3367 Owasp Jobs - Page 47

Job Tittle - Security Test Engineer Job Type: Full-time EXP 5+ Years Location - Gurgaon Roles & Responsibilities: Perform Security Assessments: Conduct various types of security testing, including: 1. Penetration Testing : Perform black-box, gray-box, and white-box penetration testing on web applications, APIs, mobile applications (iOS/Android), and network infrastructure. 2. Vulnerability Assessments : Utilize automated and manual techniques to identify security weaknesses. 3. Static Application Security Testing (SAST) : Analyze source code to identify potential vulnerabilities. 4. Dynamic Application Security Testing (DAST) : Test applications in a running state and vulnerabilities. 5. Interactive Application Security Testing (IAST) : Combine elements of SAST and DAST for comprehensive testing. 6. Configuration Reviews : Assess the security posture of various systems and applications. 7. Threat Modeling: Participate in threat modeling sessions to identify potential attack vectors and vulnerabilities early in the development lifecycle. 8. Vulnerability Management: Document identified vulnerabilities clearly and concisely, including steps to reproduce, impact, and severity. Communicate findings to development teams and stakeholders effectively. Track and manage vulnerabilities through their lifecycle, from discovery to remediation and retesting. Provide guidance and recommendations to development teams on remediation strategies. 9. Security Tooling & Automation : - Utilize and configure security testing tools (e.g., Burp Suite, OWASP ZAP, Nessus, Acunetix, Fortify, Checkmarx, Metasploit). - Develop and implement automated security tests and scripts to improve efficiency. - Stay up-to-date with the latest security testing tools, techniques, and best practices. 10. Collaboration & Communication: - Collaborate closely with development, DevOps, QA, and product teams to integrate security into the SDLC (Secure SDLC). - Educate and mentor developers on secure coding practices and common vulnerabilities. - Participate in security code reviews. - Present security findings and recommendations to technical and non-technical audiences. 11. Research & Development: - Stay informed about emerging security threats, attack vectors, and industry trends. - Contribute to the improvement of security testing methodologies and processes. Participate in security community activities, conferences, and training. Required Skills & Qualifications : - Education : Bachelor's degree in computer science, Information Security, or a related field (or equivalent practical experience). - Experience : Mid-Level: 3-6 years of experience in security testing, penetration testing, or application security. Senior Level: 6+ years of experience in security testing, leading penetration testing engagements and architecting secure solutions. Technical Skills : - Strong understanding of web application security vulnerabilities (e.g., OWASP Top 10, SANS Top 25). o Proficiency with security testing tools (e.g., Burp Suite, OWASP ZAP, Nmap, Metasploit). - Experience with various operating systems (Linux, Windows). - Familiarity with scripting languages (e.g., Python, Ruby, PowerShell, Bash). Understanding of network protocols, firewalls, and intrusion detection/prevention systems. - Knowledge of secure coding principles and common programming languages (e.g., Java, Python, C#, JavaScript, Node.js). - Experience with cloud security (AWS, Azure, GCP) is a strong plus. Familiarity with CI/CD pipelines and integrating security into automated workflows. Soft Skills : - Excellent analytical and problem-solving skills. - Strong communication and interpersonal skills, with the ability to explain complex technical concepts to non-technical audiences. - Ability to work independently and as part of a team. - High attention to detail and a methodical approach to testing. - Curiosity and a strong desire to learn and stay current with security trends. Desired Certifications (Plus, but not required): OSCP OSWE CEH (Certified Ethical Hacker) CompTIA Security+ SANS certifications (e.g., GWEB, GWAPT, GPEN) CSSLP (Certified Secure Software Lifecycle Professional)

Introduction As security Specialist a, You will play a role in client facing support for IBM Managed Infra Security Delivery and delivering management services for Deploy, configure, and maintain Radware Server/Link Load Balancer solutions to ensure optimal performance and reliability as part of IBM Security Delivery Team. If you thrive in a dynamic, reciprocal workplace, IBM provides an environment to explore new opportunities every single day. And if you relish the freedom to bring creative, thoughtful solutions to the table, there's no limit to what you can accomplish here. Your Role And Responsibilities Your Role and Responsibilities Conduct Vulnerability Assessment & Penetration Testing (VAPT) for web applications, APIs, and networks. Analyze and identify security vulnerabilities, ensuring alignment with OWASP Top 10 and secure coding best practices. Provide security requirement analysis for applications. Offer risk mitigation planning, vulnerability remediation recommendations, compliance guidance, and metrics reporting. Plan and coordinate Network & Application Security testing. Utilize security testing tools such as Burp Suite, Kali-Linux, AppScan, Nessus. Generate and share reports with customers using MS Office tools. Collaborate with teams to enhance security implementations and provide best practice recommendations. Preferred Education Bachelor's Degree Required Technical And Professional Expertise 3-4 years of demonstrating experience in planning and executing VA & penetration tests exercises against web applications, APIs, Network. Minimum 3+ years of experience in Network and Application Security Proficient in Secure coding best practices and OWASP TOP 10 vulnerabilities Experience in security requirements analysis for application Experience in security requirement implementation recommendations & guidance Prior experience in Network & Application Security Test planning & coordination Experience in Application risk mitigation planning, Vulnerabilities remediation recommendation & guidance, Compliance & Metrics reporting Preferred Technical And Professional Experience Industry certifications such as CEH/OSCP or equivalent preferred. Familiarity with security standards (OWASP, SANS, ISO).

