps pipeline. The team collaborates closely with development, operations, quality assurance, and security stakeholders to deliver secure, scalable, and high-quality solutions at speed. Work you’ll do Roles & Responsibilities: As a Consultant, you are responsible for performing following activities as a DevSecOps professional: Understand and be compliant with the Service Level Agreements defined for the DevSecOps services; Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations; Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service; Perform manual and automated security assessment of the applications; Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets; Be a liaison between the Application development and infrastructure team, and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying, researching and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and Performing active monitoring and tracking of application related threat actors and tactics, techniques and procedures (TTPs), that could likely cause an impact to client organization Required Skills Minimum of 3-5 years’ experience in application security development, security testing, deployment and security management phases; Deep interest in application specific vulnerabilities, code development and infrastructure knowledge; Investigative and analytical problem-solving skills; Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.) Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles; Hands-on experience in performing code review of dot Net, Java and Swift and objective C code; Hands-on experience in running, installing and managing SAST, DAST , SCA and IAST solutions, such as Checkmarx, Fortify and Contrast in large enterprise Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk; Hands-on experience on at least one CI/CD tool set and building pipelines using Team city, Bamboo, Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; Hands on experience on container technology such as Kubernetes, Dockers, AKS, EKS. Knowledge of cloud environments and deployment solutions such as server less computing; Hands on experience in penetration testing of mobile, desktop and web applications; Must have experience in writing custom exploitation scripts and utilities; Possession of excellent oral and written communication skill; Knowledge of one or more scripting languages for automation and complex searches; Must have cloud security specialization in Security; and Certification such as EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc. are preferred. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. Experience in cloud service providers such as AWS, GCP, Azure, Oracle are preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case). Understanding of security essentials including; networking concepts, defense strategies, and current security technologies Experience with securing IaC templates (e.g., Terraform, CloudFormation) and integrating IaC scanning tools into pipelines to detect misconfigurations and vulnerabilities early in the provisioning process Familiarity with container security best practices, including image scanning, runtime protection, and orchestration security (e.g., Docker, Kubernetes) Ability to conduct threat modeling exercises to identify and mitigate potential risks in application and infrastructure design. Ability to research and characterize security threats to include identification and classification of application related threat indicators Good to have: Hands-on experience with industry-standard DevOps tools for automation, configuration management, and orchestration (e.g., Jenkins, GitLab CI/CD, Bamboo, CircleCI, Ansible, Terraform, Chef, Puppet) Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation and pipeline customization. Practical knowledge of cloud-native CI/CD services and deployment automation (e.g., AWS CodePipeline, Azure DevOps, Google Cloud Build). Ability to design and manage cloud-based deployment pipelines, leveraging Infrastructure as Code (IaC) tools (e.g., AWS CloudFormation, Azure Resource Manager, Google Deployment Manager) Experience tuning security tools and pipelines to reduce noise and improve actionable findings. Ability to collaborate with development and security teams to investigate, triage, and resolve false positives efficiently. How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 306774

Summary Position Summary Job title: DevSecOps - Manager About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte’s DevSecOps CI/CD Security Transformation and Secure Software Development Lifecycle engagement archetypes provide frameworks, templates, and leading practices for integrating security into software delivery pipelines. These resources include step-by-step workflows, staffing guidance, and project management tools to support DevSecOps roles and responsibilities The cyber risk services—Identity & access management (IAM) practice helps organizations in designing, developing, and implementing industry-leading IAM solutions to protect their information and confidential data, as well as help them build their businesses and supporting technologies to be more secure, vigilant, and resilient. The IAM team delivers service to clients through following key areas: User provisioning Access certification Access management and federation Entitlements management Work you’ll do Roles & Responsibilities: As a DevSecOps Manager, your core responsibility will be leading the implementation and ongoing management of DevSecOps practices across client's cloud and on-premises environments, which includes the following: Conduct interviews and assessments to understand client requirements, current state and DevSecOps practice maturity. Define strategy and take responsibility in driving adoption of security automation, continuous integration/continuous delivery (CI/CD), and compliance within the software development lifecycle of client's environment. Understand and be compliant with the Service Level Agreements defined for the DevSecOps services Oversee the development and integration of security tools and automation for services such as threat modeling, security architecture reviews, secure development practices, code analysis, vulnerability scanning, API security, configuration management etc. Manage and mentor DevSecOps team and client's cross-functional teams, setting goals and tracking performance. Report on DevSecOps metrics, security posture, and process improvements to leadership and client stakeholders. Stay current with emerging DevSecOps tools, security threats, and regulatory requirements. Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the services provided to client. Required Skills 9+ years of experience in application security development, security testing, integrating security tools, deployment and security management phases, with atleast 2+ years of leading the Devsecops projects. Strong understanding of security frameworks (e.g., NIST 800-53, PCI DSS,, ISO 27001, CIS Controls) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) Investigative and analytical problem-solving skills along with excellent communication, project management, and stakeholder engagement skills. Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.) Understanding of solution designs and technical architectures to identify potential security risks and recommend mitigation strategies. Exposure to threat modeling exercise, zero trust architecture principles and secure by design practice. Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles; Hands-on experience in performing secure code reviews and penetration testing Hands-on experience in running, installing and managing SAST, DAST , SCA and IAST solutions, such as Checkmarx, Fortify and Contrast in large enterprise Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk; Strong knowledge of CI/CD tools and hands on experience on at least one CI/CD tool set and building pipelines (including in cloud) using Team city, Bamboo, Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; Hands on experience on container technology such as Kubernetes, Dockers, AKS, EKS. Knowledge of cloud environments and deployment solutions such as server less computing; Must have cloud security specialization in Security; and Certification such as EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc. are preferred. Qualification Bachelor's degree or higher in Computer Science, IT or equivalent experience. Experience in cloud service providers such as AWS, GCP, Azure, Oracle and multi-cloud DevSecOps implementations. Background in Agile or Scrum methodologies. Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case). Understanding of security essentials including; networking concepts, defense strategies, and current security technologies Experience with securing IaC templates (e.g., Terraform, CloudFormation) and integrating IaC scanning tools into pipelines to detect misconfigurations and vulnerabilities early in the provisioning process Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. Familiarity with container security best practices, including image scanning, runtime protection, and orchestration security (e.g., Docker, Kubernetes). Experience with secrets management tools (e.g., HashiCorp Vault, AWS Secrets Manager). Ability to research and characterize security threats to include identification and classification of application related threat indicators. Good to have: Skills in scripting languages (e.g., Groovy for Jenkins, Bash, Python) to customize pipeline steps and automate repetitive tasks. How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2023. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 306776

Summary Position Summary Job title: API Security – Senior Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte’s API Security is aligned with the industry preferred practices and leverages security framework to address the API security challenges in a comprehensive manner. This process enables the client to address key vulnerabilities and risks associated with APIs at different stages of their development lifecycle. Deloitte plays a crucial role in identifying and remediating vulnerabilities in APIs accessible from within an organization, exposed to the internet, or in the client’s API infrastructure that may potentially become a threat to an organization. Work you’ll do Roles & Responsibilities: As a Senior Consultant in the API Security domain, you are responsible for adhering to the defined operating procedures and guidelines in the API security services, which includes the following: Support and consult with development and engineering teams in the areas of API security to discover and inventory all APIs and their exposed data across environments. Integrate automated security testing (e.g., SAST, DAST, API-specific scanners) into CI/CD pipelines.Provide remediation guidance and support to development teams for identified vulnerabilities. Implement and enforce security guardrails for API development, including authentication, authorization, and data protection. Collaborate with DevOps, cloud, and security teams to ensure consistent delivery of secure APIs and microservices. Stay current with emerging API security threats, tools, and best practices. Monitor API traffic for anomalous behavior and potential threats. Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection) Experience working with AWS or other cloud environments (development/architecture) Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20) Perform security risk assessments for all proposed application-related (APIs) changes. Required Skills 5+ years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go Experience with tools like OWASP ZAP, Veracode, Postman, etc. 3+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration) Experience with API security tools like Noname, Salt, Neosec, etc. Experience with API Management solutions like Mulesoft, Apigee, etc. Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography. Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus Strong understanding of authentication (OAuth2, JWT), authorization, and encryption for APIs. Familiarity with cloud-native environments, containers, and microservices architectures. Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods. Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. Experience with application monitoring, Managed Services business primarily on DevOps, Threat and Vulnerability Management for Application infrastructure, source code verification, link analysis, and threat modeling. Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case), OOAD notations, emerging threats, attacks, and vulnerability management. Experience with automated monitoring, alerting, and incident response for APIs. Knowledge of regulatory and compliance requirements relevant to API security. Ability to research and characterize security threats to include identification and classification of application related threat indicators. Certification such as SANS Secure Coding, Security Engineering, Web Application Security, ISC2 CSSLP, OSCP etc. are preferred. Good to have: Experience with integrating and operating SAST tools to identify code-level vulnerabilities early in the development lifecycle. Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs. Proficiency in using SCA tools to detect and manage risks from third-party and open-source components, CI/CD integration Hands-on experience embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301329