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Third-Party Risk as a Service – Senior As part of our EY- NFS TPRM team, you will help clients enhance their business performance by translating their strategies into realities. Working with EY-high performing teams, you will help clients to grow, innovate, protect, and optimize their business performance. The opportunity We’re looking for Seniors with expertise in Third-Party Risk Management to join the leadership group of our TPRaaS team . It is a fantastic opportunity to be part of a leading firm while being instrumental in the growth of a new service offering. Your Key Responsibilities Lead and work closely with the manager in the delivery of Third-Party Risk Management (TPRM) engagements. Assist / Mentor team members in vendor calls / client interactions by providing delivery updates. Perform Quality Checks on work products before delivering it to the end clients. Follow policies and procedures that support the successful implementation of TPRM operating models. Facilitate process walkthrough discussions to document end-to-end business processes and functional requirements. Assess the application of legal and regulatory requirements to clients TPRM practices. Lead/Participate in technology enhancement requirements such as Automation, Data Analytics, AI to support TPRM processes. Assist in the selection and tailoring of approaches, methods, and tools to support service offering or industry projects. Build and nurture positive working relationships with clients to achieve exceptional client service. Contribute to Identifying opportunities to improve engagement profitability. Assist leadership in driving business development initiatives and account management. Participate in building strong internal relationships within GMS Services and with other services across the organization. Skills And Attributes For Success Maintain an educational program to develop personal skills continually. Constantly upskilling as per market trends. Understand and follow workplace policies and procedures. Exhibit initiative and participate in corporate social and team events. To qualify for the role, you must have 4 to 8 years of demonstrated experience with Risk Management across the Third-Party engagement lifecycle (pre-contracting, contracting, and post contracting) and an understanding of the associated organizational infrastructure (e.g., relevant internal controls, business processes, governance structures). Strong understanding of the TPRM framework, Risk Management, Information Security practices. Demonstrate a good understanding of the Contract Risk Review management process. Hands-on exposure to TPRM tools and technology solutions (e.g., GRC enablement solutions, such as Process Unity, Prevalent, Archer, ServiceNow, etc.). Demonstrated knowledge of standards such as ISO 27001/2, ISO 22301, ISO 27018, PCI – DSS, HITRUST, etc. Good knowledge of privacy regulations such as GDPR, CCPA, etc. Good knowledge of regulations such as FISMA, HIPAA, Reg SCI, MAS, etc. Good knowledge of TCP/IP, concepts of OSI layer and protocols, networking and security concepts, Physical & Environmental Security, Asset Security and Identity & Access Management. Good knowledge of OS (Windows / Linux) security, Database security, IT infrastructure (switches, routers, firewalls, IDS, IPS, etc.), Security architecture design, and review. Good familiarity with OWASP, and Secure SDLC standards/frameworks, anti-virus solutions (e.g., Symantec, McAfee, etc.). Good experience in LAN/WAN architectures and reviews. Good knowledge of incident management, disaster recovery, and business continuity management, cryptography. Good to have prior Big-4 experience. Good to have certifications - CISSP, CISA, CISM, CTPRP, CIPP, ISO 27001 Lead Auditor or Lead Implementer Ideally, you’ll also have Project Management skills. Exposure to tools like ProcessUnity, ServiceNow, Archer. What We Look For A Team of people with enthusiasm to develop new skills and knowledge and experience to succeed and inquisitiveness to learn new things in this fast-moving environment. Actively tracks and communicates engagement performance and planning to EY engagement management, ensuring project milestones remain on track and are completed timely. Actively mentors and trains team members on Third-Party Risk Management processes, governance, and frameworks. Works cross-functionally with team members to support and drive a collaborative team environment. Creates and design effective presentations as a means for communicating project and deliverable progress to clients. Performs sophisticated data analyses to understand client s business and identify risk Executes advanced services and supervise staff in delivering essential services. Understands client s business environment and basic risk management approaches Actively participates in decision making with engagement management and seek to understand the broader impact of current decisions. Actively contributes to improving operational efficiency on projects & internal initiatives. What Working At EY Offers At EY, we’re dedicated to helping our clients, from the startups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is on education and coaching alongside practical experience to ensure your personal development. We value our employees, and you will be able to control your progress with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching, and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Ethical Hacking Intern 📍 Location: Remote (100% Virtual) 📅 Duration: 3 Months 💸 Stipend for Top Interns: ₹15,000 🎁 Perks: Certificate | Letter of Recommendation | Full-Time Offer (Performance-Based) About INLIGHN TECH INLIGHN TECH is a leading edtech platform focused on providing hands-on, project-based virtual internships. Our Ethical Hacking Internship offers students and freshers the opportunity to dive deep into cybersecurity and gain real-world experience in identifying and patching system vulnerabilities. 🚀 Internship Overview As an Ethical Hacking Intern , you will learn how to ethically test and secure systems, networks, and web applications. You'll work on simulated attack environments, use industry-standard tools, and understand how real-world exploits work — and how to defend against them. 🔧 Key Responsibilities Perform vulnerability assessments and penetration testing on simulated environments Use tools such as Nmap, Metasploit, Burp Suite, Nikto, OWASP ZAP , and Wireshark Learn and practice techniques to test for SQLi, XSS, CSRF, RCE , and more Explore and document the OWASP Top 10 vulnerabilities Assist in developing security reports and suggest remediation strategies Stay updated on the latest security threats, exploits, and patches Participate in ethical hacking labs, capture-the-flag (CTF) exercises, and red team–blue team simulations ✅ Qualifications Pursuing or recently completed a degree in Cybersecurity, Computer Science, IT , or a related field Basic understanding of networking, Linux commands, and web technologies Familiarity with common vulnerabilities and penetration testing tools Strong problem-solving skills and curiosity about how systems can be exploited Eagerness to learn, explore, and ethically test system security Bonus: knowledge of scripting languages like Python or Bash 🎓 What You’ll Gain Practical experience in ethical hacking and penetration testing A portfolio of vulnerability assessments and reports Internship Certificate upon successful completion Letter of Recommendation for high-performing interns Opportunity for a Full-Time Offer based on performance Exposure to real-world red teaming and threat analysis techniques

Job Title: Cybersecurity Industrial Training Program – 3 Months (On-Site) Company: Matrix Sec Cyber Solutions LLP Location: 2nd Floor, Zareen Complex, Luiz Lane, near Thevara Market, Perumanoor, Kochi, Ernakulam, Kerala 682015 Program Type: Full-Time, On-Site Training Program ₹7,000 per month (Payable to the company) Duration: 3 Months Interview/Orientation Date: July 11, 2025 About the Program Matrix Sec Cyber Solutions LLP is launching a 3-month Cybersecurity Industrial Training Program for aspiring professionals seeking real-world experience in the cybersecurity domain. This hands-on program is designed to simulate a professional work environment, providing participants with exposure to live projects, corporate practices, and industry-standard tools and techniques. This is not a job or internship . It is a certified training program , ideal for those preparing to enter the cybersecurity workforce. Who Should Enroll This program is suitable for: Recent graduates in IT, Computer Science, or related fields Cybersecurity enthusiasts looking to build hands-on skills Individuals seeking practical exposure to ethical hacking, vulnerability assessments, and cyber defense Note: A personal laptop is mandatory for participation in the training. What You Will Learn Fundamentals of network security, web application security, and ethical hacking Conducting basic penetration testing on networks and applications Threat detection, malware analysis, and vulnerability management Using industry tools like Nmap, Burp Suite, Wireshark, and Metasploit Familiarity with compliance frameworks such as OWASP Top 10, ISO 27001, NIST, and GDPR Writing technical reports and documentation Participating in Capture The Flag (CTF) and bug bounty simulations What You Will Gain Real-time training on live cybersecurity projects Mentorship and guidance from experienced professionals Practical exposure to a corporate work environment Certificate of Completion from Matrix Sec Cyber Solutions LLP Enhanced job readiness and improved employability in the cybersecurity domain Additional Information Training charge: ₹7,000/month (Total ₹21,000 for 3 months, payable to the company) Location: Kochi, Kerala (on-site attendance required) Start Date: July 11, 2025 How to Apply To register or request more information: Email: info@matrixsec.in Website: https://matrixsec.in Contact: +91 97469 70442 Job Types: Full-time, Internship Contract length: 3 months Pay: From ₹100.00 per month Work Location: In person Expected Start Date: 14/07/2025

Experience Required: - 6 to 8 Years Location:- Noida Role Overview- We are seeking a skilled and driven Sr. Security Engineer with a strong background in penetration testing (web, mobile, and network) . The ideal candidate will have hands-on experience identifying and exploiting vulnerabilities, preparing technical and compliance reports, and guiding clients or internal teams on remediation and governance. Key Responsibilities- • Conduct penetration testing of web applications, mobile apps (iOS/Android), and internal/external networks. • Perform vulnerability assessments and risk evaluations across client environments. • Create detailed technical and executive reports with prioritized remediation strategies. • Assist in SOC 2 readiness assessments, ISO 27001 implementation, and GDPR compliance checks. • Collaborate with cross-functional teams for remedial activities to improve the security posture. • Stay updated with the latest exploits, tools, and compliance updates. Required Qualifications- • 6-8 years of experience in cybersecurity with a focus on penetration testing and compliance. • Proficiency in tools like Burp Suite, Nmap, Metasploit, Nessus, MobSF, and manual testing techniques. • Strong knowledge of OWASP Top 10, secure coding practices, network protocols, and common attack vectors. • Understanding of SOC 2, ISO 27001, GDPR, and associated implementation or audit processes. Certifications (Preferred)- • CEH (Certified Ethical Hacker) • ISO/IEC 27001 Lead Auditor / Lead Implementer • Other relevant certs: e.g., CompTIA Security+, eWPT, eCPPT, GPEN Nice-to-Have Skills- • Familiarity with DevSecOps pipelines, source code reviews, or CI/CD security integration. • Client-facing consulting experience or report presentation skills. • Cyber Security vibe is a must.