Summary Position Summary Job title: API Security – Senior Consultant About At Deloitte, we do not offer you just a job, but a career in the highly sought-after risk Management field. We are one of the business leaders in the risk market. We work with a vision to make the world more prosperous, trustworthy, and safe. Deloitte’s clients, primarily based outside of India, are large, complex organizations that constantly evolve and innovate to build better products and services. In the process, they encounter various risks and the work we do to help them address these risks is increasingly important to their success—and to the strength of the economy and public security. By joining us, you will get to work with diverse teams of professionals who design, manage, and implement risk-centric solutions across a variety of domains. In the process, you will gain exposure to the risk-centric challenges faced in today’s world by organizations across a range of industry sectors and become subject matter experts in those areas. Our Risk and Financial Advisory services professionals help organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries. We use cutting-edge technology like AI/ML techniques, analytics, and RPA to solve Deloitte’s clients ‘most complex issues. Working in Risk and Financial Advisory at Deloitte US-India offices has the power to redefine your ambitions. The Team Cyber & Strategic Risk Deloitte’s API Security is aligned with the industry preferred practices and leverages security framework to address the API security challenges in a comprehensive manner. This process enables the client to address key vulnerabilities and risks associated with APIs at different stages of their development lifecycle. Deloitte plays a crucial role in identifying and remediating vulnerabilities in APIs accessible from within an organization, exposed to the internet, or in the client’s API infrastructure that may potentially become a threat to an organization. Work you’ll do Roles & Responsibilities: As a Senior Consultant in the API Security domain, you are responsible for adhering to the defined operating procedures and guidelines in the API security services, which includes the following: Support and consult with development and engineering teams in the areas of API security to discover and inventory all APIs and their exposed data across environments. Integrate automated security testing (e.g., SAST, DAST, API-specific scanners) into CI/CD pipelines.Provide remediation guidance and support to development teams for identified vulnerabilities. Implement and enforce security guardrails for API development, including authentication, authorization, and data protection. Collaborate with DevOps, cloud, and security teams to ensure consistent delivery of secure APIs and microservices. Stay current with emerging API security threats, tools, and best practices. Monitor API traffic for anomalous behavior and potential threats. Research and help develop security solutions to help secure applications (API Security, Data Protection, Identity Protection) Experience working with AWS or other cloud environments (development/architecture) Experience with cloud and API security standards (OWASP API Top 10, CIS Top 20) Perform security risk assessments for all proposed application-related (APIs) changes. Required Skills 5+ years of experience in software development in one or more of the following programming languages, .NET, Python, Java/Springboot (REST), JavaScript (Node/React), and/or Go Experience with tools like OWASP ZAP, Veracode, Postman, etc. 3+ years of experience with API Security (Design patterns, Architecture, B2B/A2A/B2C Integration) Experience with API security tools like Noname, Salt, Neosec, etc. Experience with API Management solutions like Mulesoft, Apigee, etc. Technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography. Excellent knowledge of all web technologies, especially web services, web applications, Service Oriented Architectures, and network/web protocols Knowledge of application threat modeling, Remediation of OWASP API Top 10, CIS Top 10, SANS Top 25 a plus Strong understanding of authentication (OAuth2, JWT), authorization, and encryption for APIs. Familiarity with cloud-native environments, containers, and microservices architectures. Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods. Sound knowledge of all procedures, standards, and regulations for authorization and authentication, applied cryptography, and security vulnerabilities. Qualification Bachelor's degree or higher in Computer Science, or equivalent experience. Experience with application monitoring, Managed Services business primarily on DevOps, Threat and Vulnerability Management for Application infrastructure, source code verification, link analysis, and threat modeling. Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case), OOAD notations, emerging threats, attacks, and vulnerability management. Experience with automated monitoring, alerting, and incident response for APIs. Knowledge of regulatory and compliance requirements relevant to API security. Ability to research and characterize security threats to include identification and classification of application related threat indicators. Certification such as SANS Secure Coding, Security Engineering, Web Application Security, ISC2 CSSLP, OSCP etc. are preferred. Good to have: Experience with integrating and operating SAST tools to identify code-level vulnerabilities early in the development lifecycle. Familiarity with DAST tools and methodologies for identifying runtime vulnerabilities in web applications and APIs. Proficiency in using SCA tools to detect and manage risks from third-party and open-source components, CI/CD integration Hands-on experience embedding security controls and automated testing (SAST, DAST, SCA) into CI/CD pipelines How You’ll Grow At Deloitte, we’ve invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in the same way. So, we provide a range of resources including live classrooms, team-based learning, and eLearning. DU: The Leadership Center in India, our state-of-the-art, world-class learning Center in the Hyderabad offices is an extension of the Deloitte University (DU) in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India . Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. Deloitte is committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with Deloitte’s clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Recruiting tips Finding the right job and preparing for the recruitment process can be tricky. Check out tips from our Deloitte recruiting professionals to set yourself up for success. Check out recruiting tips from Deloitte recruiters . Benefits We believe that to be an undisputed leader in professional services, we should equip you with the resources that can make a positive impact on your well-being journey. Our vision is to create a leadership culture focused on the development and well-being of our people. Here are some of our benefits and programs to support you and your family’s well-being needs. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you . Our people and culture Our people and our culture make Deloitte a place where leaders thrive. Get an inside look at the rich diversity of background, education, and experiences of our people. What impact will you make? Check out our professionals’ career journeys and be inspired by their stories. Professional development You want to make an impact. And we want you to make it. We can help you do that by providing you the culture, training, resources, and opportunities to help you grow and succeed as a professional. Learn more about our commitment to developing our people . © 2025. See Terms of Use for more information. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301332

LucidGrowth LLC is seeking two talented Software Developers to join our dynamic engineering team in Jaipur. This is an exciting opportunity to work on cutting-edge projects, building scalable, high-performance web applications using modern technologies. We’re looking for developers with expertise in full-stack development and distributed systems to contribute to innovative software solutions that drive business growth. Key Responsibilities Design, develop, and maintain full-stack web applications using Node.js , React , and Next.js . Build and optimize RESTful APIs for high-performance applications. Develop backend services using Node.js and Golang to meet diverse system requirements. Design and implement microservices architecture for scalable, distributed systems. Create and optimize database schemas and queries in MongoDB and PostgreSQL . Build responsive, user-friendly frontend interfaces with React and Next.js . Implement browser automation solutions for testing, data collection, or process automation. Solve complex technical problems in distributed environments, focusing on reliability and performance. Collaborate with cross-functional teams to define, design, and ship new features. Write clean, maintainable, and well-documented code adhering to best practices. Participate in code reviews and contribute to technical architecture decisions. Troubleshoot, debug, and enhance existing systems to ensure performance, quality, and responsiveness. Required Qualifications Backend Development 1-2 years of experience with Node.js and Express.js (or similar frameworks). Experience with Golang for backend services. Strong understanding of asynchronous programming and event-driven architecture . Proficiency in TypeScript for type-safe backend development. API Development Experience designing and implementing RESTful APIs . Knowledge of API security best practices (authentication, authorization, rate limiting). Familiarity with API documentation tools (e.g., Swagger/OpenAPI). Database Management Proficiency in MongoDB (aggregation pipelines, indexing, replication). Strong SQL skills with PostgreSQL (complex queries, optimization, migrations). Experience with database design patterns and data modeling. Frontend Development Experience with React.js and modern JavaScript (ES6+) . Experience with Next.js for server-side rendering and static site generation. Strong understanding of React hooks , state management , and component lifecycle . Proficiency in TypeScript for type-safe development. Browser Automation Experience with browser automation tools (Puppeteer, Playwright, or Selenium). Ability to create robust web scraping and testing solutions . Understanding of headless browser environments . Distributed Systems & Architecture Understanding of microservices architecture and design patterns. Experience with distributed systems concepts (service discovery, load balancing, fault tolerance). Knowledge of inter-service communication patterns (REST, message queues, event-driven). Preferred Qualifications Bachelor’s degree in Computer Science , Engineering , or equivalent practical experience. 1-2 years of overall software development experience. Experience with containerization (Docker). Knowledge of cloud platforms (AWS, GCP, or Azure). Familiarity with message queuing systems (RabbitMQ, Kafka). Understanding of DevOps practices and infrastructure as code . Experience with monitoring and logging tools (Prometheus, Grafana, ELK stack). Knowledge of software testing methodologies (unit testing, integration testing). Familiarity with Agile/Scrum methodologies. Understanding of design patterns and software architecture principles . Knowledge of web security best practices and OWASP guidelines . Experience with performance optimization and profiling tools . What We Offer Competitive salary of ₹3.6 - ₹4.8 LPA based on experience and skills. Access to the latest development tools and technologies . Flexible work arrangements (primarily in-office with occasional remote flexibility). Opportunities for career advancement in cutting-edge technology projects. Collaborative and growth-oriented work environment . How to Apply Interested candidates should send their resume and cover letter to careers@em.team.lucidgrowth.com with the subject line: "Application for Software Developer Position - [Your Name]" . Please include links to your GitHub profile and any deployed applications or projects . Important Notes Only immediate joiners will be considered. Candidates must be available to work Monday to Saturday (9:00 AM to 6:00 PM, with 2nd and 4th Saturdays off). This is primarily an in-office position with occasional remote work flexibility. Candidates should demonstrate practical experience with the mentioned technology stack .