🚀 We're Hiring: Manager– AppSec & Vulnerability Management 📍 Location: India – Managed Security Services Organization 💼 Job Type: Full-Time We are looking for an experienced and dynamic Lead – AppSec & Vulnerability Management to join our team and take charge of security assessments, penetration testing, vulnerability management, and DevSecOps for IT/Cloud and OT infrastructure. In this leadership role, you'll manage a talented team, drive the execution of security projects, and ensure the successful delivery of services to customers. Key Responsibilities: 🔒 Lead and manage the AppSec & Vulnerability Management function, ensuring top-notch service delivery and operational success. 🔧 Provide technical leadership and guide your team to build and grow expertise in cybersecurity best practices. 🛠️ Perform penetration testing, vulnerability assessments, and security architecture reviews for IT, Cloud, and OT environments. 📈 Manage customer relationships, pre-sales strategies, and continuously identify opportunities to expand business. 💬 Communicate technical findings effectively to non-technical stakeholders and help implement mitigation strategies. Key Skills & Experience: ✅ 10+ years of experience in managing threat & vulnerability management functions, cybersecurity projects, and customer engagements. ✅ 6-8 years of hands-on experience in security assessments, penetration testing, vulnerability management, and web/mobile app security. ✅ Strong knowledge of security frameworks, OWASP Top 10, cloud security (AWS/Azure), API security, and DevSecOps. ✅ Proven leadership experience in managing teams, driving results, and handling key customer relationships. ✅ Strong communication and interpersonal skills, able to work cross-functionally with senior stakeholders. Qualifications & Certifications: 🎓 Education: B.Tech/B.E. in CSE/IT or related fields. 📜 Certifications: CEH, CISSP, OSCP, or similar security certifications. 🔧 Technical Skills: Expertise in vulnerability assessment tools (e.g., Burp Suite, OWASP ZAP), mobile app security, and security in DevOps environments. Why Join Us? 🌟 Lead and innovate in a fast-paced, growing industry. 🌟 Collaborate with cross-functional teams and drive impactful results. 🌟 Opportunity to shape the security strategy for large-scale enterprise clients. If you're passionate about cybersecurity and ready to make an impact, we’d love to hear from you! 👉 Apply Now! careers@tribastion.com

About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focussed and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Job Description: Title: Assistant Manager Location: Gurugram, Bangalore, Mumbai The ideal candidate should be responsible and capable for designing, implementing, and managing Palo Alto Networks, Checkpoint Firewalls, Zscaler, Load Balancers, and Web Application Firewalls (WAF) in a complex enterprise environment. The ideal candidate will have PCNSE and Zscaler certifications, along with deep expertise in network security, cloud security, and policy management. Design & Implement: Architect and deploy Palo Alto Next-Generation Firewalls, Checkpoint Firewalls, Zscaler Internet Access (ZIA) / Zscaler Private Access (ZPA), Load Balancers, and WAF solutions . Security Policy Management: Configure and maintain security policies, including firewall rules, proxy settings, DLP policies, and WAF security rules . Load Balancer Optimization: Manage and optimize traffic distribution, SSL offloading, and application acceleration using F5 LTM or equivalent . WAF Management: Implement and maintain Web Application Firewall (WAF) policies to protect against OWASP Top 10 vulnerabilities . Troubleshooting & Support: Provide expert-level support for complex security issues, ensuring high availability and performance. Compliance & Best Practices: Ensure adherence to ISO 27001, PCI DSS, GDPR , and other regulatory requirements. Incident Response: Lead investigations into security incidents and implement mitigation strategies. Collaboration: Work closely with IT, CISO teams, and vendors to optimize security posture. Automation & Optimization: Implement automation scripts for security operations and enhance system efficiency. 8+ Years of Experience and expertise working in Network Security domain: Strong understanding of business management, and leadership principles Excellent communication, interpersonal, leadership, coaching, and conflict-resolution skills. Able to complete projects in a timely manner Ability to analyze processes and information, identify problems and trends, and develop effective solutions and strategies. Commitment to providing exceptional service to customers and support to staff members. Palo Alto Networks: Next-Generation Firewalls, Panorama, GlobalProtect, Threat Prevention Checkpoint Firewalls: SmartConsole, Threat Prevention, VPN, Identity Awareness Zscaler: ZIA, ZPA, Cloud Sandbox, SSL Inspection Load Balancers: F5 BIG-IP, SSL Offloading, Traffic Management Web Application Firewall (WAF): Imperva, Cloudflare, AWS WAF, OWASP Top 10 Protection Network Security: VPN, Proxy, Zero Trust Architecture Cloud Security: Secure Access Service Edge (SASE), SD-WAN ITSM Frameworks: Change Management, Incident Management, Problem Management Qualification: Bachelor or higher degree in one of these fields. BE/BTECH/MCA/BCA - Must have PCNSE certified. Equal Opportunity Employer KPMG India KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

Location: Remote Duration: 1 Year (Renewable) Start: ASAP Job Purpose: We are seeking an experienced Application Security Architect to design, implement, and maintain secure cloud and enterprise platforms. The role involves ensuring the confidentiality, integrity, and availability of data across environments, and active participation in the SDLC to define and enforce security requirements. Key Responsibilities: Define and assess security requirements across cloud platforms (SaaS/IaaS). Support secure design and integration of applications and APIs. Participate in SDLC reviews and threat modeling. Develop and implement security standards, baselines, and best practices. Collaborate with DevOps, Engineering, and Infra teams for secure deployments. Provide guidance on cloud security posture, compliance, and remediation. Experience & Skills: 7–8 years in Information Security, with expertise in architecture, assessment, and implementation. 5–8 years in: Application security design, assessment, and engineering. Securing public/private cloud (AWS/Azure/DevOps). Secure SDLC, threat modeling, risk assessments. Strong knowledge in: IAM, SSO, API gateways, OAuth, SAML. SIEM, WAF, firewalls, VPNs, endpoint protection. Security standards like NIST, OWASP, ISO 27001. Preferred Skills: Hands-on with CASBs, cloud governance tools. Familiarity with mobile app security. Strong communication, documentation, and collaboration skills. Qualifications: Engineering degree in IT or Computer Science. Certifications (any of the following): CEH, OCSP, OWASP, AWS/Azure/GCP, TOGAF, SABSA, CISSP-ISSAP, CCSP.

About NxtWave NxtWave is one of India’s fastest-growing ed-tech startups, revolutionizing the 21st-century job market. NxtWave is transforming youth into highly skilled tech professionals through its CCBP 4.0 programs, regardless of their educational background. NxtWave is founded by Rahul Attuluri (Ex Amazon, IIIT Hyderabad), Sashank Reddy (IIT Bombay) and Anupam Pedarla (IIT Kharagpur). Supported by Orios Ventures, Better Capital, and Marquee Angels, NxtWave raised $33 million in 2023 from Greater Pacific Capital. As an official partner for NSDC (under the Ministry of Skill Development & Entrepreneurship, Govt. of India) and recognized by NASSCOM, NxtWave has earned a reputation for excellence. Some of its prestigious recognitions include: Technology Pioneer 2024 by the World Economic Forum, one of only 100 startups chosen globally ‘Startup Spotlight Award of the Year’ by T-Hub in 2023 ‘Best Tech Skilling EdTech Startup of the Year 2022’ by Times Business Awards ‘The Greatest Brand in Education’ in a research-based listing by URS Media NxtWave Founders Anupam Pedarla and Sashank Gujjula were honoured in the 2024 Forbes India 30 Under 30 for their contributions to tech education NxtWave breaks learning barriers by offering vernacular content for better comprehension and retention. NxtWave now has paid subscribers from 650+ districts across India. Its learners are hired by over 2000+ companies including Amazon, Accenture, IBM, Bank of America, TCS, Deloitte and more. Know more about NxtWave: https://www.ccbp.in Read more about us in the news – Economic Times | CNBC | YourStory | VCCircle Why NxtWave As a Fullstack SDE - 2 at NxtWave, you Build applications at a scale and see them released quickly to the NxtWave learners (within weeks) Get to take ownership of the features you build and work closely with the product team Work in a great culture that continuously empowers you to grow in your career Enjoy freedom to experiment & learn from mistakes (Fail Fast, Learn Faster) NxtWave is one of the fastest growing edtech startups. Get first-hand experience in scaling the features you build as the company grows rapidly Build in a world-class developer environment by applying clean coding principles, code architecture, etc. Responsibilities Lead design and delivery of complex end-to-end features across frontend, backend, and data layers. Make strategic architectural decisions on frameworks, datastores, and performance patterns. Review and approve pull requests, enforcing clean-code guidelines, SOLID principles, and design patterns. Build and maintain shared UI component libraries and backend service frameworks for team reuse. Identify and eliminate performance bottlenecks in both browser rendering and server throughput. Instrument services with metrics and logging, driving SLIs, SLAs, and observability. Define and enforce comprehensive testing strategies: unit, integration, and end-to-end. Own CI/CD pipelines, automating builds, deployments, and rollback procedures. Ensure OWASP Top-10 mitigations, WCAG accessibility, and SEO best practices. Partner with Product, UX, and Ops to translate business objectives into technical roadmaps. Facilitate sprint planning, estimation, and retrospectives for predictable deliveries. Mentor and guide SDE-1s and interns; participate in hiring. Qualifications & Skills 3–5 years building production Full stack applications end-to-end with measurable impact. Proven leadership in Agile/Scrum environments with a passion for continuous learning. Deep expertise in React (or Angular/Vue) with TypeScript and modern CSS methodologies. Proficient in Node.js (Express/NestJS) or Python (Django/Flask/FastAPI) or Java (Spring Boot). Expert in designing RESTful and GraphQL APIs and scalable database schemas. Knowledge of MySQL/PostgreSQL indexing, NoSQL (ElasticSearch/DynamoDB), and caching (Redis). Knowledge of Containerization (Docker) and commonly used AWS services such as lambda, ec2, s3, api gateway etc. Skilled in unit/integration (Jest, pytest) and E2E testing (Cypress, Playwright). Frontend profiling (Lighthouse) and backend tracing for performance tuning. Secure coding: OAuth2/JWT, XSS/CSRF protection, and familiarity with compliance regimes. Strong communicator able to convey technical trade-offs to non-technical stakeholders. Experience in reviewing pull requests and providing constructive feedback to the team. Qualities we'd love to find in you: The attitude to always strive for the best outcomes and an enthusiasm to deliver high quality software Strong collaboration abilities and a flexible & friendly approach to working with teams Strong determination with a constant eye on solutions Creative ideas with problem solving mind-set Be open to receiving objective criticism and improving upon it Eagerness to learn and zeal to grow Strong communication skills is a huge plus Work Location: Hyderabad

Job Title: Security Test Engineer Job Location: Pune (Hybrid) Salary range: As per company standards What will be your responsibility: • Lead and perform advanced application security testing (SAST, DAST, IAST) for web, mobile, and cloud-native applications. • Design security test strategies, perform vulnerability assessments, and report findings with risk prioritization and remediation recommendations. • Collaborate with development, QA, and DevOps teams to integrate security testing into CI/CD workflows. • Conduct threat modelling sessions and define security requirements early in the project lifecycle. • Simulate real-world attacks (ethical hacking, red teaming) and ensure application hardening against OWASP Top 10 and CWE vulnerabilities. • Review code, architecture, and infrastructure for security compliance and weaknesses. • Stay updated on evolving security threats, tools, and best practices. • Mentor junior analysts and contribute to the security knowledge base. What is needed from you: • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related discipline. • 7 to 10 years of experience in security testing, application security, or security engineering. • Proficiency in tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Veracode, Metasploit, Kali Linux. • In-depth understanding of threat modelling, risk assessment methodologies, and secure development practices. • Strong knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding practices. • Experience with scripting languages such as Python, Bash, or PowerShell. • Hands-on experience integrating security into DevOps/DevSecOps pipelines (e.g., GitHub Actions, Jenkins, GitLab CI). • Familiarity with cloud platforms (AWS, Azure, GCP) and their security controls. • Certifications like OSCP, CEH, GWAPT, CISSP, or SANS GIAC are highly desirable. What will you get: Opportunity to work in Product Development and excellent learning opportunities  Healthy work environment, peer to peer collaborative work culture Individual growth and encouraging opportunities with highly motivated team  Work-Life Balance Selection Process 2 technical round,1 Managerial round

Company Description Coredge is a solutions-focused company leveraging AI, cloud, and other digital technologies to solve complex industry challenges. We enable clients to thrive in the digital era by providing innovative solutions that drive efficiency and growth. Our expertise lies in applying advanced technologies to deliver customized, effective results. At Coredge, we are committed to helping our clients navigate and succeed in an ever-evolving digital landscape. Role Description This is a full-time, on-site role for an Application & a Cloud Security Specialist located in Noida. The both Application & Cloud Security Specialist will be responsible for providing application support, troubleshooting technical issues, and delivering technical support to ensure the security of our cloud infrastructure. Daily tasks include analyzing security measures, identifying vulnerabilities, and implementing security protocols. The specialist will also communicate with internal and external stakeholders to ensure the highest level of security and support for our applications and cloud services. Cloud Security Specialist (4–6 Years) Location: Noida | Reports to: Head/CISO Cyber Security 🎯 Primary Role: Secure and govern cloud infrastructure across AWS, Azure, and GCP, ensuring compliance, risk mitigation, and operational security. 🔍 Key Responsibilities: GRC (50%): Define cloud security policies, conduct risk assessments, ensure compliance (ISO 27001, DPDP, GDPR, HIPAA). Security Operations (35%): Implement IAM, SIEM, WAF, CSPM; respond to incidents; integrate DevSecOps in CI/CD. Reporting (15%): Create dashboards, document architecture, track remediation. 🛠️ Must-Have Skills: Cloud security (AWS/Azure/GCP) DevSecOps, Kubernetes, Docker, Terraform Tools: SIEM, WAF, CSPM, VA/PT (e.g., Nessus, OWASP Zap) 📜 Preferred Certifications: Cloud: CCSP / AWS / Azure / GCP Security Compliance: CISA / ISO 27001 Lead Implementer ✅ Application Security Specialist (6–8 Years) Location: Noida | Reports to: Head/CISO Cyber Security 🎯 Primary Role: Embed security into the SDLC of cloud-native applications, ensuring secure design, development, and compliance. 🔍 Key Responsibilities: AppSec (80%): Lead SSDLC, threat modeling, secure code reviews, CI/CD security (SAST, DAST, SCA), pen testing, vulnerability management. GRC (20%): Ensure app compliance (GDPR, HIPAA, DPDP), support audits, align with ISO 27001, PCI-DSS. 🛠️ Must-Have Skills: Secure coding (Java, Python, Go, JS) DevSecOps, Kubernetes, Docker, Terraform Tools: SonarQube, Burp Suite, Veracode, GitLab CI/CD 📜 Mandatory Certification: CEH / OSCP / GWAPT (any one) 📧 Apply Now: Send your resume to hr@coredge.io #CyberSecurityJobs #ApplicationSecurity #CloudSecurity #NoidaJobs #HiringNow #TechCareers