Experience required: Experience in performing various security assessments Experience in providing meaningful hardening and mitigation strategies. Expertise in Conducting network and web-based application penetration tests Expertise in Conducting physical security assessments Expertise in Conducting logical security audits and hands-on technical security evaluations and implementations Expertise in Conducting subject matter expertise of focused capabilities in the topics of database security, wireless security, or application and development security Expertise in Conducting wireless security assessments Expertise in Conducting social engineering assessments Expertise in Conducting mobile application assessments Experience with pen testing tools, and network and application security scanners Familiarity with OWASP Top Ten Security Standard and any other similar standards Knowledge in Linux & Windows Network platform Should be certified in CEH or any recognized cyber security certifications Willing to travel to client onsite locations Remuneration will be best as per Industry standard. Experience : 3 to 6 years, minimum of 3years is a must for this position Qualifications : B.Sc, B.Tech, Mtech or MCA or Msc-IT.( Branch CS / IT/ Cyber Security/ Cyber forensics) Candidate who has work experience in one or more areas mentioned above can also apply. This position is open exclusively to experienced professionals in penetration testing only. Job Type: Full-time Pay: ₹800,000.00 - ₹1,200,000.00 per year Experience: penetration testing: 3 years (Required) Work Location: Hybrid remote in Thiruvananthapuram, Kerala

We are Ginteja Insurance Brokers Private Limited (Promoted by Two Big companies - Shyam Steel and Sastasundar). We are looking for a seasoned Senior Technology / Team Lead who combines strong technical expertise across frontend and backend stacks. The ideal candidate will have a deep understanding of modern client-side frameworks (React, React Native, Flutter), robust server-side technologies (Node.js, PHP, Java), and a solid grasp of cloud-native architectures. As a key technology member, you will help design, and guide hands-on the development of scalable, secure, and high-performance digital solutions, working closely with cross-functional teams and stakeholders to ensure successful product / project outcomes. You will be responsible for technical leadership and Agile delivery across complex, enterprise-grade digital products. Key Responsibilities: Technical Leadership Architect, design, and lead the development of full-stack applications using modern client and server-side technologies. Provide hands-on technical direction and resolve architectural, design, and implementation challenges. Lead code reviews, define coding standards, and drive engineering excellence across teams e.g. test-driven software development Team & Task Management Manage & monitor assigned high-level tasks using Agile tools like Jira etc. Ensure proper Agile practices (Scrum, Kanban) are followed throughout the project lifecycle. Proactive and on-time reporting of work status per communication schedule Cloud-Native & DevOps development Design and manage cloud-native application delivery using platforms like AWS (pref) Drive DevOps initiatives: containerization (Docker), orchestration (Kubernetes), automation (CI/CD), and monitoring. Ensure infrastructure is scalable, secure, and cost-effective. Mentoring & Team Development Mentor junior engineers and project team members to enhance their technical and professional growth. Strong collaborative mindset to foster high-performance team culture Primary Skills (Required): Frontend / Mobile (Client-Side) Proficiency in market leading client-side scripting framework - Angular and/or React , React Native , and/or Flutter Strong skills in JavaScript , TypeScript , Dart , HTML/CSS, Redux/MobX, responsive and accessible UI/UX design – and application in multiple products/projects Experience in mobile app publishing (App Store, Play Store) and mobile CI/CD tools (preferred) Backend (Server-Side) Expertise in PHP (Laravel/Symfony) , Java (Spring Boot/Jakarta EE), Node.js , Python Demonstrated advance experience of REST APIs, Microservices, and serverless computing – in multiple products / projects execution Proficient in RDBMS (MySQL, SQL Server) and NoSQL (MongoDB, DynamoDB) Cloud & DevSecOps Proficiency in Container and orchestration technologies (Docker, Kubernetes etc.), CI/CD pipelines (Jenkins, AWS DevOps) Experience in secure cloud native development through integration of tools integration like Sonar & deploying applications on AWS . Understanding of monitoring/logging tools (Grafana, CloudWatch) Team & Task Management Hands-on exposure in Agile delivery methodology ( Scrum, Kanban , or hybrid Agile models) and tools like JIRA (Pref) Exposure in design, development, and deployment of AI and RPA-driven automation solutions. Security & Testing Experience in solution design and guide implementation following web OWASP guidelines and mitigating risks through Hands-on experience in implementation of any Unit Testing framework. Secondary Skills (Preferred): AI & RPA Solutions · Preferred hands-on experience in implementation and integration of of AI/ML technologies and frameworks (e.g., Python, TensorFlow, Amazon AI Stack) & RPA tools into application workflows · Desired experience in implementation with Natural Language Processing model (NLP), OCR, and conversational AI (e.g., chatbots) in enterprise applications. Performance Optimization · Exposure in system performance optimization techniques across platform, application & database Basic exposure to Linux as development work environment. Qualifications: Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent practical experience). 10-14 years of extensive professional experience in end-to-end web development. Strong portfolio showcasing web applications developed, with links to live projects or GitHub. Excellent problem-solving, debugging, and analytical skills. Strong communication and collaboration skills to work effectively in a team environment. A guide and mentor junior developers to achieve the target development state. Ability to write clean, maintainable, and well-documented code. Job Type: Full-time Pay: ₹1,200,000.00 - ₹1,600,000.00 per year Benefits: Health insurance Leave encashment Paid sick time Paid time off Provident Fund Experience: Angular: 4 years (Required) Flutter: 4 years (Required) Team management: 4 years (Required) AWS: 4 years (Required) IT project management: 4 years (Required) Work Location: In person