Hello, Greetings for the day !!! Hiring "Dot Net Full Stack Developer" for one of our client based @ Mumbai !!! Experience: 3+ years Desirable Skill Sets for Developer – Microsoft .NET (Full stack) SQL Server: Performance optimization techniques jQuery Developing Secure code [ Keeping in mind OWASP Top 10] Version Control Tool – Git & Azure DevOps and above Consuming of SOAP/REST web services like SAP Gateway Services Development of .NET Web API/OData/REST services Automated/Unit Testing Frameworks like Microsoft Unit Test or NUNIT. Angular 16 and above Node.js TypeScript Design Patterns Knowledge of Cloud based development (App service, Code publish) LESS or SASS Interactive Visualizations and Analytical Reports using Power BI Object Storage like S3 Education Criteria: The resource should possess minimum qualification MCA with minimum passing marks of 60%. B.E /B.Tech in Computer Science or Computer Engineering or Information Technology Location: Sewri, Mumbai Job Type: Full-time Pay: ₹400,000.00 - ₹960,000.00 per year Schedule: Day shift Monday to Friday Morning shift Application Question(s): How soon you can join? Education: Bachelor's (Required) Experience: .NET Core: 3 years (Required) MVC: 3 years (Required) C#: 3 years (Required) SQL: 3 years (Required) OOPS Concept: 3 years (Required) Web API: 3 years (Required) Data structures and Algorithm: 3 years (Required) Language: English (Required) Location: Sewri, Mumbai, Maharashtra (Required) Work Location: In person

As a Fullstack SDE - II at NxtWave, you Build applications at a scale and see them released quickly to the NxtWave learners (within weeks )Get to take ownership of the features you build and work closely with the product tea mWork in a great culture that continuously empowers you to grow in your caree rEnjoy freedom to experiment & learn from mistakes (Fail Fast, Learn Faster )NxtWave is one of the fastest growing edtech startups. Get first-hand experience in scaling the features you build as the company grows rapidl yBuild in a world-class developer environment by applying clean coding principles, code architecture, etc .Responsibilitie sLead design and delivery of complex end-to-end features across frontend, backend, and data layers .Make strategic architectural decisions on frameworks, datastores, and performance patterns .Review and approve pull requests, enforcing clean-code guidelines, SOLID principles, and design patterns .Build and maintain shared UI component libraries and backend service frameworks for team reuse .Identify and eliminate performance bottlenecks in both browser rendering and server throughput .Instrument services with metrics and logging, driving SLIs, SLAs, and observability .Define and enforce comprehensive testing strategies: unit, integration, and end-to-end .Own CI/CD pipelines, automating builds, deployments, and rollback procedures .Ensure OWASP Top-10 mitigations, WCAG accessibility, and SEO best practices .Partner with Product, UX, and Ops to translate business objectives into technical roadmaps .Facilitate sprint planning, estimation, and retrospectives for predictable deliveries .Mentor and guide SDE-1s and interns; participate in hiring .Qualifications & Skill s3–5 years building production Full stack applications end-to-end with measurable impact .Proven leadership in Agile/Scrum environments with a passion for continuous learning .Deep expertise in React (or Angular/Vue) with TypeScript and modern CSS methodologies .Proficient in Node.js (Express/NestJS) or Python (Django/Flask/FastAPI) or Java (Spring Boot) .Expert in designing RESTful and GraphQL APIs and scalable database schemas .Knowledge of MySQL/PostgreSQL indexing, NoSQL (ElasticSearch/DynamoDB), and caching (Redis) .Knowledge of Containerization (Docker) and commonly used AWS services such as lambda, ec2, s3, api gateway etc .Skilled in unit/integration (Jest, pytest) and E2E testing (Cypress, Playwright) .Frontend profiling (Lighthouse) and backend tracing for performance tuning .Secure coding: OAuth2/JWT, XSS/CSRF protection, and familiarity with compliance regimes .Strong communicator able to convey technical trade-offs to non-technical stakeholders .Experience in reviewing pull requests and providing constructive feedback to the team .Qualities we'd love to find in you : The attitude to always strive for the best outcomes and an enthusiasm to deliver high quality softwa reStrong collaboration abilities and a flexible & friendly approach to working with tea msStrong determination with a constant eye on solutio nsCreative ideas with problem solving mind-s etBe open to receiving objective criticism and improving upon itEagerness to learn and zeal to gr owStrong communication skills is a huge pl usWork Location : Hyderab ad About NxtW aveNxtWave is one of India’s fastest-growing ed-tech startups, revolutionizing the 21st-century job market. NxtWave is transforming youth into highly skilled tech professionals through its CCBP 4.0 programs, regardless of their educational backgrou nd.NxtWave is founded by Rahul Attuluri (Ex Amazon, IIIT Hyderabad), Sashank Reddy (IIT Bombay) and Anupam Pedarla (IIT Kharagpur). Supported by Orios Ventures, Better Capital, and Marquee Angels, NxtWave raised $33 million in 2023 from Greater Pacific Capit al.As an official partner for NSDC (under the Ministry of Skill Development & Entrepreneurship, Govt. of India) and recognized by NASSCOM, NxtWave has earned a reputation for excellen ce.Some of its prestigious recognitions inclu de:Technology Pioneer 2024 by the World Economic Forum, one of only 100 startups chosen globa lly‘Startup Spotlight Award of the Year’ by T-Hub in 2 023‘Best Tech Skilling EdTech Startup of the Year 2022’ by Times Business Awa rds‘The Greatest Brand in Education’ in a research-based listing by URS Me diaNxtWave Founders Anupam Pedarla and Sashank Gujjula were honoured in the 2024 Forbes India 30 Under 30 for their contributions to tech educat ionNxtWave breaks learning barriers by offering vernacular content for better comprehension and retention. NxtWave now has paid subscribers from 650+ districts across India. Its learners are hired by over 2000+ companies including Amazon, Accenture, IBM, Bank of America, TCS, Deloitte and mo re. Know more about NxtWa ve: https://www.ccb p.inRead more about us in the new s – Economic Times | CNBC | YourStory | VCCi rcle