We are Ginteja Insurance Brokers Private Limited (Promoted by Two Big companies - Shyam Steel and Sastasundar). We are seeking a senior experienced and motivated full-stack Sr. Web Developer to join our growing development team. As a full stack Web Developer, you will be responsible for designing, developing, and maintaining web applications with a focus on high-performance, scalability, and user experience. Key Responsibilities: Design and develop dynamic, high-performance responsive and secure enterprise web applications Collaborate with UX/UI designers to ensure a seamless, responsive, and engaging user interface. Write clean, maintainable, and efficient code following best practices in Cloud Native environment. Exposure to test-driven development and implement Unit Testing framework to promote test-first approach. Optimize web applications for maximum speed, scalability, and responsiveness. Troubleshoot and debug issues across the entire web application stack. Ensure cross-browser compatibility and resolve front-end performance issues. Stay updated with the latest web development trends, technologies, and best practices. Participate in code reviews and contribute to knowledge sharing within the team. Implement RESTful APIs and integrate third-party services as needed. Follow Agile development practices and work in sprints to deliver features on time. Strong collaborative mindset with keen interest to guide and mentor junior developers Primary Skills (Required): Server-side Development: Strong experience in PHP, Node.js (and/or Java/J2EE) including developing APIs and working with relevant frameworks like Laravel, Spring, etc. for enterprise grade microservices based development Cloud Native Development: Familiarity with cloud platforms like AWS, Google Cloud, or Azure. Frontend Technologies: Proficient in developing modern web applications using scripting frameworks like Angular (preferred). Also highly desirable to have exposure to development in other market leading frameworks like React.js and/or Flutter . Solid understanding of HTML5, CSS3, Typescript and responsive design principles. Testing: Strong hands-on experience in designing and implementation of any Unit Testing frameworks (e.g., Jasmine, Mocha, Jest, PHPUnit, JUnit etc.) to promote test-first and test-driven development. UI/UX Design: Basic understanding of UI/UX principles to collaborate effectively with designers. DevOps & Version Control: Experience with basic adoption of version control & CI/CD processes using tools like with Git/GitHub & working with pipelines in Jenkins, AWS DevOps etc. APIs & Integration: Extensive experience in building secure, scalable, performance optimized and resilient APIs (RestFul, GraphQL etc) as well as integration with external 3rd party APIs. Cross-Browser Compatibility & Security: Knowledge of building web applications in considerations to OWASP secure coding guidelines and compatible across different browsers. Database Integration: Familiarity with MySQL, SQL Server, Mongo/Cassandra or other relational and/or NoSQL databases for data handling. Job Type: Full-time Pay: ₹800,000.00 - ₹1,200,000.00 per year Benefits: Health insurance Paid sick time Paid time off Provident Fund Work from home Experience: Angular: 2 years (Required) Web development: 2 years (Required) PHP: 2 years (Required) APIs: 2 years (Required) GitHub: 2 years (Required) Work Location: In person

Key Responsibilities Update Mechanism & Distribution Testing Assess update delivery pipeline for unauthorized access, misconfigurations, or delivery flaws. Simulate HMAC token forge/replay attacks to test authentication robustness. Test code-signing integrity by attempting to modify signed update bundles. Simulate rollback scenarios, downgrade attack vectors, and patch bypass attempts. Backend & Infrastructure Security Perform RBAC abuse tests to detect privilege escalation opportunities. Verify audit logging and forensic traceability of system actions. Check backend service configurations for policy compliance and data protection. Availability & Threat Resilience Conduct DoS resilience testing by simulating excessive/malformed requests. Perform mobile reverse engineering to detect information leakage or insecure storage. Reporting & Retesting Provide a detailed vulnerability report with CVSS scores and POC evidence. Collaborate with DevSecOps for remediation validation and re-testing. Required Skills & Qualifications 7+ years of penetration testing experience in enterprise environments. Deep knowledge of OWASP Top 10 (Web, API, Mobile). Hands-on experience testing mobile hybrid apps (Capacitor/Ionic). Expertise in code signing, HMAC validation, and secure OTA update mechanisms. Familiarity with Azure-hosted services, WebAPI, and SQL Server. Proficient with tools such as Burp Suite, MobSF, Frida, Drozer, OWASP ZAP, Metasploit, Postman, Wireshark. Strong scripting/debugging knowledge (Python, JavaScript, Bash). Understanding of regulatory/compliance frameworks: ISO 27001, GDPR, NIST. Certifications preferred: OSCP, CEH, GMOB, GWAPT. Additional Context App Architecture: Hybrid (Ionic + Capacitor) Backend: .NET Core, WebAPI, Azure Blob Storage CI/CD: Azure DevOps, App Center Governance: Scoped under Qatar Airways IT & Cyber Security policies About Virtusa Teamwork, quality of life, professional and personal development: values that Virtusa is proud to embody. When you join us, you join a team of 27,000 people globally that cares about your growth — one that seeks to provide you with exciting projects, opportunities and work with state of the art technologies throughout your career with us. Great minds, great potential: it all comes together at Virtusa. We value collaboration and the team environment of our company, and seek to provide great minds with a dynamic place to nurture new ideas and foster excellence. Virtusa was founded on principles of equal opportunity for all, and so does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.