Role Overview We’re seeking a skilled Django Developer to join our product engineering team. You will help scale our current system from a monolithic architecture to microservices, optimize our backend for multi-tenancy, and ensure secure and maintainable code practices. You will also collaborate with our frontend, DevOps, and security teams to deliver enterprise-grade capabilities. Key Responsibilities Develop and maintain scalable backend services using Django and Django REST Framework. Design secure and modular REST APIs for integration with frontend and third-party services. Implement and manage asynchronous task queues using Celery and Redis. Contribute to the transition from monolithic to microservices architecture. Define service boundaries and inter-service communication protocols. Ensure independent deployability, observability, and fault isolation of services. Design and implement multi-tenant logic (schema or row-level isolation). Ensure strict tenant-level data segregation and access control. Manage PostgreSQL schema design, query optimization, and indexing for performance. Handle database migrations and tenant-specific data flows. Work with GitLab for version control, branching, merge requests, and issue tracking. Collaborate on CI/CD pipelines using GitLab CI, Docker, and containerized deployments. Implement secure coding practices aligned with OWASP standards. Manage authentication/authorization using JWT and role-based access control (RBAC). Contribute to integration with SSO providers and OAuth-based authentication. Maintain technical documentation for APIs, services, and features. Write clean, maintainable, and well-documented code. Collaborate with cross-functional teams and participate in regular code reviews. Preferred Qualification 1–3 years of hands-on experience with Django and Django REST Framework. Strong understanding of PostgreSQL, Redis, and Celery. Experience with microservices and containerization (Docker). Familiarity with GitLab, CI/CD pipelines, and secure deployment practices. Exposure to multi-tenant SaaS environments and secure system design. Bonus: Experience with Django Channels, WebSockets, or background in cybersecurity/compliance.

About the Role: We are looking for a highly curious and logical thinker who understands how modern web and application-level architectures work. This role is perfect for someone who loves breaking things to understand how they work — and then reporting it clearly. You don’t need certifications — we value real skills, out-of-the-box thinking, and hands-on experience with the latest attack vectors and tools. Responsibilities: Perform manual and automated application penetration testing on web apps, mobile apps, APIs, and thick clients Understand application logic deeply to identify business logic flaws Stay updated with the latest OWASP Top 10, SANS 25, and emerging attack vectors like SSRF chaining, prototype pollution, cloud misconfigurations, and more Write custom scripts and automate repeatable tasks to improve testing efficiency Clearly document vulnerabilities and communicate them effectively to customers, including risk impact and mitigation strategies Work closely with developers and customers to validate fixes and provide secure design suggestions Requirements: Strong understanding of web application architecture (frontend, backend, APIs, authentication/authorization flows) Ability to identify and exploit application-level vulnerabilities beyond scanners Knowledge of modern attack techniques (SSRF, IDOR, OAuth misconfig, JWT attacks, etc.) Familiarity with tools like Burp Suite, Postman, custom scripts (Python/bash), and automation frameworks Strong communication skills to report findings professionally and clearly Logical thinking, curiosity, and problem-solving mindset

As a Fullstack SDE - II at NxtWave, you Build applications at a scale and see them released quickly to the NxtWave learners (within weeks) Get to take ownership of the features you build and work closely with the product team Work in a great culture that continuously empowers you to grow in your career Enjoy freedom to experiment & learn from mistakes (Fail Fast, Learn Faster) NxtWave is one of the fastest growing edtech startups. Get first-hand experience in scaling the features you build as the company grows rapidly Build in a world-class developer environment by applying clean coding principles, code architecture, etc. Responsibilities Lead design and delivery of complex end-to-end features across frontend, backend, and data layers. Make strategic architectural decisions on frameworks, datastores, and performance patterns. Review and approve pull requests, enforcing clean-code guidelines, SOLID principles, and design patterns. Build and maintain shared UI component libraries and backend service frameworks for team reuse. Identify and eliminate performance bottlenecks in both browser rendering and server throughput. Instrument services with metrics and logging, driving SLIs, SLAs, and observability. Define and enforce comprehensive testing strategies: unit, integration, and end-to-end. Own CI/CD pipelines, automating builds, deployments, and rollback procedures. Ensure OWASP Top-10 mitigations, WCAG accessibility, and SEO best practices. Partner with Product, UX, and Ops to translate business objectives into technical roadmaps. Facilitate sprint planning, estimation, and retrospectives for predictable deliveries. Mentor and guide SDE-1s and interns; participate in hiring. Qualifications & Skills 3–5 years building production Full stack applications end-to-end with measurable impact. Proven leadership in Agile/Scrum environments with a passion for continuous learning. Deep expertise in React (or Angular/Vue) with TypeScript and modern CSS methodologies. Proficient in Node.js (Express/NestJS) or Python (Django/Flask/FastAPI) or Java (Spring Boot). Expert in designing RESTful and GraphQL APIs and scalable database schemas. Knowledge of MySQL/PostgreSQL indexing, NoSQL (ElasticSearch/DynamoDB), and caching (Redis). Knowledge of Containerization (Docker) and commonly used AWS services such as lambda, ec2, s3, api gateway etc. Skilled in unit/integration (Jest, pytest) and E2E testing (Cypress, Playwright). Frontend profiling (Lighthouse) and backend tracing for performance tuning. Secure coding: OAuth2/JWT, XSS/CSRF protection, and familiarity with compliance regimes. Strong communicator able to convey technical trade-offs to non-technical stakeholders. Experience in reviewing pull requests and providing constructive feedback to the team. Qualities we'd love to find in you: The attitude to always strive for the best outcomes and an enthusiasm to deliver high quality software Strong collaboration abilities and a flexible & friendly approach to working with teams Strong determination with a constant eye on solutions Creative ideas with problem solving mind-set Be open to receiving objective criticism and improving upon it Eagerness to learn and zeal to grow Strong communication skills is a huge plus Work Location: Hyderabad About NxtWave NxtWave is one of India’s fastest-growing ed-tech startups, revolutionizing the 21st-century job market. NxtWave is transforming youth into highly skilled tech professionals through its CCBP 4.0 programs, regardless of their educational background. NxtWave is founded by Rahul Attuluri (Ex Amazon, IIIT Hyderabad), Sashank Reddy (IIT Bombay) and Anupam Pedarla (IIT Kharagpur). Supported by Orios Ventures, Better Capital, and Marquee Angels, NxtWave raised $33 million in 2023 from Greater Pacific Capital. As an official partner for NSDC (under the Ministry of Skill Development & Entrepreneurship, Govt. of India) and recognized by NASSCOM, NxtWave has earned a reputation for excellence. Some of its prestigious recognitions include: Technology Pioneer 2024 by the World Economic Forum, one of only 100 startups chosen globally ‘Startup Spotlight Award of the Year’ by T-Hub in 2023 ‘Best Tech Skilling EdTech Startup of the Year 2022’ by Times Business Awards ‘The Greatest Brand in Education’ in a research-based listing by URS Media NxtWave Founders Anupam Pedarla and Sashank Gujjula were honoured in the 2024 Forbes India 30 Under 30 for their contributions to tech education NxtWave breaks learning barriers by offering vernacular content for better comprehension and retention. NxtWave now has paid subscribers from 650+ districts across India. Its learners are hired by over 2000+ companies including Amazon, Accenture, IBM, Bank of America, TCS, Deloitte and more. Know more about NxtWave: https://www.ccbp.in Read more about us in the news – Economic Times | CNBC | YourStory | VCCircle

Role & Responsibilities Design, build, and maintain microservice-based APIs that drive our core platform features and third-party integrations. Optimize data models, caching layers, and query performance to achieve sub-second response times under peak loads. Implement robust authentication, authorization, and rate-limiting mechanisms aligned with OWASP standards. Automate testing, containerization, and CI/CD pipelines to guarantee rapid, zero-downtime releases. Collaborate with Frontend, DevOps, and Product teams, translating business requirements into scalable technical solutions. Monitor production systems, triage incidents, and continuously improve observability, uptime, and cost efficiency. Skills & Qualifications Must-Have 3–6 years server-side development in Node.js, delivering RESTful or gRPC services. Proficiency in relational databases (PostgreSQL/MySQL) and schema design for high concurrency. Hands-on with Docker, Kubernetes basics, and Git-centric workflows. Strong grasp of data structures, algorithms, and object-oriented or functional design patterns. Experience implementing CI/CD (GitHub Actions/Jenkins) and writing unit & integration tests. Preferred Knowledge of event-driven architectures using Kafka or RabbitMQ. Exposure to AWS, GCP, or Azure managed services (EKS, RDS, CloudWatch). Understanding of GraphQL, WebSockets, or real-time messaging frameworks. Benefits & Culture Highlights Hackathon-centric culture that encourages rapid prototyping and continuous learning. MacBooks, dual monitors, and dedicated lab budgets for side projects. Quarterly off-sites, peer-recognition bonuses, and clear growth pathways into Staff Engineering or Tech Lead roles. Join us to craft resilient backends that empower the next generation of developers and innovators. Skills: integration testing,ci/cd,sql,git,jenkins,grpc services,microservices,kubernetes,mysql,postgresql,node.js,unit testing,docker,restful services,github actions

GE Healthcare Healthcare Science & Technology Organization Category Digital Technology / IT Early Career Job Id R4016905 Relocation Assistance Yes Location Bengaluru, Karnataka, India, 560066 Job Description Summary As a Product Security Analyst, you will be collaborating with development teams to complete security testing and tool development for our GEHC products. You will be responsible for Performing VAPT for thick and thin clients, webservices, embedded devices and cloud. Conducting Compliance/Benchmark assessments using DISA Stigs/CIS Benchmarks .Review, Test and Suggest best practices for Cryptography, PKI (web and non-web perspective). Conducting Source code review and discuss with development teams in mitigating the issues and eliminating false positives. GE Healthcare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world. Job Description Roles and Responsibilities You are a skilled Analyst who enjoys security work and is an expert in systems security, product / OT security and application security. In this role, you will: Work with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents. Be responsible for providing technical leadership and defining, developing, and evolving security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure. Work with Cyber Security Leaders and SMEs to understand product requirements Translate security requirements / vision into a prioritized list of user stories, completing work according to required timelines and quality standards Assist security champions in completing Threat Modeling and Architecture Risk Analysis on product features Perform Security Code Reviews, Vulnerability Analysis and research on application code Coach and mentor developers to implement cryptography solutions securely (PKI, Code Signing, Stored Secrets, et cetera) Engage subject matter experts in successful transfer of complex domain knowledge Apply principles of Secure SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security Provide guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project Understand application security methodologies and frameworks Leverage GE Digital's tailored Secure SDL practice into specific engineering engagements Research new application security technologies and implement them to improve application security. Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development Promote best practices based on OWASP, SANS Top 25, and the GE Digital SDL. Write fuzz scenarios to see the break network protocol suites such as TCP/IP, IPv6, UDP, TLS, DTLS Ability to automate attack scenarios to avoid repetitive work. Good to have experience in Bluetooth/Wifi or any radio based attacks. Good to have experience in Rest API security testing and recommending best practices while opting for OAuth or OpenId connect Having experience working on IoT platform will be beneficial. Required Skills Professional expertise with Kali Linux, Metasploit, Meterpreter. Hands-on experience in Windows/Linux and network security. Execute Scans using tools such as Nessus, Burp, Fortify/Coverity, Splunk etc. Education Qualification Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) with a minimum of 3+ years of experience in systems security, product / OT security and application security. Desired Characteristics Certifications – OSCP, CCSP. Languages – C/C++/Java/Python/Ruby Proven experience in breaking the vulnerable boxes. Adaptable to learn new skills or technologies as per business needs. Detailed working knowledge of two modern programming languages, such as java, python, or ruby Good written and oral communication skills and successful security consulting background. At least 2 years of security consulting involvement with development team(s) that delivered software-based services Experience in developing secure applications A high energy and a result-oriented attitude/approach, with an understanding of release timelines and the need to enable development teams, not slow them down Experience with Security Development Lifecycle processes such as Threat Modeling desired Contribute to and lead discussions and communications within the team and outside, including customers and other business units Excellent knowledge of Object Oriented Analysis and Design, Software Design Patterns and coding principles Hands-on Experience with developing cloud-deployed applications that utilize oath 2 Hands-on experience with developing RESTful web services Mobile Architecture experience, designing, developing, and integrating solutions. Experience with penetration testing tools, ability to replicate security defects uncovered by groups such as GE's red team Good understanding of security tools and technologies to facilitate secure development Inclusion and Diversity GE Healthcare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity. Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support. #LI-AM11 #Hybrid Additional Information Relocation Assistance Provided: Yes