Only Immediate Joiner- Within 8-10 days 5+ Years Rotational Shift Hyderabad, IND (ONSITE) Job Responsibilities: • Conducting and coordinating comprehensive Attack Surface Discovery, Penetration tests and Cloud on system and network levels, employing advanced ethical hacking techniques. • Application Penetration Testing (Browser-based, API, Mobile, IoT) • Threat Modeling • Source Code Review • Perform penetration testing on web applications and APIs (internal and external) to identify, assess, and report on vulnerabilities in their applications. • Perform red team exercises to determine where weaknesses in the client’s infrastructure and how it should be remediated. • Organizing and delivering technical security operational briefings for both technical and non technical audiences. • Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics. • Dynamic application security testing (DAST) scans on the identified targets without credentials. • Perform credentialed DAST scans on known client URLs. • Conduct research to identify new attack vectors. • Review and provide feedback for all Security Artifacts. • Play a critical role in building an AppSec program that has a wide scope and impact. • Researching Open source emerging technologies, developing required frameworks and capabilities to perform red team exercises on new technologies adopted by clients. • Preparing and delivering clear, accurate, and concise written and oral technical reports for management. Job specifications: 1. Qualification: • Bachelor’s degree in Engineering or closely related coursework in technology development disciplines • Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable 2. Experience: • Total Experience – 4+ years 3. Desired Skills: Knowledge and Experience: • Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified Expert (OSCE). • A thorough understanding of the Secure Development Life Cycle • Have comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10), diverse application attack vectors, security testing processes, and both wired and wireless network security protocols. • Have familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App detective, Web Inspect, etc.). • Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g. AWS, GCP, etc.). • Mobile platform penetration testing tradecraft and methodologies across widely-used platforms (iOS and/or Android). • Microservices testing Ability to find and exploit bugs in: • C++, Java, JavaScript, Go, and Python • Kubernetes, AWS, GCP, or Azure • Memory management, namespaces, cgroups, etc. • Passion for writing code to solve problems combined with an interest in Offensive Security. • Ability to demonstrate a strong background in one of the following languages: o Golang, Python, Java, JavaScript, C++, C

Job Position: Senior Software Engineer - Python Experience: 7+ yrs Job Location: Infopark, Kochi Key Responsibilities: Technical Leadership Lead Python development teams on enterprise-grade projects Own and drive architectural decisions and code quality Conduct design and code reviews, and ensure adherence to best practices Backend Development Build and maintain robust, scalable backend services using Python frameworks (Django, FastAPI, Flask) Design APIs, background workers, and data pipelines Team Mentoring Mentor and guide junior and mid-level developers Provide training, performance feedback, and career guidance DevOps and Deployment Work with DevOps to define CI/CD pipelines and deployment strategies Collaborate on containerization using Docker, orchestration with Kubernetes Client and Stakeholder Interaction Translate business requirements into technical solutions Participate in client calls for requirement gathering, demos, and feedback sessions Required Skills: 7+ years of Python development experience Strong command over frameworks like Django, FastAPI, Flask Proven experience in API development and integration (REST, GraphQL) Experience with relational (PostgreSQL, MySQL) and NoSQL (MongoDB, Redis) databases Solid understanding of system architecture, design patterns, and scalability Familiarity with asynchronous programming (e.g., Celery, asyncio) Hands-on experience with Docker, Git, and CI/CD pipelines Exposure to cloud platforms (AWS/GCP/Azure) Good understanding of security best practices (OWASP, data protection). Preferred Skills Experience with AI/ML pipelines, data engineering, or microservices Prior experience in leading Agile/Scrum teams Familiarity with front-end technologies (React/Angular) is a plus Contributions to open-source projects or technical blogs Soft Skills Strong problem-solving and decision-making abilities Excellent communication and stakeholder management skills Ability to multitask and manage priorities in a fast-paced environment Team-oriented with a proactive and collaborative approach Why Join Us? Innovative Environment: Join a forward-thinking company that encourages creativity and problem-solving. Career Growth: Opportunities for professional development and career advancement. Collaborative Culture: Work in a team-oriented environment where your contributions are valued. Competitive Compensation: Attractive salary package and performance-based incentives.