Founded in 1976, CGI is among the largest independent IT and business consulting services firms in the world. With 94,000 consultants and professionals across the globe, CGI delivers an end-to-end portfolio of capabilities, from strategic IT and business consulting to systems integration, managed IT and business process services and intellectual property solutions. CGI works with clients through a local relationship model complemented by a global delivery network that helps clients digitally transform their organizations and accelerate results. CGI Fiscal 2024 reported revenue is CA$14.68 billion and CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Learn more at cgi.com. Job Title: PHP Developer Position: Senior Software Engineer Experience: 5 - 8 Years Category: Software Development/ Engineering Shift: General (5 Days work from Office) Main location: India, Tamil Nadu, Chennai Position ID: J0725-0243 Employment Type: Full Time Education Qualification: Bachelor's degree in Computer Science or related field or higher with minimum 4 years of relevant experience. Position Description: Works independently under limited supervision and applies knowledge of subject matter in Applications Development. Possess sufficient knowledge and skills to effectively deal with issues, challenges within field of specialization to develop simple applications solutions. Second level professional with direct impact on results and outcome. Your future duties and responsibilities Write clean, well-designed PHP code. Build efficient, testable, and reusable PHP modules. Design and manage databases (commonly MySQL or PostgreSQL). Write SQL queries and optimize database performance. Work with front-end developers to integrate user-facing elements. Ensure seamless integration between front-end and back-end. Create and consume RESTful or SOAP APIs. Integrate third-party services (e.g., payment gateways, social media logins). Implement data protection and security measures (e.g., input validation, CSRF/XSS protection). Stay updated on PHP security vulnerabilities. Use Git or other version control systems for code management and collaboration. Write unit and integration tests. Maintain clear documentation for code and APIs. Required qualifications to be successful in this role Must-Have Skills: At least three years’ experience in PHP and with RDBMs Strong knowledge of PHP 8, PHP Frameworks, and web application design patterns Good knowledge of HTML, CSS, and JS Secure Coding Practices OWASP Top 10 security risks and mitigation Software design and architecture skills Experience in working with the following technologies and products PHP 7.3 and 8.2 / 8.3 Zend / Laminas, Symfony MySQL (Optional: MSSQL, Oracle) REST API’s (Optional: Kafka) Cloud Development (Containerization, Docker, Kubernetes, AWS) Git / GitLab, Gerrit, Jenkins, Composer, CI/CD Confluence, Jira Linux HPE Voltage, Splunk Experience in technology and business consultancy Experience in the finance and/or credit card industry Good-to-Have Skills: Additional Languages: German & Polish (beneficial) Knowledge of Agile methodologies CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodation for people with disabilities in accordance with provincial legislation. Please let us know if you require reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs. Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Category: Software Development/ Engineering Main location: India, Tamil Nadu, Chennai Position ID: J0725-0243 Employment Type: Full Time Position Description: Founded in 1976, CGI is among the largest independent IT and business consulting services firms in the world. With 94,000 consultants and professionals across the globe, CGI delivers an end-to-end portfolio of capabilities, from strategic IT and business consulting to systems integration, managed IT and business process services and intellectual property solutions. CGI works with clients through a local relationship model complemented by a global delivery network that helps clients digitally transform their organizations and accelerate results. CGI Fiscal 2024 reported revenue is CA$14.68 billion and CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Learn more at cgi.com. Job Title: PHP Developer Position: Senior Software Engineer Experience: 5 - 8 Years Category: Software Development/ Engineering Shift: General (5 Days work from Office) Main location: India, Tamil Nadu, Chennai Position ID: J0725-0243 Employment Type: Full Time Education Qualification: Bachelor's degree in Computer Science or related field or higher with minimum 4 years of relevant experience. Position Description: Works independently under limited supervision and applies knowledge of subject matter in Applications Development. Possess sufficient knowledge and skills to effectively deal with issues, challenges within field of specialization to develop simple applications solutions. Second level professional with direct impact on results and outcome. Your future duties and responsibilities: Write clean, well-designed PHP code. Build efficient, testable, and reusable PHP modules. Design and manage databases (commonly MySQL or PostgreSQL). Write SQL queries and optimize database performance. Work with front-end developers to integrate user-facing elements. Ensure seamless integration between front-end and back-end. Create and consume RESTful or SOAP APIs. Integrate third-party services (e.g., payment gateways, social media logins). Implement data protection and security measures (e.g., input validation, CSRF/XSS protection). Stay updated on PHP security vulnerabilities. Use Git or other version control systems for code management and collaboration. Write unit and integration tests. Maintain clear documentation for code and APIs. Required qualifications to be successful in this role: Must-Have Skills: At least three years’ experience in PHP and with RDBMs Strong knowledge of PHP 8, PHP Frameworks, and web application design patterns Good knowledge of HTML, CSS, and JS Secure Coding Practices OWASP Top 10 security risks and mitigation Software design and architecture skills Experience in working with the following technologies and products PHP 7.3 and 8.2 / 8.3 Zend / Laminas, Symfony MySQL (Optional: MSSQL, Oracle) REST API’s (Optional: Kafka) Cloud Development (Containerization, Docker, Kubernetes, AWS) Git / GitLab, Gerrit, Jenkins, Composer, CI/CD Confluence, Jira Linux HPE Voltage, Splunk Experience in technology and business consultancy Experience in the finance and/or credit card industry Good-to-Have Skills: Additional Languages: German & Polish (beneficial) Knowledge of Agile methodologies CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodation for people with disabilities in accordance with provincial legislation. Please let us know if you require reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs. Skills: Banking MySQL PHPMyAdmin RESTful (Rest-APIs) What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

We are looking for a highly motivated DevSecOps Engineer with 5+ years of hands-on experience in integrating security into the DevOps lifecycle. The ideal candidate will work closely with development, security, and operations teams to ensure our applications and infrastructure are secure, scalable, and efficient from development through deployment. Responsibilities Integrate security best practices into CI/CD pipelines (GitLab, Jenkins, GitHub Actions, etc. Automate security scans (SAST, DAST, dependency checks) and enforce policies. Implement Infrastructure as Code (IaC) using tools like Terraform, CloudFormation, or Ansible. Collaborate with development teams to remediate vulnerabilities and conduct threat modeling. Monitor infrastructure and application security with tools like Wazuh/Ossec or equivalent. Manage secrets and credentials securely using Vault, AWS Secrets Manager, etc. Perform regular security audits and assessments for cloud environments (AWS, GCP, Azure). Improve logging, monitoring, and alerting for security anomalies (e.g, using ELK, Prometheus, Loki, SIEM tools). Stay current on security trends, vulnerabilities, and compliance requirements. Requirements 5 + years of experience in DevOps/Security engineering or a related role. Strong understanding of CI/CD practices with experience automating security checks. Hands-on experience with container security (Docker, Kubernetes, image scanning). Familiarity with cloud platforms (AWS/GCP) and cloud security principles. Experience with tools like SonarQube, OWASP ZAP, Trivy, Checkov, or Snyk. Proficiency in scripting (Python, Bash, or similar). Knowledge of IAM, RBAC, and least privilege principles. Good understanding of network and application security fundamentals. Strong collaboration and communication skills. Preferred Qualifications Certifications : AWS Security, Certified DevSecOps Professional, CEH, or similar. Experience with compliance frameworks (SOC2 ISO 27001 HIPAA, etc. Familiarity with Zero Trust Architecture and Secure SDLC concept. (ref:hirist.tech)

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and facilitating the transition to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Develop and maintain comprehensive documentation of cloud security policies and procedures.- Conduct regular assessments of cloud security controls to ensure effectiveness and compliance. Professional & Technical Skills: - Must To Have Skills: Proficiency in Managed Cloud Security Services.- Strong understanding of cloud security frameworks and best practices.- Experience with risk assessment and management in cloud environments.- Familiarity with compliance standards such as ISO 27001, NIST, and GDPR.- Ability to design and implement security solutions tailored to cloud architectures. Additional Information:- The candidate should have minimum 3 years of experience in Managed Cloud Security Services.- This position is based at our Nagpur office.- A 15 years full time education is required. Qualification 15 years full time education

Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE s as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities Tester must ensure results from scanner are present in VM reporting platforms and visible to approved app users Validation - Supplier will perform manual validation and false-positive analysis on the automated scan results. Remediation Support: The remediation support will analyze the top-rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks. Scan Retest: Supplier will perform revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams. Complex application testing and remediation/mitigation recommendation author Technical leadership of group of less experienced testers. Adversary based approach to test plan development Attempt to access unauthorized data Attempt to make unauthorized changes Bypass business logic, authentication, user privileges, etc.. Hijack accounts (Does not include social engineering methods) Attempt to exploit OWASP Top 10 vulnerabilities EcoSystem Testing All forms of application security testing, attempt to exploit All forms of device security testing, attempt to exploit All forms of database security testing, attempt to exploit Full Stack review, weakness enumer #Cybersecurity Job ID R-73980-1 Date posted 07/04/2025

Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE s as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. During testing process, tester MUST ensure application is not degraded and/or taken out of service due to scanning activities Tester must ensure results from scanner are present in VM reporting platforms and visible to approved app users Validation - Supplier will perform manual validation and false-positive analysis on the automated scan results. Remediation Support: The remediation support will analyze the top-rated vulnerabilities along with provide support to application teams on remediation strategies from identified risks. Scan Retest: Supplier will perform revalidation tests of previously identified critical and high severity vulnerabilities as requested by the client application teams. Complex application testing and remediation/mitigation recommendation author Technical leadership of group of less experienced testers. Adversary based approach to test plan development Attempt to access unauthorized data Attempt to make unauthorized changes Bypass business logic, authentication, user privileges, etc.. Hijack accounts (Does not include social engineering methods) Attempt to exploit OWASP Top 10 vulnerabilities EcoSystem Testing All forms of application security testing, attempt to exploit All forms of device security testing, attempt to exploit All forms of database security testing, attempt to exploit Full Stack review, weakness enumer #Cybersecurity Job ID R-73980 Date posted 07/04/2025