Essential Services : Role & Location fungibility At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team . To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service . The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the role Our support application team performs application vulnerability assessments and document vulnerabilities which were found and provides recommendations for remediation according to BFSI guidelines and industry best practices. As an Application Security Manager, you will provide guidance to the application team on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. You will work along with cross functional business teams to get closure of identified gaps and utilize escalation matrix effectively wherever necessary. You will conduct application security assessment results review and mitigation approval. You will keep abreast of new technologies to ensure that the organization remains at the forefront of security. Key Responsibilities Support and Testing: Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets with security tools like BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc. Analysis: Perform in-depth analysis of VAPT results, Review assessment reports to provide risk mitigation & recommendations on that basis. Collaboration: Collaborate with the application team and provide them guidance on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. Qualifications & Skills Educational Qualification: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with relevant experience Certifications: OSCP Compliance: Knowledge of cyber security trends & hacking techniques, MITRE ATT&CK framework with hacker mindset. Network Security: Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Key Technologies: Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance, Knowledge of Networking concepts & Good understanding of latest Network /security technologies such as Cloud security and recent trends. About the Business Group ICICI Banks Information Security Group believes in providing services to its customers in the safest and secured manner, keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. The CIA triad of Confidentiality, Integrity, and Availability is built on the vision of creating a comprehensive information security framework. The Bank also lays emphasis on customer elements like protection from phishing, adaptive authentication, awareness initiatives, and provide easy to use protection and risk configuration ability in the hands of customers. With this core responsibly, ICICI administer and promotes on going campaigns to create awareness among customers on security aspects while banking through digital channels.

Join MSBC as a QA Engineer (C#) – Driving Excellence in Backend and API Automation We are seeking a skilled and detail-oriented QA Engineer with 5+ years of experience in backend testing and API automation. In this role, you will play a critical part in ensuring the robustness and reliability of backend systems through strategic test planning, automation development, and strong collaboration with engineering teams. If you're passionate about building scalable test frameworks and working with complex API ecosystems, we’d love to hear from you. Key Responsibilities: API Test Automation Develop, maintain, and execute automated test cases for RESTful APIs , SOAP services , and Protobuf messages using .NET-based frameworks . Design reusable automation frameworks and scripts tailored to backend and integration workflows. Implement automation for FIX protocol interfaces and message validation processes. Manual API Testing Conduct manual testing for API endpoints to ensure functional accuracy and data integrity. Validate message serialization/deserialization and protocol compliance for Protobuf and FIX. Test Strategy & Execution Design and execute detailed test plans, test cases, and test scripts focused on API and backend systems. Perform regression, integration, and performance testing for service-level validation. Collaboration & Reporting Partner with development, architecture, and product teams to understand API specifications and system behavior. Track and communicate test coverage, bugs, and progress using test management tools. Continuous Improvement Enhance existing test frameworks and propose automation strategies for increased efficiency. Stay updated on evolving tools, libraries, and best practices in API and backend testing. Required Skills & Qualifications: 5+ years of experience in manual and automation testing , with a strong focus on backend and API validation. Proficiency in .NET for developing automated testing solutions. Experience testing RESTful and SOAP APIs , including message types like Protobuf and protocols like FIX . Familiarity with API testing tools (e.g., Postman , Swagger ) and version control systems (e.g., Git ). Working knowledge of CI/CD tools (e.g., Jenkins, GitHub Actions). Strong debugging skills and understanding of backend architectures and integration flows. Exposure to API contract testing tools (e.g., Pact ) and security testing (e.g., OWASP standards). Comfortable working in Agile/Scrum environments. Excellent problem-solving, analytical, and communication skills. Note: Shift timings align with UK working hours. This role is based in Ahmedabad, but candidates from other cities or states are encouraged to apply as remote or hybrid working options are available. MSBC Group has been a trusted technology partner for over 20 years, delivering cutting-edge digital and AI-powered solutions across financial services, manufacturing, logistics, and construction sectors. We specialise in Custom Software Development, Staff Augmentation, Managed Services, and Business Process Outsourcing—driving innovation and enterprise transformation globally. If you're passionate about trading systems, connectivity, and creating high-impact technology solutions, we’d love to hear from you.

Job Summary : We are looking for a DevOps Engineer to help us build functional systems that improve customer experience. DevOps Engineer responsibilities include deploying product updates, identifying production issues and implementing integrations that meet customer needs. If you have a solid background in software engineering and are familiar with Python, wed like to meet you. It will be your responsibility to execute and automate operational processes fast, accurately and securely. Job Requirements : Working experience in Docker and Kubernetes. Experience in tools like Sonar, Appscan, Owasp, Nexus etc. with Jenkins integration. Experience in any one Cloud (AWS/Azure/GCP). Scripting: Shell/bash/Python scripting. Working with continuous integration (CI) Tools: Jenkins. Maintain services once they are live by measuring and monitoring availability, latency and overall system health. Support the application CI/CD pipeline for promoting software into higher environments through validation and operational gating, and lead DevOps automation and best practices. Follow/maintain an agile methodology for delivering on project milestones. Excellent oral, presentation, and written communication skills Preferred Qualification : Bachelors degree in Computer Science, Information Technology with 5+ years of equivalent experience. Minimum of 3 years of DevOps experience setting up CI/CD pipelines for web applications in the Cloud. Working knowledge of databases and SQL. Good understanding and knowledge of Containers, and Serverless ecosystems. Requires in-depth knowledge of the software development life cycle, logging, monitoring, and alerting. Proven implementation of creative technology solutions that advance the business.